Salesforce (SFDC) Connector

Setup your SFDC account to enable it for scanning by SSC before you create the connector.

Prerequisites

- You are not required to be logged in as an administrator user

- User must have the “QueryAllFiles” permission

To set the permission in SFDC account

1) Go to the SFDC Console

2) Navigate to Administrator > Profiles

3) Choose a profile to clone from – ideally it’s the one already associated with the given user

choose clone option

clone an SFDC profile

4) In the cloned profile (in this example Qualys SSC Profile) navigate to App->App Permissions. Edit to enable the Query All Files permission.

Enable the Query All Files permission

5) Associate the scan user with this new profile

Associate user with profile

6) Now the user (in this example testuser@adya.io) is ready to scan the Salesforce account.

Now, from the SSC UI, go to Configuration -> Create Connector and enter the details. Make sure the “Login URL” is set to login.salesforce.com

Note: If an SFDC Sandbox account is being scanned, the login URL should be set to test.salesforce.com

provide SFDC login URL while creating connector

Once you click Create Connector, you are redirected to the Salesforce login screen. Provide the user credentials and allow access.

After successful login, the scan is initiated and all the metadata related to the account including files that have been uploaded to that SFDC account, who owns it and who it is shared with (both within and outside of the organization), etc is collected.

On successful completion of scan the connector status is displayed as Success. If the scan fails due to the user account not having the QueryAllFiles permission set, then that is displayed as well in the Status column.

View status of scan

Information collected from the connectors is displayed in respective tabs on the SSC UI, for example: Users, Groups, Files & Folders, Applications