Setup your SFDC account to enable it for scanning by SSC before you create the connector.
- You are not required to be logged in as an administrator user
- User must have the “QueryAllFiles” permission
1) Go to the SFDC Console
2) Navigate to Administrator > Profiles
3) Choose a profile to clone from – ideally it’s the one already associated with the given user
4) In the cloned profile (in this example Qualys SSC Profile) navigate to App->App Permissions. Edit to enable the Query All Files permission.
5) Associate the scan user with this new profile
6) Now the user (in this example testuser@adya.io) is ready to scan the Salesforce account.
Now, from the SSC UI, go to Configuration -> Create Connector and enter the details. Make sure the “Login URL” is set to login.salesforce.com
Note: If an SFDC Sandbox account is being scanned, the login URL should be set to test.salesforce.com
Once you click Create Connector, you are redirected to the Salesforce login screen. Provide the user credentials and allow access.
After successful login, the scan is initiated and all the metadata related to the account including files that have been uploaded to that SFDC account, who owns it and who it is shared with (both within and outside of the organization), etc is collected.
On successful completion of scan the connector status is displayed as Success. If the scan fails due to the user account not having the QueryAllFiles permission set, then that is displayed as well in the Status column.
Information collected from the connectors is displayed in respective tabs on the SSC UI, for example: Users, Groups, Files & Folders, Applications