Salesforce integration

There are several tasks that you need to complete to integrate Identity Security Posture Management (ISPM) with your Salesforce tenant:

Add ISPM IPs to your Trusted IP Range

For the integration to succeed, you must have the ISPM IP addresses 13.52.68.184 , 54.193.209.206 , 13.57.96.208 , and 184.72.14.192 in your trusted IP range.

  1. From the left menu, go to Settings Security.

  2. Click Network Access. The Trusted IP Range page opens.

  3. Create a rule for each of the IPs above:

    1. Click New.

    2. Set the IP as the Start IP Address and the End IP Address.

    3. Add a description. For example, ISPM IP number 1.

  4. Repeat steps 1 - 3 for each ISPM IP address.

Create a permission set

  1. In your Salesforce tenant, go to SettingsSetup.

  2. In ADMINISTRATION, select Users Permission Sets. The Permission Sets page opens.

  3. Click New. The Create screen opens.

  4. In the Enter permission set information section, enter ISPM SFDC integration permission as the Label.

  5. Optional. Enter a description.

  6. In the Select the type of users who will use this permission set section, set the License to None.

  7. Click Save.

  8. Scroll down to the System section and select System Permissions. The ISPM SFDC integration permission page opens.

  9. Click Edit to modify system permissions.

  10. Select the following system permissions:

    System permission Notes
    API Enabled Select this checkbox to access any Salesforce.com API.
    View Setup and Configuration The View Roles and Role Hierarchy permission is selected automatically.
    View All Data The following permissions are selected automatically:
    • Read and View All on all standard and custom objects
    • View Setup and Configuration
    • View Event Log Files
    • View Dashboards in Public Folders
    • View Reports in Public Folders
    • View Login Forensics Events
    • View Real-Time Event Monitoring Data
    Manage Multi-Factor Authentication in API The following permissions are selected automatically:
    • Manage Users
    • Reset User Passwords and Unlock Users
    • View All Users
    • Manage Profiles and Permission Sets
    • Assign Permission Sets
    • Manage Roles
    • Manage IP Addresses
    • Manage Sharing
    • View Setup and Configuration
    • Manage Internal Users
    • Manage Password Policies
    • Manage Login Access Policies
    • Manage Multi-Factor Authentication in User Interface

  11. Select the following user permissions:

    • View All Profiles

  12. Click Save. The Permission Changes Confirmation screen opens.

  13. Review the permissions that you selected and click Save.

Assign the permission set

  1. In your Salesforce tenant, go to SettingsSetup.

  2. In ADMINISTRATION, select Users Users.

  3. Select a user account that you want to use for the ISPM integration. This account must have Salesforce as its user license.

  4. Go to the Permission Set Assignments section.

  5. Click Edit Assignments.

  6. Find and select the Identity Security Posture Management SFDC integration permission set.

  7. Click Add.

  8. Ensure that it appears in the Enabled Permission Sets section.

  9. Click Save.

Download the server file

  1. In the Identity Security Posture Management console, go to SettingsConnected sources.

  2. Select Salesforce.
  3. Click Download server.crt.

Create an OAuth app

  1. In your Salesforce tenant, go to SettingsSetup.

  2. Under PLATFORM TOOLS, select AppsApp Manager.

  3. Click New Connected App.

  4. Click Create a Connected App.

  5. In the Basic Information section, enter a name for the new app (for example, ISPM SFDC Integration).

  6. Enter support@spera.security as the Contact Email.

  7. In the API (Enable OAuth settings) section, select the Enable OAuth settings checkbox.

  8. Enter http://localhost:1717/OauthRedirect as the Callback URL.

  9. Select the Use digital signatures checkbox.

  10. Click Choose file and upload the server.crt file that you downloaded earlier from the Identity Security Posture Management console.

  11. Add the following OAuth scopes:

    • Manage user data via APIs (api)

    • Manage user data via Web browsers (web)

    • Perform requests at any time (refresh_token, offline_access)

  12. Verify that the Require Secret for Web Server Flow and Require Secret for Refresh Token Flow checkboxes are selected.

  13. Click Save.

Copy the consumer key

  1. In the API (Enable OAuth settings) section, click Manage Consumer Details.
  2. Copy the Consumer Key value that appears and store it safely.

Configure policies

  1. Go back to the tab with the app info and click Manage.
  2. Click Edit Policies.
  3. In the OAuth Policies section, set the Permitted Users as Admin approved users are pre-authorized.
  4. Check that IP Relaxation is set as Enforce IP restrictions.
  5. Set the Refresh Token Policy as Expire refresh token if not used for and set the timer to 90 days.
  6. In the Session Policies section, set the Timeout Value to 15 minutes.
  7. Click Save.

Assign the permission set to a profile

  1. On the connected app's tab, scroll down to the Profiles section.
  2. Select the system admin or standard user profile that matches the one that's assigned to the ISPM integration account.
  3. Click Save.
  4. In the Permissions Sets section, click Manage Permission Sets.
  5. Select the ISPM SFDC integration permission set that you created earlier.
  6. Click Save.

Share the parameters with ISPM

  1. In the Identity Security Posture Management console, go to SettingsConnected sources.

  2. Select Salesforce.
  3. Enter the username of the user that you assigned to the permission set.
  4. Enter the consumer key that you copied earlier.
  5. Click Submit.