If you're having trouble at any stage please contact us at firstname.lastname@example.org.
The goal of this article is to add a new Sales Cloud Connector at your SkyFormation Platform.
Salesforce application limit the number of API calls a day applications integrated with Salesforce,
as SkyFormation could do.
To make sure SkyFormation will not exceed your organization's Salesforce API calls limit
please consult with SkyFormation sales on the expected API calls expected for your organization
and your Salesforce admin on the available API calls for additional application.
For the Salesforce API limit please visit: API Requests Limits at Salesforce developer site.
(1) Have the "Integration via web service API" feature supported by your Sales Cloud edition.
As out of the box Sales Cloud Enterprise and Unlimited versions do.
The Sales Cloud Group Edition (GE) and Professional Edition (PE) need to follow
this procedure to try and get the needed integration APIs open enabled by Salesforce.
(2) A Salesforce user attributes
- Username (e.g. email@example.com )
- Password (e.g. mysecretpassword)
- API token (e.g. yIAyNNuDG2d6HVQtwa8KgqZkF)
Explanation: The user information needed is for a Salesforce user that will be used by the
SkyFormation Sales cloud connector, to integrate with the Salesforce cloud application APIs, and
retrieve the needed audit logs events, changes and information needed by the connector for its
(3) Create a profile (Setup (top right) -> Manage users -> Profiles -> clone any user) and assign it with the following permissions:
- Assign the "API Enabled" system permission
- Assign the "View Setup and Configuration" system permission
(Required to get the "Setup Audit Trail" audit events)
- Assign the "Manage users" Users permission
(Required to get the Login History audit events)
Note: The "Manage Users" users permission could only be assigned through the Profile
attached to the user.
- Assign the "View All Data" system permission
(Required to get the attachments, field history and more)
- Optional:Assign the "View Event Log File" permission
(Only needed if you have the Salesforce Event Monitoring and would like your
SkyFormation Salesforce connector to get its audit events).
(4) Assign the profile to the user we'll use. It can be an existing user or a new one.
We recommend you create a user dedicated for this integration.
Setup (top right) -> Manage users -> Users -> click "edit" next to the user ->
from the drop-down net to Profile select the profile created at #3
(1) Use a dedicated Salesforce user for the SkyFormation Salesforce connector.
Explanation: This would ensure no risks on a real user account, better visibility over
the SkyFormation application activities, and ability to secure the specific user account
from specific IP as recommended above for higher security.
(2) Use a very secure password for the user in use by the the Salesforce connector
(3) Limit the IP ranges from where the SkyFormation connector user could login from
Explanation: The Salesforce user used by the SkyFormaiton connector is a privileged
accounts which should only be used from the SkyFormation platform IP. To ensure better
security of the account we recommend to limit the Profile assigned to the user to the IP.
Warning: The Login IP limitation could only be assigned to a Profile. Make sure no other
Salesforce users are assigned with the Profile you limit to avoid access problems
to the system.
(1) Add the "Password never expired" system permission to the SkyFormation connector user in
The permission could be assigned using a profile or using a permission set.
Warning: Using this attribute adds more risk for the account to be compromised.
Do it with care and only if aligned with your organization's risk assessments. If you will not
use this option make sure you update the Sales force connector password when ever the
user's password or API token are changed.
1. Logon to your SkyFormation Platform:
2. Navigate via left navigation panel to "Settings" section
3. Navigate via New Settings left navigation panel to "Accounts" section
4. Click the "Add Account" bottom
5. At the "SELECT SERVICE TO ADD" choose "Sales Cloud Salesforce"
You will see the below screen:
5. Fill in the following information:
- Account Name
Give this Sales Cloud connector a meaningful name for you. The will become your cloud app
connector name displayed in the SkyFormation platform and added to entire events
sent to your SIEM/Log/Splunk system as identifier.
e.g. "Corporate CRM platform"
Add any text that describe the specific cloud app connector function and meaning for
e.g. "Corporate sales automation and customer relations management platform"
Put the user's password string
Put the user's Username value
- Authentication Endpoint
Leave as is, unless using a test Salesforce account, in which case modify the url prefix to
- Test the credentials by clicking the "Test Connection", it should take ~30 seconds to complete,
after which either a success message will appear or an error - that detail the source of the error
- Click "SAVE" botton
Make sure the "STATUS" of the new Sales cloud connector in the table is OK and green.
Your are done !
Now you are ready to add a configure the events that would be sent to your SIEM/Splunk and the SkyFormation console from the just added SkyFormation Connector.
To learn more go to: How to: Configure A Cloud App Connector To Send Events To SIEM
If the test connection fails, there might be a problem with the credentials provided. In order to check that, please perform the following steps:
1. Create a text file called login.txt containing the following text:
<?xml version="1.0" encoding="utf-8" ?>
2. Replace your_username and your_password+s with your Salesforce user name and password+s
3. Using a command-line window, execute the following cURL command:
curl https://login.salesforce.com/services/Soap/u/50.0 -H "Content-Type: text/xml; charset=UTF-8" -H "SOAPAction: login" -d @login.txt
4. If the credentials are valid, Salesforce will return an XML response that includes <sessionId> and <serverUrl> elements. If not, the response from the server will include INVALID_LOGIN: Invalid username, password, security token; or user locked out. This means that there is a problem with the provided credentials.