Comment on page
The Oort identity security platform can integrate with your Salesforce instance or instances to capture user account activity. This is valuable in particular for the following reasons -
- Identifying unused Salesforce accounts and reducing unnecessary licensing cost
- Review Salesforce authentication activity and maintain security compliance
- Detect unauthorized access or use of your Salesforce platform
The following things are required to configure Salesforce integration with Oort:
- A Salesforce admin account
- Licensing - a user account with Salesforce edition of Enterprise or above, due to the requirement for the Web Services API. Developer edition and other lower tier editions will not work for this integration, as the API Only User option is required for the necessary credential flow, and that setting doesn't exist in those tiers.
The Oort integration for Salesforce will monitor API usage against your Salesforce tenant's daily limit. If the Oort detects that the API utilization is within 75% of the Salesforce tenant daily quota, Oort will stop any further collection for that day and resume the following day.
- 1.The first step in the process is to create an API only user for integration purposes using the Salesforce documentation. Please note:
- As noted in the Salesforce KB article above, we recommend the user and permission set (if used) have at least a Salesforce license.
- The Profile or Permission Set must have API Enabled and API Only User checked in the System Permissions area.
- Manage Users permission under the User section is required to collect Login History of all users. Enabling this setting will automatically check a number of other related permissions
- 1.In Salesforce set up go to Apps --> App Manager and click New Connected App
- 2.Fill in the connected app details, such as Name, Contact email, etc.
- 4.Check Enable OAuth Settings
- 6.Add Manage user data via APIs scope.
- 7.Uncheck Require Secret for Web Server Flow and Require Secret for Refresh Token Flow
- 8.Check Enable Client Credentials Flow
- 9.Accept the warning:
- 10.Click Save. Click Continue if you see the warning: "Changes can take up to 10 minutes to take effect. Deleting a parent org also deletes all connected apps with OAuth settings enabled."
- 11.Go back to the App Manager, find the app, Click the Down Arrow and then then View:
- 12.Click "Manage Consumer Details" and go through email two-factor authentication (2FA)
- 13.Copy the Key and Secret to a temporary location or a key vault of your preference.
- 14.Go back to the App Manager, find the app, Click the Arrow then Manage:
- 15.Click Edit Policies
- 16.At the bottom, under Client Credentials Flow, click the Search button and select the API user.
- 17.Click Save
- 18.Find your Salesforce URL and save it for use in the next section. This will be under Company Settings -> My Domain.
- 1.Login to your Oort Dashboard and go to the Integrations tab
- 2.Click on Add Integration
- 3.Click on Add Integration under Salesforce
- 4.Fill in the details for the Salesforce Integration. Enter the values saved from earlier on in the Salesforce setup:
- 5.Click Save. You will now have a new integration listed on the Integrations page.
- 6.For more details, click on integration name for details.
- 7.You can also click the 3-dot menu drop-down and click Test Connectivity to test the API connectivity with Salesforce
- 8.If you see “Connected!” everything is working.
- 9.Now click the Salesforce integration bar again and click Collect Now to begin the first data collection.