Salesforce Integration
07/2023
Overview
The Oort identity security platform can integrate with your Salesforce instance or instances to capture user account activity. This is valuable in particular for the following reasons -
Identifying unused Salesforce accounts and reducing unnecessary licensing cost
Review Salesforce authentication activity and maintain security compliance
Detect unauthorized access or use of your Salesforce platform
Requirements
The following things are required to configure Salesforce integration with Oort:
A Salesforce admin account
If access to Salesforce by API is restricted by IP address, please coordinate with your Oort representative or contact support@oort.io.
Salesforce API Limits
The Oort integration for Salesforce will monitor API usage against your Salesforce tenant's daily limit. If the Oort detects that the API utilization is within 75% of the Salesforce tenant daily quota, Oort will stop any further collection for that day and resume the following day.
Salesforce Configuration
Step 1 - Create API Only User Account
The first step in the process is to create an API only user for integration purposes using the Salesforce documentation. Please note:
Step 2 - Set up a Connected App
Create Connected App
In Salesforce set up go to Apps --> App Manager and click New Connected App
Fill in the connected app details, such as Name, Contact email, etc.
Check Enable OAuth Settings
Fill in the Callback URL: https://localhost:3000/test/ The Oort API integration does not use an redirects and does not need a functioning callback URL for that purpose.
Add Manage user data via APIs scope.
Uncheck Require Secret for Web Server Flow and Require Secret for Refresh Token Flow
Check Enable Client Credentials Flow
Accept the warning:
Click Save. Click Continue if you see the warning: "Changes can take up to 10 minutes to take effect. Deleting a parent org also deletes all connected apps with OAuth settings enabled."
Get Key and Secret
Go back to the App Manager, find the app, Click the Down Arrow and then then View:
Click "Manage Consumer Details" and go through email two-factor authentication (2FA)
Copy the Key and Secret to a temporary location or a key vault of your preference.
Assign to API user
Go back to the App Manager, find the app, Click the Arrow then Manage:
Click Edit Policies
At the bottom, under Client Credentials Flow, click the Search button and select the API user.
Click Save
Find your Salesforce URL and save it for use in the next section. This will be under Company Settings -> My Domain.
Step 3 - Oort Dashboard Configuration
Login to your Oort Dashboard and go to the Integrations tab
Click on Add Integration
Click on Add Integration under Salesforce
Fill in the details for the Salesforce Integration. Enter the values saved from earlier on in the Salesforce setup:
Display Name
Salesforce URL
Consumer Key
Consumer Secret
Click Save. You will now have a new integration listed on the Integrations page.
For more details, click on integration name for details.
If you see βConnected!β everything is working.
Initial data collection may take up to 24 hours, depending on the size of the environment. Please reach out to your Oort representative or support@oort.io with any questions.
Last updated