Axonius Documentation
Start typing to search…

Salesforce

Salesforce is a customer relationship management solution that gives a single, shared view of every customer.

Use Cases the Adapter Solves

The Salesforce adapter can be used for:

  • User management - Review users’ statuses, permissions, and activity. identify gaps in offboarding users and in user access levels.
  • Security management - Find misconfigurations that pose security and compliance risks.
  • Cost optimization - Identify cost optimization opportunities.

Asset Types Fetched

Devices | Users | Application Extensions | Admin Managed Extensions | User Initiated Extensions | Application Add-On | Roles | Groups | Licenses | Application Settings | Application Extension Instances | Admin Managed Extension Instances | User Initiated Extension Instances | Application Add-On Instances | Application Keys | Activities | SaaS Applications | Organizational Units | Accounts/Tenants | Application Resources

Some asset types require to enable specific advanced settings to fetch them.

APIs

Axonius uses the Salesforce API.

Authentication Methods

To connect to the Salesforce adapter, choose between the following authentication flows. Each flow can be used to fetch all asset types.

  • Client Credentials Flow
  • Username-Password Flow

Permissions

📘

Note

Only a System Administrator can configure permissions in Salesforce.

General

Navigate to Setup > Users > Permission Sets (or Profiles), and assign the following permissions:

  • Every permission listed in the General User section starting with the word "View" except for View Encrypted Data

  • Lightning Experience User

  • API Enabled

    📘

    Note

    The API Enable permission is required even if you're using Bulk API. Note that some organizations might require specific Bulk API permissions for large-scale data sets and operations.

  • Manage IP addresses

  • Manage Login Access Policies

  • Manage Password Policies

  • Manage Profiles and Permissions Sets

  • Manage Roles

  • Manage Sandboxes

  • Manage Sharing

  • View All Profiles

  • View All Users

  • Apex REST Services

  • Manage Users

  • Manage Connected Apps

  • Modify Metadata Through Metadata API Functions

  • Customize Application

  • Is Single Sign-On Enabled

  • Use Any API Client (might be required if you're not using an admin-approved, allow-listed app)

Special Permissions

Some data types require additional, specific permissions. Assign the following permissions if these data types are relevant to you:

  • View Event Log Files: required to fetch event monitoring data.
  • Query All Files: required to search and fetch all files (Content) across the organization, regardless of individual sharing.
  • View Setup and Configuration: required to fetch metadata or information about the organization structure.
Fetching Application Settings and Licenses

Additional permissions are required to fetch these asset types.

  • The Salesforce user created for Axonius must have the System Permission Level.

  • In Salesforce, configure the following:

    1. Go to Administration, expand the Users tab and select Permissions Sets.
    2. Disable Access Salesforce.com only through a Salesforce.com API.
    📘

    Note

    While to access Application Settings data you need to grant roles and/or permissions that include write capabilities, the adapter only actually reads from the application.

Summary of Adapter Setup

To successfully deploy the adapter in Axonius, follow these steps:

  1. In Salesforce:
    1. Enable delegated authentication in your Salesforce environment.
    2. Set up authorization.
    3. Manage API Access and ensure the Salesforce user created for Axonius has the API Access Administrator role.
    4. Create a User Account and a User Profile with the appropriate permissions to fetch assets.
    5. Configure Axonius as an External Client App.
    6. Retrieve the Consumer Key and Consumer Secret, required for authentication.
  2. In Axonius:
    1. Connect the adapter using the Client Credentials or Username-Password flow.
    2. Test your credentials to make sure they work for fetching Salesforce data.
    3. (Optional) Configure the adapter's Advanced Settings according to the asset types you want to fetch.

See detailed instructions for each step on the next pages:

Salesforce Permissions

Deploying the Salesforce Adapter in Axonius

Salesforce Advanced Settings

Salesforce Enforcement Actions

Updated 22 minutes ago