Skip to main content

Integrate with Salesforce

Follow this step-by-step guide to allow SlashID to monitor and protect your Salesforce organization. This integration enables SlashID to track users, permissions, connected & external client apps, and security events across your Salesforce environment.

Before starting

Before starting, ensure you have:

  • System Administrator privileges in your Salesforce organization
  • Access to create External Client Apps in Salesforce
  • Access to create Permission Sets in Salesforce
  • Access to create Users in Salesforce
  • Access to assign Permission Sets to Users in Salesforce

Step 1: Create a Permission Set

  1. Go to Setup -> search Permission Sets -> click New
  2. Fill in:
    • Label: SlashID Identity Protection
    • License: Salesforce API Integration
  3. Click Save

Step 2: Configure System Permissions on the Permission Set

Open the permission set you just created -> System Permissions -> Edit.

Enable the following permissions:

Required

The integration cannot run without these.

PermissionWhat we sync
View All UsersUsers
View Setup and ConfigurationProfiles, permission sets, permission set assignments, permission set groups, permission set group components, muting permission sets, object permissions
View Roles and Roles HierarchyRoles
Manage UsersOAuth token grants, Account lock / freeze status, login history
note

Manage Users is broader than we would ideally need. Salesforce does not currently offer narrower read-only alternatives for the specific objects that require this. SlashID uses these permissions exclusively to make read-only SOQL queries against your org's data. No records are created, updated, or deleted.

Optional

A sync completes without these — they unlock additional visibility.

PermissionWhat we sync
Run ReportsReports, dashboards
View Reports in Public FoldersReports in shared folders
View Dashboards in Public FoldersDashboards in shared folders
View All DataFiles and attachments

Click Save

Step 3: Create the Integration User

  1. Go to Setup -> Users -> New User
  2. Fill in:
    • Last name: SlashID Identity Protection
    • Email: a monitored email address (recieves a verification email)
    • User License: Salesforce Integration
    • Profile: Minimum Access - API Only Integrations
    • Other fields should auto complete
  3. Click Save
  4. Note the integration users Username, this will be used later.
  5. Take the time now to verify this user by completing the verification step via your email inbox.
Knowledge Articles (optional)

If you want SlashID to pull Knowledge Articles, enable the Knowledge User checkbox on the integration user's record before saving.

Step 4: Assign the Permission Set to the User

  1. Go to the users detail page: Setup -> Users -> Click SlashID Identity Protection
  2. Find Permission Set Assignments -> Edit
  3. Move the SlashID Identity Protection permission set to Enabled Permission Sets
  4. Click Save

Step 5: Create External Client App

  1. Go to Setup -> External Client App Manager -> New External Client App
  2. Fill in:
    • External Client App Name: SlashID Identity Protection
    • Contact email: a monitored email address
  3. Check: Enable OAuth under Open API (Enable OAuth Settings)
  4. Fill in:
    • Callback URL: https://api.slashid.com/nhi/connections/authorize/oauth-callback
  5. Move the following to Selected OAuth Scopes:
    • Access the identity URL service (id, profile, email, address, phone)
    • Manage user data via APIs (api)
    • Full access (full)
    • Perform requests at any time (refresh_token, offline_access)
    • Access unique user identifiers (openid)
  6. Check: Enable Client Credentials Flow under Flow Enablement
  7. Click Create

Step 6: Set the Client Credentials Flow "Run As" User

  1. Go to Setup -> External Client App Manager -> SlashID Identity Protection
  2. Under Policies tab, click Edit
  3. Check: Enable Client Credentials Flow under OAuth Policies -> OAuth Flows and External Client App Enhancements
  4. Enter the integration users Username from Step 3.
  5. Click Save

Step 7: Get your Consumer Key and Consumer Secret

  1. Go to Setup -> External Client App Manager -> SlashID Identity Protection
  2. Under Settings tab, expand OAuth Settings
  3. Click Consumer Key and Secret
  4. Complete the verification flow, and you'll find the Consumer Key and Consumer Secret

Step 8: Create Your Salesforce <> SlashID Integration

  1. Go to the SlashID Console -> Identity Protection -> Configuration -> Data sources.
  2. Click Add data source
  3. Select Salesforce from the list of providers in the select menu
  4. Enter your Salesforce connection details:
FieldDescriptionExample
Name of the connectionArbitrary name you give to this connectionSalesforce Production
Authoritative statusDecide whether Salesforce identities are the primary source of truth when reconciling identities across providersPrimary or Secondary
Instance URLYour Salesforce My Domain URLhttps://yourcompany.my.salesforce.com
Login URLYour Salesforce My Domain URL (must be the same for client credentials flow)https://yourcompany.my.salesforce.com
Authentication methodChoose Client CredentialsClient Credentials
Consumer KeyConsumer Key from your External Client App3MVG9...
Consumer SecretConsumer Secret from your External Client AppYour consumer secret
  1. Click Connect to complete the integration.