Salesforce Troubleshooting and Validation
Validation After Connection
-
In the SailPoint Entro Dashboard, navigate to Management → Accounts & Integrations → Salesforce.
-
Confirm that the integration status displays Verified, with a recent validation timestamp.
-
Verify that findings related to Salesforce (e.g., secrets in service cases) are populating in the Secrets Inventory tab.
API Scope Validation (Optional)
You can validate the credentials and flow using a curl command from your terminal:
curl -X POST https://<DOMAIN>.my.salesforce.com/services/oauth2/token \
-d "grant_type=client_credentials" \
-d "client_id=<CLIENT_ID>" \
-d "client_secret=<CLIENT_SECRET>"
Expected Output: A JSON response containing an access_token.
Common Issues
| Issue | Probable Cause | Resolution |
|---|---|---|
error: invalid_client_id |
Wrong Consumer Key or Secret. | Double-check values copied from the Salesforce App Manager details page. |
error: invalid_grant (no client credentials user enabled) |
The "Run As" user is not configured for the flow. | Go to Manage → Edit Policies. Under Client Credentials Flow, ensure a valid Run As User is selected and saved. |
error: invalid_grant (authentication failure) |
Policies are incorrect. | Ensure Permitted Users is set to "All users can self-authorize" in the App Policies. |
error: inactive_user |
The "Run As" user is deactivated. | Reactivate the user or select a different active user in the App Policies. |
| No Findings/Data | Insufficient permissions for the "Run As" user. | Log in as the "Run As" user and verify they can view Cases, Comments, and Emails manually. |