Salesforce
SailPoint Entro integrates with Salesforce for Discovery and monitoring of Salesforce Connected Apps and External Client Apps, providing full visibility into their permissions, OAuth scopes, and owners, as well as scanning of service cases for exposed secrets. This integration utilizes the OAuth 2.0 Client Credentials flow via an External Client App to securely access and monitor your Salesforce instance.
Purpose
-
Identify and track Salesforce's Non-Human Identities (NHIs) such as Connected Apps and External Client Apps.
-
Secret Scanning of Service Cases to detect leaked secrets:
-
Case Details**:** Subject and Description
-
Comments**:** Internal and external case comments
-
Attachments**:** Files uploaded to cases
-
Email Messages__: Bodies of emails associated with cases (Coming soon)
-
Architecture
SailPoint Entro connects directly to the Salesforce REST API over HTTPS.
+-----------------------------+
| Entro Console |
| (Control Plane) |
+--------------+--------------+
|
| API Configuration
|
+--------------v--------------+
| Worker Group |
| (Connector) |
+--------------+--------------+
|
| HTTPS (OAuth 2.0)
|
+--------------v--------------+
| Salesforce Cloud |
| (Service Cloud API) |
+-----------------------------+
Data Access & Security
- All operations are read-only.
- Authentication via External Client App (OAuth Client Credentials).
- All communications over HTTPS/TLS 1.2+.
- Secrets encrypted with AES-256 in SailPoint Entro Worker.
- Fully compliant with SOC 2 Type II, ISO 27001, and GDPR.