Setup your SFDC account to enable it for scanning by SaaSDR before you create the connector.
- You are not required to be logged in as an administrator user.
- User must have the “QueryAllFiles” permission.
- User must have the “Manager Certificate” and "Customize Application" check-box selected in the system permission of the permission set.
Follow these steps to create a SFDC Connector:
1) Create application and get Application ID Application Key
2) Enable Permissions
3) Create Connector in SaaSDR with SFDC as application
1) On the SFDC console, navigate to Home, under Platform Tools in the left navigation pane, select Apps > App Manager.
2) Click New Connected App and provide these details:
a. Name: QualysSaaSDR (without hyphen)
b. Contact Email: firstname.lastname@example.org
c. Info Url: User must leave this field blank
d. Description: Qualys SaaS Detection and Response (SaaSDR) expands the capabilities of the Qualys Cloud Platform to help enterprises secure and manage their Salesforce instances.
e. Callback URL: Copy the URL from the SaaSDR connector creation dialog box. (Example: https://qualysguard.qg2.apps.qualys.com/ssc/api/salesforce/oauthcallback)
f. Scopes: Move the following 4 scopes to the right column:
Access and manage your Chatter data (chatter_api)
Access and manage your data (api)
Access your basic information (id, profile, email, address, phone)
Perform requests on your behalf at any time (refresh_token_offline_access)
3) Click Save > Confirm.
4) The newly created application is displayed with its properties. Copy the Consumer Key and click Click to reveal to know Consumer Secret. You will need Consumer Key and Consumer Secret in later steps.
1) On the SFDC Console, navigate to Administrator > Users.
2) You can choose to add permissions to an existing Permission Set or create a new permission set. Select the permission set you want to edit or click New Permission Set to create a new permission set.
3) Navigate to App > App Permissions. Enable the Query All Files permission.
4) Navigate to App > System Permissions. Enable:
a. Manage Certificates permission
b. Customize Application permission
5) Associate the scan user with this new permission set.
6) Select user having role as System Administrator to create a connector.
1) Now, on the SaaSDR UI, go to Configuration > Connectors and click Create Connector.
2) On the Create Connector page, select Salesforce as your SaaS Application type.
3) Provide the consumer key and secret as Application ID and Application Key in SaaSDR app.
4) Click Create Connector.
You will be redirected to the login page of the application where you need to login using your administrator credentials. Once your connector is created, it is listed in the Configurations > Connectors list. Here you can check the status and other details of the connector.
Once the application is connected, a scan is initiated to pull metadata from the application. This step may take some time to complete based on the number of resources to be cataloged in your application.