Skip to main content

CollectorsCloud Collectors Administration Guide

Prerequisites to Configure the Salesforce Cloud Collector

Before you configure the Salesforce Cloud Collector, complete the following prerequisites:

Create User Profiles

In Salesforce, profiles define users’ access to objects and data, and tasks allowed to the user within the application. If you create a user in Salesforce, you must assign a profile to the user. Create a user profile specifically for the cloud connector.

To create a user profile in Salesforce:

  1. Log in to the Salesforce console as an administrator.

  2. Click Setup.

  3. Navigate to Administration > Users > Profiles.

  4. Click New Profile.

  5. Select an existing profile that you want to clone from the list.

  6. Specify a name for the profile in the Profile Name box.

  7. Click Save. If you want to assign the required permissions to the profile, scroll down to System Permissions. If you want to assign existing users or a new user to this profile, click Assigned Users.

    Note

    For more information about creating user profiles in Salesforce, see Salesforce Documentation.

Assign Permissions to User Profile

After you create a user profile in Salesforce, you can manage access rights in your organization by assigning permission sets to the user profile. System permissions control a user’s ability to perform tasks within Salesforce.

To assign permissions to a user profile:

  1. Log in to the Salesforce console as an administrator.

  2. Navigate to Setup > Administration > Users > Profiles.

  3. Select the profile that you want to edit.

  4. Click System Permissions.

  5. Click Edit.

  6. In the list of permissions, select the following permissions:

    • API Enabled

    • Manage Users

    • View All Data

    • View Setup and Configuration

    • View Event Log File

  7. Click Save.

    Note

    You can control login access by specifying a range of allowed IP addresses for a particular profile. The Salesforce user that you created for the Exabeam connector must log in from the Exabeam platform IP address. If you restrict the IP address for a profile, the user with that profile cannot log in from any other IP address. Make sure that you assign a profile with IP range restriction only to the Salesforce user that you created for the Exabeam connector and not to any other Salesforce user. For more information, see Restrict Login IP Addresses.

Create a User in Salesforce

The Exabeam Cloud Connectors platform uses user information to integrate with Salesforce cloud application APIs. Creating a user account specifically for the cloud connector ensures better visibility and security.

To create a Salesforce user:

  1. Log in to the Salesforce console as an administrator.

  2. Navigate to Setup > Administration > Users > Users.

  3. Click New User.

  4. Specify a user name and enter other details. Ensure that you assign a role, profile, and user license to the new user. You can assign any role to the user. The user license must match the license assigned to a user profile that you selected for the new user. For more information, see Add a New user.

  5. To obtain a user password, select the Generate new password and notify user immediately checkbox.

  6. Click Save.

    The User Details page displays the details you entered. Note the password that Salesforce emailed you. If you want to reset the password, on the User Details page, click Reset Password. Salesforce sends an email to the user’s email address with a link to reset the password. Reset the password using the link that you received on your email address. Note the username and password of the Salesforce user that you created. You will need the username and password when you configure the Salesforce Cloud Connector on the Exabeam Cloud Connectors platform.

Add Accounts for Salesforce Cloud Collectors

To set up a shareable account for Salesforce, ensure that you complete the following steps.

  1. Configure a connected app in Salesforce for the OAuth 2.0 client credentials flow. Ensure that you select the Enable Client Credential Flow option while creating the connected app.

  2. Obtain the consumer key and consumer secret after creating the connected app. For more information, see Create a Connected App in the Salesforce documentation.

  3. Add a shareable account for the Salesforce service in Cloud Collectors.

Configure a Connected App

To create a connected app, refer to the following information.

  1. In Setup, in the Quick Find box enter Apps, and select App Manager.

  2. Click New Connected App and complete the basic set up. For more information see Configure Basic Connected App Settings in the Salesforce documentation.

  3. Configure the required OAuth settings for the connected app.

    OAuth_settings.png
  4. Enable the client credentials flow for your connected app.

    After you save the changes, the connected app is saved in the App Manager.

    For more information, see Configure a Connected App for the OAuth 2.0 Client Credentials Flow in the Salesforce documentation.

  5. Select an execution user for the flow.

    1. On the connected app detail page, click Manage.

    2. Click Edit Policies.

    3. Under Client Credentials Flow, in the Run As search box, find the user that you want to assign the client credentials flow. Ensure that this is the same user that you created as Salesforce user by accessing SetupAdministration > Users > Users as explained in the Create a User in Salesforce section.

    4. Save the changes.

      For more information, see Configure a Connected App for the OAuth 2.0 Client Credentials Flow in the Salesforce documentation.

Obtain the Consumer Key and Consumer Secret

To obtain the consumer key and secret, refer to the following steps.

  1. After you configure a connected app in Salesforce, navigate to Apps > App Manager.

  2. Click View for the connected app that you created.

  3. In the API (Enable OAuth Settings) section, click Manage Consumer Details and note the consumer key and consumer secret.

    salesforce_keys_1_-_Copy.png

Add a shareable account in Cloud Collectors

Set up a shareable account for the Salesforce service in Cloud Collectors.

  1. Log in to the New-Scale Security Operations Platform with your registered credentials as an administrator.

  2. Navigate to Collectors > Cloud Collectors.

  3. Click Accounts, then click New Account.

    Account1.png
  4. In the Add a New Account page, enter the required information.

    Salesforce_account.png
    • VENDOR – Select the vendor as Salesforce.

    • NAME – Specify a name for the Salesforce account.

    • API HOSTNAME – Enter the hostname. For example, https://myCompany.my.salesforce.com.

    • CONSUMER KEY – Enter the consumer key that you obtained while creating the connected app in Salesforce.

    • CONSUMER SECRET – Enter the consumer secret that you obtained while creating a connected app in Salesforce.

  5. Click Save.

  6. Proceed to Onboard Cloud Collectors to configure your Salesforce Cloud Collector, such as Salesforce cloud collector.