Salesforce

1. About this document

This document provides step-by-step instructions to configure a Salesforce account in SAFE.

2. Introduction

This integration allows you to onboard a Salesforce account in SAFE. Once the connection is established, SAFE fetches the security misconfigurations of the configured account.

3. Prerequisites

A user with a system administrator role in Salesforce is required to create and authorize the connected app.

4. Create a connected application and generate connection details

You must create a Connected App in the Salesforce account first with the following OAuth settings:

• Manage user data via APIs (api)
• Perform requests at any time (refresh_token, offline_access).

Follow the below step-by-step instructions to create a connected app:

1. Log in to Salesforce as an administrator.
2. In the drop-down list of the account (in the upper-right corner), click Setup.
3. In the left-hand pane, click Create > App under Build.
4. Scroll down on the Apps page to find the "Connected Apps" pane.
5. In the Connected Apps pane, click the New button.
6. Under the Basic information, enter the Connected App Name, API Name, and Contact Email.
   1. Connected App Name
      Example: SAFE_SFDC
   2. Contact Email
7. Under API (Enable OAuth Settings), mark the Enable OAuth Settings checkbox.
8. Enter the below Callback URL
   <BASE_URL of SAFE>/api/v3/saas-apps/auth-code
9. Select the following under OAuth scopes:
   1. Manage user data via APIs (api)
   2. Perform requests at any time (refresh_token, offline_access)
10. Click the Save button.
    Note: The system may take 2 to 10 minutes to reflect the connected app on the server.
    
11. Once the Connected App is created, it will be available under the Connected Apps pane. Go to the Connected Apps pane and click the newly created SAFE_SFDC Connected App.  
12. Click the Manage Consumer Details button available under API (Enable OAuth Settings). The system displays the Consumer Key(Client ID) and Consumer Secret(Client Secret).
13. Copy and Save the Consumer Key(Client ID) and Consumer Secret(Client Secret) to use it while configuring Salesforce in SAFE in the next section.

    Alternatively, you can open SAFE in a new tab, go to the Salesforce configuration page and enter the connection details in their respective field.

    

5. Configure Salesforce in SAFE

1. Navigate to the SAFE Hooks > Salesforce configuration page.
2. Enter the connection details (Instance URL, Client ID, and Client Secret) generated in section 4.
   
3. Under the Get Authorization URL section, click the Open URL button. You can also copy the URL and open it in a new tab.
4. Clicking the Open URL button, you will be redirected to the Authorization URL page, where the system displays an authorization code. Copy the authorization code.
5. Enter the authorization code on the Salesforce configuration page in SAFE.
6. Click the Save button.

6. View Result

1. On the Salesforce configuration page in SAFE Hooks, click the Sync Now button to assess the onboarded Salesforce account.
2. The account, once saved, will get assessed once per day as per the scheduled scan time. This is set to a pre-set time of 24 Hrs.
3. Once the sync is complete, you can view the Salesforce assessment results.
   To view the result:
   1. Go to the Risk Scenario page and click the GroupRisk tab.
   2. Click the Cloud SaaS Applications Risk.
   3. Scroll down and click the AttackSurface view.
   4. Here you can search for the Salesforce asset.
   5. Clicking the Salesforce asset from the list, you will be redirected to the controls page, where you can see the controls and their status.

7. SAFE's Outgoing IP Addresses

Click here to find the outgoing IP addresses of SAFE. All traffic to any integrations in SAFE will see one IP address as the source IP of the incoming connection.