Skip to main content

Integrate with Salesforce

Follow this step-by-step guide to allow SlashID to monitor and protect your Salesforce organization. This integration enables SlashID to track users, permissions, connected & external client apps, and security events across your Salesforce environment.

Before starting

Before starting, ensure you have:

  • System Administrator privileges in your Salesforce organization
  • Access to create External Client Apps in Salesforce
  • Access to create Permission Sets in Salesforce
  • Access to create Users in Salesforce
  • Access to assign Permission Sets to Users in Salesforce

Step 1: Create a Permission Set

  1. Go to Setup -> search Permission Sets -> click New
  2. Fill in:
    • Label: SlashID Identity Protection
    • License: Salesforce API Integration
  3. Click Save

Step 2: Configure System Permissions on the Permission Set

Open the permission set you just created -> System Permissions -> Edit.

Then enable:

  • View Setup and Configuration
  • Manage Connected Apps
  • View all External Client Apps
  • View All Data
  • Run Reports
  • View Reports in Public Folders
  • View Dashboards in Public Folders
  • View Roles and Roles Hierarchy
  • View Event Log files
  • View All Users
  • View All profiles
  • Monitor Login
  • Manage Users

Click Save

Step 3: Create the Integration User

  1. Go to Setup -> Users -> New User
  2. Fill in:
    • Last name: SlashID Identity Protection
    • Email: a monitored email address (recieves a verification email)
    • User License: Salesforce Integration
    • Profile: Minimum Access - API Only Integrations
    • Other fields should auto complete
  3. Click Save
  4. Note the integration users Username, this will be used later.
  5. Take the time now to verify this user by completing the verification step via your email inbox.

Step 4: Assign the Permission Set to the User

  1. Go to the users detail page: Setup -> Users -> Click SlashID Identity Protection
  2. Find Permission Set Assignments -> Edit
  3. Move the SlashID Identity Protection permission set to Enabled Permission Sets
  4. Click Save

Step 5: Create External Client App

  1. Go to Setup -> External Client App Manager -> New External Client App
  2. Fill in:
    • External Client App Name: SlashID Identity Protection
    • Contact email: a monitored email address
  3. Check: Enable OAuth under Open API (Enable OAuth Settings)
  4. Fill in:
    • Callback URL: https://api.slashid.com/nhi/connections/authorize/oauth-callback
  5. Move the following to Selected OAuth Scopes:
    • Access the identity URL service (id, profile, email, address, phone)
    • Manage user data via APIs (api)
    • Full access (full)
    • Perform requests at any time (refresh_token, offline_access)
    • Access unique user identifiers (openid)
  6. Check: Enable Client Credentials Flow under Flow Enablement
  7. Click Create

Step 6: Set the Client Credentials Flow "Run As" User

  1. Go to Setup -> External Client App Manager -> SlashID Identity Protection
  2. Under Policies tab, click Edit
  3. Check: Enable Client Credentials Flow under OAuth Policies -> OAuth Flows and External Client App Enhancements
  4. Enter the integration users Username from Step 3.
  5. Click Save

Step 7: Get your Consumer Key and Consumer Secret

  1. Go to Setup -> External Client App Manager -> SlashID Identity Protection
  2. Under Settings tab, expand OAuth Settings
  3. Click Consumer Key and Secret
  4. Complete the verification flow, and you'll find the Consumer Key and Consumer Secret

Step 8: Create Your Salesforce<>SlashID Integration

  1. Go to the SlashID Console -> Identity Protection -> Configuration -> Data sources.
  2. Click Add data source
  3. Select Salesforce from the list of providers in the select menu
  4. Enter your Salesforce connection details:
FieldDescriptionExample
Name of the connectionArbitrary name you give to this connectionSalesforce Production
Authoritative statusDecide whether Salesforce identities are the primary source of truth when reconciling identities across providersPrimary or Secondary
Instance URLYour Salesforce My Domain URLhttps://yourcompany.my.salesforce.com
Login URLYour Salesforce My Domain URL (must be the same for client credentials flow)https://yourcompany.my.salesforce.com
Authentication methodChoose Client CredentialsClient Credentials
Consumer KeyConsumer Key from your External Client App3MVG9...
Consumer SecretConsumer Secret from your External Client AppYour consumer secret
  1. Click Connect to complete the integration.