Skip to content
This repository was archived by the owner on Sep 3, 2024. It is now read-only.

Latest commit

 

History

History
116 lines (87 loc) · 4.78 KB

jupiterone.md

File metadata and controls

116 lines (87 loc) · 4.78 KB

Salesforce

Salesforce + JupiterOne Integration Benefits

  • Visualize Salesforce users, roles, groups, policies, and permissions in the JupiterOne graph.
  • Map Salesforce users to employees in your JupiterOne account.
  • Monitor changes to Salesforce users using JupiterOne alerts.

How it Works

  • JupiterOne periodically fetches users, roles, groups, policies, and permissions from Salesforce to update the graph.
  • Write JupiterOne queries to review and monitor updates to the graph, or leverage existing queries.
  • Configure alerts to take action when JupiterOne graph changes, or leverage existing alerts.

Requirements

  • JupiterOne is a Salesforce Connected App that will require a user authorized to grant access to your Salesforce org’s data.
  • You must have permission in JupiterOne to install new integrations.

Support

If you need help with this integration, please contact JupiterOne Support.

Integration Walkthrough

In Salesforce

  1. First navigate to the Salesforce developer account creation page or go to this webpage https://developer.salesforce.com/signup.

  2. After the relevant form information has been filled out, submitting the form will redirect the user to Salesforce to authorize the requested scopes.

  3. Review the request, click "Allow", and then you will be redirected back to JupiterOne.

In JupiterOne

  1. From the top navigation of the J1 Search homepage, select Integrations.
  2. Scroll to the Salesforce integration tile and click it.
  3. Click the Add Configuration button and configure the following settings:
  • Enter the Account Name by which you'd like to identify this Salesforce account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when Tag with Account Name is checked.
  • Enter a Description that will further assist your team when identifying the integration instance.
  • Select a Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.
  • The optional fields for User Role ID Filter and User Profile ID Filter can be filled in to restrict which user accounts are ingested. Both fields can take in either a single value or a list of comma separated values. To ingest all users, leave these fields blank.
  1. Click Create Configuration once all values are provided.

How to Uninstall

  1. From the configuration Gear Icon, select Integrations.
  2. Scroll to the Salesforce integration tile and click it.
  3. Identify and click the integration to delete.
  4. Click the trash can icon.
  5. Click the Remove button to delete the integration.

Data Model

Entities

The following entities are created:

Resources Entity _type Entity _class
Group salesforce_group Group
PermissionSet salesforce_permission_set AccessPolicy
Profile salesforce_profile Account
User salesforce_user User
UserRole salesforce_user_role AccessRole

Relationships

The following relationships are created:

Source Entity _type Relationship _class Target Entity _type
salesforce_group HAS salesforce_group
salesforce_group HAS salesforce_user
salesforce_group ASSIGNED salesforce_user_role
salesforce_profile HAS salesforce_permission_set
salesforce_user ASSIGNED salesforce_permission_set
salesforce_user HAS salesforce_profile
salesforce_user ASSIGNED salesforce_user_role
salesforce_user_role CONTAINS salesforce_user_role