Skip to main content
All CollectionsOnboarding and Configuration Guides
Onboarding Guide - Salesforce
Onboarding Guide - Salesforce

Salesforce integration Prerequisites and How to connect it to Reco?

Reco Product Management avatar
Written by Reco Product Management
Updated over a month ago

Integrating Salesforce with Reco

Salesforce integration allows Reco to provide visibility and detection of abnormal activities on Salesforce objects and assets. With Reco's business context, you can rest assured that your sales and marketing operations are protected and secure.

Although not mandatory, Salesforce Shield is a subscription service that is required for generating the event logs. This will allow Reco to display useful insights about the activity in your Salesforce account, beyond just objects and permissions.

Prerequisites

  1. A Reco user with an Admin Role

  2. For Salesforce Shield customers

    1. Ensure you have the right permissions as stated in "Enable Access to Real-Time Event Monitoring".
      Namely, the user who is intended to authorize Reco must have at least the following permissions:

      1. View Real-Time Event Monitoring Data

      2. View Setup and Configuration

      3. View Event Log Files

      4. View Event Log Object Data

      5. API Anomaly Event Stores (View All)

      6. Guest User Anomaly Event Stores (View All)

      7. Report Anomaly Event Stores (View All)

      8. Session Hijacking Event Stores (View All)

    2. To enable this permission:

      1. Login to Salesforce, and click on the Settings Icon on the upper-right side of the screen

      2. At the left-side menu, under "ADMINISTRATION" -> "Users" -> Click on "Profiles".

      3. Locate the profile of the authorizing user in the list and click on "Edit"

      4. Search inside the page and enable the following permissions:

        1. View Real-Time Event Monitoring Data

        2. View Setup and Configuration

        3. View Event Log Files

        4. View Event Log Object Data

        5. API Anomaly Event Stores (View All)

        6. Guest User Anomaly Event Stores (View All)

        7. Report Anomaly Event Stores (View All)

        8. Session Hijacking Event Stores (View All)

      5. Scroll to the bottom and click on "Save".

    3. Enable Event Monitoring

      1. Login to Salesforce, and click on the Settings Icon on the upper-right side of the screen

      2. At the left-side menu, under "Settings" -> "Security" -> Expand "Event Monitoring" -> Click on "Event Monitoring Settings"

      3. Enable “View event log data in Analytics apps

      4. Disable “Delete event monitoring data

      5. At the left-side menu, under "Platform Tools", expand "Events" -> Click on “Event Manager"

      6. Enable streaming and storing for each event, where applicable

Configure Service Account

  1. Log in to login.salesforce.com.

  2. In the left navigation bar, go to Administration > Users > Profiles.

  3. Clone a system administrator user profile. Ensure that the user profile has an active “Salesforce” license. In this example, click Clone beside the System Administrator.

  4. On the Clone Profile page, enter a profile name and make sure the User License shows Salesforce.

  5. Click Save.

  6. After creating the custom profile, click Edit to modify the custom profile.

  7. You must directly assign the permissions to the profile. Do not add the permissions through permission sets. Scroll down to the Administrative Permissions section of the custom profile.

    1. Keep the default permissions as they are and enable the following permissions:

      1. API Enabled

      2. View All Data

      3. View All Users

  8. Keep the default permissions as they are and disable the following permissions:

    1. Administrative Permissions -> uncheck Modify All Data, Manage IP Addresses.

    2. General User Permissions -> uncheck Modify Data Classification.

    3. Standard Object Permissions -> uncheck Modify All permission.

    4. Custom Object Permissions -> uncheck Modify All permission.

  9. Click Save.

  10. In the left navigation bar, go to Administration > Users > Users.

  11. Click Edit to modify an existing user, or New User to define a new user.

  12. In the User Edit > General Information section, set the User License as Salesforce.

  13. In the User Edit > General Information section, set the Profile created in step 4.

  14. Click on Save.

Trusted IP Range

Reco recommends allowing a pool of Reco public IP addresses in Salesforce. This will ensure that Salesforce and Reco exchange events and notifications. To allow the IP addresses:

  • Log in to login.salesforce.com.

  • In the left navigation bar, go to Settings > Security > Network Access.

  • Click New beside Trusted IP Ranges.

  • In the Trusted IP Range Edit page, specify the Start IP Address and End IP Address.

  • Click Save.

To get a pool of Reco public IP addresses, talk with Reco Support.

Integrate Salesforce with Reco

  1. Login to the Reco Platform

  2. Click on "Configurations" then click on "Integrations"

  3. Locate the "Salesforce" object and click on "Add Integration"

  4. You will then be redirected to your Salesforce tenant consent page, Click on "Allow"

  5. You will be then redirected back to the Reco platform

  6. Click on "Configurations" then click on "Integrations"

  7. Locate the "Salesforce" object and click on "Configure"

  8. Click on "Save"

  9. If the integration was successful, the Slack Notification Integration status will become "Active"

Grant Failure Due to Login IP Range

The grant of access may fail if the Salesforce username has any Login IP Ranges configured in Salesforce. Log in to your Salesforce account and verify if the user profile associated with the username has Login IP Ranges configured. If configured, follow the procedure below to ensure the grant goes through successfully.

  • Log in to login.salesforce.com.

  • On the top right, click Setup > Setup.

  • On the left navigation pane, search for Connected Apps > Connected Apps OAuth Usage.

  • Beside the Reco Introspection for Salesforce app, click Install.

  • A new window opens. Click Install.

  1. On the Reco Introspection for Salesforce Connected app page, click Edit Policies.

  2. Under OAuth Policies, set IP Relaxation to Relax IP restrictions.

  3. Click Save.

What do we ingest exactly?

Permission

API / Object

Access Analytics REST API Charts Geodata resources

eclair_api

Access Analytics REST API resources

wave_api

Access Connect REST API resources

chatter_api

Access the identity URL service

id, profile, email, address, phone

Access unique user identifiers

OpenID

Manage user data via APIs

Perform ANSI SQL queries on Customer Data Platform data

cdp_query_api

Perform requests at any time

refresh_token, offline_access

Metadata

  1. Salesforce User Information

  2. Salesforce Roles

  3. Salesforce Accounts

  4. Salesforce Opportunities

  5. Salesforce Leads

  6. Salesforce Contacts

  7. Salesforce Permission Sets

  8. Salesforce Permission Set Assignments

  9. Salesforce Organizations

  10. Salesforce Groups

  11. Salesforce Group Members

  12. Salesforce Events

  13. Salesforce Event Log Files

  14. Salesforce Connected Applications

  15. Salesforce Documents

  16. Salesforce Attachments

  17. Salesforce Verification Histories

  18. Salesforce Blob Event Log Files

  19. Salesforce Cases

  20. Salesforce Tasks

  21. Salesforce API Events

  22. Salesforce Lightning URI Events

  23. Salesforce URI Events

  24. Salesforce Bulk API Events

  25. Salesforce Bulk Lightning URI Events

  26. Salesforce Bulk URI Events

  27. Salesforce Profiles

  28. Salesforce Login Events

  29. Salesforce Bulk Login Events

  30. Salesforce Login History

  31. Salesforce Bulk Login History

  32. Salesforce API Anomaly Event Store

  33. Salesforce Bulk API Result Event Store

  34. Salesforce Credential Stuffing Event Store

  35. Salesforce File Event Store

  36. Salesforce Identity Provider Event Store

  37. Salesforce Identity Verification Event

  38. Salesforce List View Events

  39. Salesforce Login As Events

  40. Salesforce Logout Events

  41. Salesforce Permission Set Event Store

  42. Salesforce Report Anomaly Event Store

  43. Salesforce Report Events

  44. Salesforce Session Hijacking Event Store

  45. Salesforce Content Distribution

  46. Salesforce Setup Audit Trail

  47. Salesforce Object Permissions

Did this answer your question?