Skip to main content

Integrate with Salesforce

Follow this step-by-step guide to allow SlashID to monitor and protect your Salesforce organization. This integration enables SlashID to track users, permissions, connected apps, and security events across your Salesforce environment.

Before starting

Before starting, ensure you have:

  • System Administrator privileges in your Salesforce organization
  • Access to create Connected Apps in Salesforce
  • Understanding of OAuth 2.0 client credentials flow

SlashID will monitor your entire Salesforce organization, including users, profiles, roles, permission sets, connected apps, and security events.

Step 1: Create a Connected App in Salesforce

  1. Log in to your Salesforce organization as a System Administrator.

  2. Navigate to Setup > Apps > App Manager (or use Quick Find to search for "App Manager").

  3. Click New Connected App in the top-right corner.

  4. Fill out the Basic Information section:

    • Connected App Name: SlashID Identity Protection
    • API Name: SlashID_Identity_Protection (auto-populated)
    • Contact Email: Your admin email address
    • Description: Connected app for SlashID identity protection and security monitoring

Step 2: Configure OAuth Settings

  1. In the API (Enable OAuth Settings) section:

    • Check Enable OAuth Settings
    • Callback URL: https://console.slashid.dev/oauth/callback (this is a placeholder URL as we use client credentials flow)
    • Selected OAuth Scopes: Add the following scopes by selecting them and clicking Add:
      • Access the identity URL service (id, profile, email, address, phone)
      • Access unique user identifiers (openid)
      • Full access (full)
      • Perform requests at any time (refresh_token, offline_access)

  2. Additional OAuth Settings:

    • Check Enable Client Credentials Flow
    • Client Credentials Flow Run User: Select a dedicated admin user or system user that will be used for API access

  3. Click Save to create the Connected App.

note

It may take 2-10 minutes for the Connected App to be activated by Salesforce.

Step 3: Retrieve OAuth Credentials

  1. After the Connected App is created and activated, go back to Setup > Apps > App Manager.

  2. Find your SlashID Identity Protection app and click the dropdown arrow, then select View.

  3. In the API (Enable OAuth Settings) section, copy the following values:

    • Consumer Key (this is your Client ID)
    • Consumer Secret (click Click to reveal and copy the Client Secret)

For enhanced security, you can create a dedicated Permission Set for the SlashID integration:

  1. Go to Setup > Users > Permission Sets.

  2. Click New to create a new Permission Set:

    • Label: SlashID API Access
    • API Name: SlashID_API_Access
    • License: --None--

  3. In the Permission Set, grant the following System Permissions:

    • API Enabled
    • View All Data
    • View Setup and Configuration
    • View All Users

  4. Assign this Permission Set to the Client Credentials Flow Run User you selected earlier.

Step 5: Obtain Your Salesforce Instance Information

  1. Note your Salesforce Instance URL:

    • This is typically in the format: https://yourcompany.my.salesforce.com
    • You can find this in your browser's address bar when logged into Salesforce

  2. Note your Login URL (if different from instance URL):

    • For production orgs: https://login.salesforce.com
    • For sandbox orgs: https://test.salesforce.com
    • For custom domains: Your custom login URL

Step 6: Create Your Salesforce⬅→SlashID Integration

  1. Go to the SlashID Console > 'Identity Protection' > 'Configuration' > 'Integrations'. Click on 'Add integration' on the right.

  2. Select 'Salesforce' from the list of providers in the horizontal menu.

  3. Enter your Salesforce connection details:

SlashID Console fieldDescriptionExample
Name of the connectionArbitrary name you give to this connectionSalesforce Production
Authoritative statusDecide whether Salesforce identities are the primary source of truth when reconciling identities across providersPrimary or Secondary
Instance URLYour Salesforce instance URLhttps://yourcompany.my.salesforce.com
Login URL (optional)Your Salesforce login URL (if different from instance URL)https://login.salesforce.com
Client IDConsumer Key from your Connected App3MVG9... (starts with 3MVG)
Client SecretConsumer Secret from your Connected App1234567890123456789
  1. Click on the 'Connect' button to test the connection and complete the integration.

Verification

After successful integration, SlashID will:

  • Sync user data: Import all Salesforce users, their profiles, roles, and permission assignments
  • Monitor connected apps: Track all connected applications and their OAuth scopes
  • Analyze permissions: Identify over-privileged users and unused permissions
  • Track login events: Monitor user login patterns and detect suspicious activity
  • Detect security risks: Identify weak MFA configurations, shared accounts, and privilege escalations

SlashID is now monitoring your Salesforce environment for potential security issues. It may take a few minutes for the initial data sync, after which you can start exploring security events in the 'Identity Protection Dashboard' section of the SlashID Console.

Troubleshooting

Common Issues

"Authentication failed: invalid_client_id"

  • Verify that you copied the Consumer Key (Client ID) correctly
  • Ensure the Connected App has been activated (wait 2-10 minutes after creation)

"Authentication failed: invalid_client"

  • Verify that you copied the Consumer Secret correctly
  • Ensure Client Credentials Flow is enabled in your Connected App

"insufficient_scope" or "INSUFFICIENT_ACCESS"

  • Verify the Run User for Client Credentials Flow has sufficient permissions
  • Ensure the required OAuth scopes are selected in your Connected App
  • Check that the user has the necessary Permission Sets assigned

"invalid_grant" error

  • Check that your Instance URL is correct and accessible
  • For sandbox orgs, ensure you're using the correct login URL (test.salesforce.com)

Security Considerations

  • The Connected App uses OAuth 2.0 Client Credentials flow, which is more secure than username/password authentication
  • Regularly review the permissions granted to the SlashID Connected App
  • Monitor the API usage in Salesforce Setup > System Overview > API Usage
  • Consider using a dedicated system user account for the Client Credentials Flow Run User

Data Monitored

SlashID monitors the following Salesforce data:

  • Identity Data: Users, profiles, roles, permission sets, groups
  • Access Control: Permission assignments, sharing rules, object permissions
  • Applications: Connected apps, OAuth clients, custom applications
  • Security Events: Login history, permission changes, suspicious activities
  • Resources: Reports, dashboards, files, knowledge articles
  • Configuration: Sites, custom objects, field-level security