This document is intended as an additional reference for allowing S-Docs Jobs to be run as a specified user. Click here for the complete guide to automating S-Docs with S-Docs Jobs.

Running S-Docs Jobs as any user is simple; getting Salesforce to allow this, however, is a bit more work. This document discusses how you can get Salesforce to allow you to run S-Docs Jobs as another user; please see the above documents for steps on actually running S-Docs as a specified user. This setup uses JWT Bearer assertion flow to run as any user without preauthorization. The steps include adding remote site settings, creating a connected app, and linking the app details to S-Docs via a custom settings entry.

Video Tutorial

Step 1: Create Remote Site Settings

To begin, navigate to Setup > Security Controls > Remote Site Settings

  1. Click New Remote Site. For Remote Site Name, enter whatever you'd like. For Remote Site URL, enter:
    • For production:
    • For sandbox:
  2. Click New Remote Site. For Remote Site Name, enter whatever you'd like. For Remote Site URL, enter the URL for your own Salesforce instance (You can copy+paste this from your address bar, e.g. or In the URL, note that the number after na or cs will vary).
  3. If you are using S-Docs with Communities with a custom domain, you should add a new remote site for your custom domain as well.

Step 2: Configure Salesforce Connected App

    1. Create Certificate. Go to Setup > Security Controls > Certificate and Key Management
      1. Click "Create Self Signed Certificate." Name it SDocsCert. Click Download Cert, as we will use this later.
    2. Create Connected App. Navigate to SetupBuildCreateApps, Scroll down to Connected Apps, Click New.
      1. Fill in the required fields as such: Connected App Name: Sdocs Connected Apps, API Name: Sdocs_Connected_Apps, Contact Email:
      2. Check API (Enable OAuth Settings), and set Callback URL to:
        • For production:
        • For sandbox:
      3. Check Use digital signatures, and upload the saved Cert from step 1.
      4. Select the following OAuth scopes and click the Add button: Perform requests on your behalf at any time, Access and manage your data, Access and manage your Chatter data.
      5. Save.
      6. Navigate to Setup > Build > Create > Apps, Click Manage link next to app.
        • Click Edit and then set Permitted Users to Admin approved users are pre-authorized.
        • Set IP restrictions per your corp policy.
        • Set refresh Token is valid until revoked.
        • Save your changes.
        • Under the Profiles section, add All user profiles that will generate documents and save your changes.

Step 3: Create Custom Setting Entries

  1. Go to Setup > Build > Develop > Custom Settings. Click Manage link next to SDocsSettings entry.
  2. Click New.
    • Enter Name: SDocsSettings.
    • ConnectedAppCertificateName is SDocsCert (from the Create Certificate step).
    • ConnectedAppConsumerKey - copy/paste this from app info (go to Setup > Create > Apps, click on SDocs Connected App Link, and copy the consumer key field).
    • ConnectedAppLoginURL:
      • For production:
      • For sandbox:
    • ConnectedAppUserName – set this to a default valid username (which is an email address format) that will be used as a backup if the provided username is not found or not valid.

Step 4: Configure Process Builder

For the Process Builder that you are going to use with Run As User/Connected Apps you will need to add one additional field. Please refer to the "Using S-Docs Jobs with Process Builder" section in this article.

  1. To add an additional field select Add Row.
  2. Select Field Run As User.
  3. Type = String; Value = Username of the admin to be used as the running user.

Upon completion, you should be able to invoke the call using any username. To verify the process, you can go to:
Setup > Administrations Setup > Monitoring > Apex Jobs.

If you require additional error handling, this should be done within your own code base.

My Self-Signed Certificate is Expiring Soon!

Several months after setting this up, you may get an email from Salesforce informing you that your self-signed certificate expired. If that is the case, you can follow the steps below to renew your certificate. We recommend doing this after hours.

1. Go to Setup > Administer > Security Controls > Certificate and Key Management.
2. Click Delete for SDocsCert.
3. Click Create Self-Signed Certificate.
4. Set Label to SDocsCert.
5. Set Unique Name to SDocsCert.
6. Click Save.
7. Click Download Certificate.
8. Go to Setup > Build > Create > Apps.
9. Scroll down to Connected Apps section.
10. Click Edit next to Sdocs Connected Apps.
11. Scroll down to Use digital signatures.
12. Click Choose File and select the previously downloaded certificate.
13. Click Save.
14. It may take several minutes for the new certificate to take affect.
15. Confirm that everything is working (test SDJobs with Mass Merge).


If you performed this setup but your S-Docs Jobs are stuck at 10%, please try the following:

  • Navigate to Setup > Custom Settings > SDocsSettings > Manage > SDocsSettings > Edit, and set ConnectedAppTokenUrl to the URL domain seen in your browser's URL bar when you're on the "home" page in Classic. Additionally, set the ConnectedAppLoginURL to one of the following:
    • Production:
    • Sandbox:
  • Navigate to Setup > Connected Apps > SDocs Connected Apps > Profiles, and verify that the profiles of the following users are added to the app's permitted profiles list:
    1. The user who inserted the job
    2. The 'Run As User'
  • Go to Setup > Remote Site Settings and verify that there are entries for the appropriate Salesforce production/sandbox URL and the customer’s home URL (Salesforce Classic). Additionally, verify that these entries are active.
  • Make sure the user's profile has the Apex REST Services permission checked.