How to Authenticate Your System In New Exalate?

    Last Modified on 04/01/2026 7:28 am EDT

    When setting up a connection in the Exalate Console, you must authenticate with each system you connect. This article covers the authentication method required for each supported system.

    On This Page

    Azure DevOps

    Exalate authenticates with Azure DevOps using a Personal Access Token (PAT) generated for the proxy user.

    Make sure the user generating the PAT belongs to the Project Collection Administrators group. You can check this in Organization Settings → Permissions.

    Generate a Personal Access Token

    1. Sign in to your Azure DevOps organization
      https://dev.azure.com/{yourorganization}
    2. Navigate to User Settings → Personal Access Tokens.
    3. Click New Token
    4. Enter a name for the token, select the organization, and set the expiration date
      Note: Set the longest available expiration period to keep the token valid as long as possible.
    5. Select the following scopes:
    • Work Items (vso.work) READ & WRITE
    • Project and Team (vso.project) READ
    • User Profile (vso.profile) READ
    • Identity (vso.identity) READ
    • Member Entitlement Management (vso.memberentitlementmanagement) READ

    6. Click Create.

    7. Copy the token and store it in a safe place — you will need it in the next step.

    Once you have the token, paste it into the Personal Access Token field in the Exalate connection setup screen and click Check authentication.

    Azure DevOps Server users: The steps above apply to Azure DevOps Service (cloud). For Azure DevOps Server, the navigation may differ slightly, but the required scopes are the same.

    Salesforce

    Exalate authenticates with Salesforce using a Client ID and Client Secret generated from an External Client App in your Salesforce org.

    Step 1: Create an External Client App

    1. Go to Setup → Apps → App Manager and click New External Client App.
    2. Fill in the required fields:
      • External Client App Name
      • API Name
      • Contact Email
    3. Check Enable OAuth Settings and set the Callback URL to:
    4. https://connect.exalate.net/rest/oauth/callback
    5. Under Selected OAuth Scopes, add all available scopes.
    6. Check Require Secret for Web Server Flow
      Note: Do not select Require Proof Key for Code Exchange (PKCE).
    7. Click Create.
      Note: Wait 10–20 minutes after creating the app for the changes to be fully applied.

    Step 2: Enable the Client Credentials Flow

    1. Go to Setup → External Client App Manager.
    2. Select your app and open the Policies tab.
    3. Under OAuth Policies → OAuth Flows and External Client App Enhancements, check Enable Client Credentials Flow and enter the integration user's username in the Run As (Username) field.
    4. Click Save.

    Step 3: Retrieve your Client ID and Secret

    Go to your app's Settings tab. The Consumer Key (Client ID) and Consumer Secret (Client Secret) are generated automatically — no need to create them manually. Once you have both values, enter them in the Client id and Client secret fields in the Exalate connection setup screen and click Check authentication.

    ServiceNow

    Exalate authenticates with ServiceNow using Basic Authentication — a username and password of the ServiceNow user who will act as the proxy user.

    If your ServiceNow instance already has Exalate Classic installed and configured with OAuth, you can import that system into the New Exalate Console with OAuth authentication preserved. See How to Set Up Log In with OAuth Tokens in Exalate for ServiceNow.

    Proxy User

    The account you authenticate with will act as the proxy user — the account Exalate uses to read and write data in your ServiceNow instance. You can authenticate with any ServiceNow user to register the system and update the credentials later via Systems → System Properties.

    We recommend creating a dedicated service account for this purpose. If you do, make sure it has the following roles:

    • import_set_loader
    • import_transformer
    • import_scheduler
    • snc_platform_rest_api_access
    • Member of the ITIL group (or equivalent)

    To allow Exalate to sync comments, also add create, read, and write ACLs on sys_journal_field to the Exalate role.

    For full details, see What Permissions should the Proxy User Have in ServiceNow?

    Authenticate in Exalate

    Enter the user's Username and Password in the Exalate connection setup screen and click Check authentication.

    Zendesk

    Exalate authenticates with Zendesk using OAuth. No credentials need to be generated in advance.

    In the Exalate connection setup screen, click Connect with Zendesk. A pop-up will open asking you to sign in to your Zendesk instance and allow Exalate access. Once you click Allow, the pop-up closes, and authentication is confirmed.

    Jira Cloud

    Exalate authenticates with Jira Cloud using OAuth 2.0.

    After entering your system name and system URL, Exalate will prompt you to authorize access to your Jira Cloud instance. Click Connect with Jira Cloud to proceed. A Jira authentication page will open. Sign in and, when prompted, select the Jira instance you want to connect with Exalate from the dropdown list. Make sure this matches the URL you provided in the previous step. Once authentication is successful, you will be redirected back to Exalate.

    OAuth 2.0 provides basic synchronization functionality. If you need advanced features such as comment impersonation or sprint synchronization, you will need to install the Forge app for Exalate for Jira (Forge Extension). An admin role in Jira is required for this extension.  See Enable the Forge Extension for Jira Cloud for Advanced Use Cases for instructions.


    Freshdesk

    Exalate authenticates with Freshdesk using an API Token.

    The Agent role in Freshdesk is sufficient to generate an API token and for Exalate to perform ticket-related actions.

    Generate an API Token in Freshdesk

    1. Log in to your Freshdesk instance.
    2. Click your profile picture in the top-right corner of the dashboard.
    3. Go to Profile Settings and locate the API Key section on the right pane.
    4. Click View API Key, complete the CAPTCHA, and copy the key.

    For full details, see How To Find Your API Key.

    Once you have the token, paste it into the API Token field in the Exalate connection setup screen and click Check authentication.


    Freshservice

    Exalate authenticates with Freshservice using an API Key.

    Generate an API Key

    1. Log in to your Freshservice instance.
    2. Click your profile picture in the top-right corner of the dashboard.
    3. Go to Profile Settings and locate the Your API Key section on the right pane.
    4. Click Show API Key and copy the key.
    5. Once you have the key, paste it into the API Key field in the Exalate connection setup screen and click Check authentication.

    Enable API Access (Account Admin)

    Only users with an Agent role and API access permissions enabled can generate an API key. If API access is not enabled, an Account Admin must configure this first:

    1. Go to Admin.
    2. Under User Management, select Roles.
    3. Select the relevant agent.
    4. Open the Permissions tab on the agent profile page.
    5. Enable the API Key toggle.

    For full details, see  Where do I find my API key?

    Asana

    Exalate authenticates with Asana using a Personal Access Token.

    Generate a Personal Access Token

    1. Click your profile picture in the top-right corner.
    2. Select Settings.
    3. Go to the Apps tab.
    4. Click Manage Developer Apps.
    5. Click Create New Personal Access Token and give it a descriptive name.
    6. Copy the token immediately — it will not be shown again.

    For full details, see Personal Access Token.

    Once you have the token, paste it into the Personal Access Token field in the Exalate connection setup screen and click Check authentication.



    Related Articles

    Product
    Resources
    Still need help?
    Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.