Salesforce
Source Connector
Overview
The source connector fetches data from Event Monitoring and Standard Objects.
Streams
| Data Source | Stream Name |
|---|---|
| Account | account |
| ContentVersion | content_version |
| Dashboard | dashboard |
| Event Log File - Login | event_log_login |
| Event Log File - LoginAs | event_log_login_as |
| Event Log File - Logout | event_log_logout |
| Event Log File - URI | event_log_uri |
| LoginHistory | login_history |
| Opportunity | opportunity |
| SetupAuditTrail | setup_audit_trail |
| Report | report |
| User | user |
Prerequisites
Salesforce customers must enable Event Monitoring before onboarding logs to Tarsal. An additional license may be required for this Salesforce add-on.
Step 1: Create an API User in Salesforce
Tarsal requires a user account with API and Event Log File permissions in order to retrieve Event Monitoring logs.
We recommend creating a new, dedicated user with the minimum permissions required by Tarsal. Salesforce requires each user to have a unique username, but the same email address can be used for multiple users. Thus, you can create a Tarsal-only account without having to manage an additional email address in your organization.
In order to create and add permissions to the new user, the 'Manage Users' permission is required.
To create a user:
- Follow the instructions in the Salesforce documentation to add a new user.
- For User License, select "Salesforce."
- For Profile, create a new profile cloned from "Minimum Access - Salesforce"
- For the newly created profile, select:
- Under
Administrative Permissions:
- "View Setup and Configuration"
- "Subscribe to Dashboards"
- Under
General User Permissions- "Export Reports"
- "Manage Content Properties"
- Under
Standard Object Permissions- "Accounts"
- "Opportunities"
- Under
- For the newly created profile, select:
- Complete the user registration process by accessing the link sent to the new user’s email to set up a password.
Step 2: Retrieve Security Token from Salesforce API
Salesforce API access requires username, password, client id, client secret and a credential called security token.
To request a security token for a new Salesforce user account:
- Log in with the newly created user
- Request a security token for a new Salesforce user account. Follow instructions in this Salesforce documentation to request a token.
- After receiving the token, log out of the newly created account and continue the following steps with the admin account.
Step 3: Create and assign a new Permission Set in Salesforce
To assign permissions to the new user, you must create a new Permission Set.
- Follow the instructions in Salesforce's Create Permission Sets documentation to add a new permission set that grants Tarsal access to the Event Monitoring data via the SOAP/REST API.
- On your new Permission Set's page, click System Permissions:
- Click Edit, then check the boxes to enable the following permissions:
- API Enabled
- View Event Log Files
- Click Edit, then check the boxes to enable the following permissions:
- Assign the Permission Set to the designated user by following the instructions in Salesforce's documentation to assign Permission Sets to a Single User.
Step 4: Create a Connected App
Search App Manager from sidebar quick search and select New Connected App. More information is available in the Salesforce docs but for Tarsal integration, we need following;
- Fill out basic details of the app
- Enable OAuth Settings checkbox, which will enable additional inputs, Fill out the following fields:
- Selected OAuth Scopes; From the available scopes, select Full access(full)
- Callback URL; Use https://login.salesforce.com/services/oauth2/success as the input.
- Enable Client Credentials Flow checkbox
After completing the setup, view the app. A new button labeled “Manage Consumer Details” will appear under API (Enable OAuth Settings). Click this button to be redirected to the Consumer Details page, where you will find the Consumer Key and Consumer Secret. Once you have obtained these credentials, ensure you also complete the following steps:
- Navigate to Apps > Manage Connected Apps > (The name of your app) > Edit Application > OAuth Policies, and set “Permitted users” to “All users may self-authorize.”
- In the same location, set “IP Relaxation” to “Relax IP restrictions.”
Step 5: OAuth Username-Password Flows
- In the sidebar quick search, type “OAuth” and select “OAuth and OpenID Connect Settings.” Alternatively, navigate to Setup > Security Controls > OAuth and OpenID Connect Settings.
- Once on the settings page, check the “Enable OAuth Username-Password Flows” box.
Configuration
| Field | Required | Description | Example |
|---|---|---|---|
| Domain | yes | Instance name found in URL of your Salesforce instance | test8-dev-ed.develop |
| Username | yes | Your Salesforce account username | account123 |
| Password | yes | Your Salesforce account password | password123 |
| Customer Key | yes | ID/key for the connected app | 3MVG9XgkMlifVSDYT7675wdbHgsdpjN.rcr\_\_ NVJgXudjqsHKqX5egpyYptMuyJpqF |
| Customer Secret | yes | Secret for the connected app | F28F832C8ACCGATYHAGHSGDAB02GAGTHAGAHG6768DSDSD886C622FE3 |
| Security Token | yes | Secret for the salesforce account | Theuwtyfhsg6w8eghsdj662DWe9t2 |
Connector Limitations
- When first configured, the connector will load the last 24 hours of logs.
- This connector is restricted by rate limits.
Updated 16 days ago