Configure Salesforce for the Incydr data connection

Updated

Overview

Before you Connect Incydr to Salesforce, you must complete the following configuration steps in Salesforce:

This article shows you how to complete these steps.

Salesforce permission sets vs. custom user profiles
This article guides you through using Salesforce permission sets. While custom user profiles are technically supported, permission sets are preferred because custom profiles include additional settings not required for the Incydr data connection.

Considerations

  • Incydr connects to your Salesforce environment using a service account that requires one of your Salesforce user licenses. To free up a Salesforce license, you may need to reassign a user to a profile that uses a different license, or contact Salesforce to increase your license count.

Before you begin

Verify you have the required Salesforce edition and add-on subscriptions.

Incydr monitoring requires the Salesforce Shield or Salesforce Event Monitoring add-on subscriptions
You must have either the Salesforce Shield or Salesforce Event Monitoring add-on subscriptions to use the Incydr Salesforce data connection. Only these subscriptions include the View Real-time Event Monitoring Data permission required to collect information about reports downloaded from your Salesforce environment.

Step 1: Enable event streaming in Salesforce

To monitor Salesforce report downloads with Incydr, you must enable streaming of the following events in the Salesforce Event Manager:
  • Login Event
  • Logout Event
  • Report Event

To enable streaming:

  1. Log into Salesforce using your administrator account.
  2. If needed, navigate to Setup.
    • Lightning Experience: Click the Setup icon in the upper-right corner of the screen, then select Setup from the menu that appears.
    • Salesforce Classic: Click Setup in the upper-right corner of the screen.
  3. Navigate to Event Manager.
    • Lightning Experience: Under Platform Tools, go to Events > Event Manager.
    • Salesforce Classic: Under Build in the left navigation pane, go to Develop > Events > Event Manager.
  4. Locate the Login Event, Logout Event, and Report Event entries in the Events list.
    • If a check mark appears in the Streaming Data column for the entry, it's already enabled for the organization.
    • If no check mark appears, click the arrow on the right side of the screen and select Enable Streaming.
      Salesforce adds a check mark to the entry to indicate that streaming is enabled for that event for your organization.

Troubleshooting
If streaming is not enabled, Incydr cannot monitor Salesforce report download activity. If streaming of any of these events is disabled, the Incydr data connection enters the Error status and monitoring stops. Enable streaming for these events in Salesforce to resolve the error and return the connection to the Monitoring status.

Step 2: Create an Incydr service account in Salesforce

Set up a service or integration account in Salesforce that you'll use to connect Incydr to your Salesforce environment. Having a dedicated service account has several advantages:

  • Because it's not tied to a specific user, there are no disruptions to your business workflows as users leave and join your company.
  • In Salesforce, you can apply permissions to service accounts so that they can log in only using API calls (and not through the user interface) to secure your environment.
  • You can more easily identify activity generated by a service account compared to activity generated by your employee users.

Temporarily disable the Enhanced Profile user interface
Salesforce's Enhanced Profile user interface helps streamline your experience, but also dramatically changes how you interact with Salesforce profiles and settings. These changes can lock user profiles, which makes creating a new service user for Incydr according to the steps below difficult or even impossible.

If you use it, disable the Enhanced Profile user interface in Salesforce before creating an Incydr service account. You can re-enable it after completing the steps below.

To create a Salesforce service account:

  1. In Setup, navigate to Users.
    • Lightning Experience: Under Administration, go to Users > Users.
    • Salesforce Classic: Under Administer, go to Manage Users > Users.
  2. Click New User.
  3. Enter the required information about the user.
    • Use the First Name, Last Name, Alias, and Nickname fields to identify the user as the Incydr service account.
    • Enter a unique email address for this service account user in the Email field. You'll use this email address to authorize Incydr's connection to your Salesforce environment and for automated notifications.
  4. From the User License list, select Salesforce.
    If Salesforce is not listed, this means that all of your available Salesforce licenses are currently in use. You can either reassign one of these users to a different license or contact Salesforce to increase your license count.
  5. Select the new custom profile from the Profile list to assign it to the new service user. If you're using permission sets, go to next section.
  6. Click Save.
    When you authorize Incydr to connect to Salesforce, you'll enter this service account's credentials.

Step 3: Create a Salesforce permission set

First, create a permission set in Salesforce:

  1. In Setup, navigate to Administration > Users > Permission Sets. Alternatively, search for "permission sets" in the quick find toolbar.
  2. Click New.
  3. In the Label field, specify a name for the permission set. For example: Incydr_Detector_Permissions
    The Label name is also automatically applied to the API name field.
  4. From the License dropdown, select Salesforce.
  5. Click Save.

Next, add permissions required for the Incydr data connection:

  1. From the Permission sets page, select the permission set you created above.
  2. From the dropdown next to Permission Set Overview, select System Permissions.
  3. Select the following permissions:
    • API Enabled
    • Customize Application
    • Lightning Experience User (optional)
      Only select Lightning Experience User if you plan to log in to Salesforce with the Incydr service account to complete any administrative tasks in the Lightning Experience interface. This permission is not required for the Incydr service account or Incydr monitoring.
    • Manage All Private Reports and Dashboards
    • Manage Custom Permissions
    • Modify Metadata Through Metadata API Functions
    • Run Reports
    • View Real-Time Event Monitoring Data
    • View Roles and Role Hierarchy (automatically selected when enabling “View Setup and Configuration”)
    • View Setup and Configuration
  4. From the dropdown next to Permission Set Overview, select App Permissions
  5. Select the permission Allow View Knowledge.
  6. Click Save.

For more details about required permissions, see Salesforce data connection permission requirements.

See Salesforce documentation for more information about permission sets.

Step 4: Assign the service account to the permission set

To assign the service account to the permission set in Salesforce:

  1. From the Permission sets page, select the permission set you created above.
  2. Click Manage Assignments.
  3. Click Add Assignment.
  4. Select the Incydr service account user you created above.
  5. Click Next.
  6. Do not assign an expiration date.
  7. Click Assign.

External resources

Salesforce documentation

Related topics

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.