Skip to main content
All CollectionsOnboarding and Configuration Guides
Onboarding Guide - Salesforce
Onboarding Guide - Salesforce

Salesforce integration Prerequisites and How to connect it to Reco?

Reco Product Management avatar
Written by Reco Product Management
Updated over 2 weeks ago

Integrating Salesforce with Reco

Salesforce integration allows Reco to provide visibility and detection of abnormal activities on Salesforce objects and assets. With Reco's business context, you can rest assured that your sales and marketing operations are protected and secure.

Although not mandatory, Salesforce Shield is a subscription service that is required for generating the event logs. This will allow Reco to display useful insights about the activity in your Salesforce account, beyond just objects and permissions.

Prerequisites

  1. A Reco user with an Admin Role

  2. For Salesforce Shield customers - If you're unsure if you have Shield, see this FAQ

    1. Enable Event Monitoring

      1. Login to Salesforce, and click on the Settings Icon on the upper-right side of the screen

      2. At the left-side menu, under "Settings" -> "Security" -> Expand "Event Monitoring" -> Click on "Event Monitoring Settings"

      3. Enable “View event log data in Analytics apps

      4. Disable “Delete event monitoring data

      5. At the left-side menu, under "Platform Tools", expand "Events" -> Click on “Event Manager"

      6. Enable streaming and storing for each event, where applicable

Configure Service Account

The following steps describe the creation of an API-only user with the minimum required permissions for integrating Salesforce with Reco. This user is created under a free-for-all license and does not take up user license slots in your account.

  1. Log in to login.salesforce.com.

  2. Go to Administration > Users > Permission Sets in the left navigation bar.

  3. Press on New

  4. Fill in

    1. Label: "Reco Integration"

    2. API Name: "Reco_Integration"

  5. Choose a License: "Salesforce API Integration"

  6. Click Save.

  7. Click on "System Permissions"

  8. Click on "Edit"

  9. Enable all the following permissions:

    • Manage Connected Apps

    • Manage Custom Permissions

    • Modify Metadata Through Metadata API Functions

    • View all External Client Apps

    • View all External Client Apps, view their settings, and edit their policies

    • View Event Log Files

    • View Event Log Object Data

    • View Login Forensics Events

    • View Real-Time Event Monitoring Data

    • View Roles and Role Hierarchy

    • View Setup and Configuration

  10. Click on "Save"

  11. Search for each of the following items in the "Find Settings..." search box of the Permission Set page, click on "Edit", set the "Object Settings" as "View All", and click on "Save":

    1. API Anomaly Event Stores

    2. Guest User Anomaly Event Stores

    3. Report Anomaly Event Stores

    4. Session Hijacking Event Stores

  12. After creating the custom Permission Set, Go to Administration > Users > Users

  13. Click on "New User"

  14. Inside the "New User" form, fill in:

    1. Last Name: "Reco Integration"

    2. Alias: Reco

    3. Email: Provide a dedicated email address for the integration user of your choosing. This address can also be an alias.

    4. User License: "Salesforce Integration"

    5. Profile: "Salesforce API Only System Integrations"

  15. Click on "Save"

  16. At this point, Salesforce should send a verification email to the specified address above. Follow the instructions provided in the email to finish the user creation.

  17. In the created user page, under "Permission Set Assignments", click on "Edit Assignments"

  18. From the "Available Permission Sets" choose "Reco Integration", click on "Add", and then on "Save".

Trusted IP Range

Reco recommends allowing a pool of Reco public IP addresses in Salesforce. This will ensure that Salesforce and Reco exchange events and notifications. To allow the IP addresses:

  • Log in to login.salesforce.com.

  • In the left navigation bar, go to Settings > Security > Network Access.

  • Click New beside Trusted IP Ranges.

  • In the Trusted IP Range Edit page, specify the Start IP Address and End IP Address.

  • Click Save.

To get a pool of Reco public IP addresses, talk with Reco Support.

Integrate Salesforce with Reco

In a separate browser/profile:

  1. Log in to the service account you've created above

  2. Log in to the Reco Platform

  3. Click on "Configurations" then click on "Integrations"

  4. Locate the "Salesforce" object and click on "Add Integration"

  5. You will then be redirected to your Salesforce tenant consent page, Click on "Allow"

  6. You will be then redirected back to the Reco platform.

Grant Failure Due to Login IP Range

The grant of access may fail if the Salesforce username has any Login IP Ranges configured in Salesforce. Log in to your Salesforce account and verify if the user profile associated with the username has Login IP Ranges configured. If configured, follow the procedure below to ensure the grant goes through successfully.

  • Log in to login.salesforce.com.

  • On the top right, click Setup > Setup.

  • On the left navigation pane, search for Connected Apps > Connected Apps OAuth Usage.

  • Beside the Reco Introspection for Salesforce app, click Install.

  • A new window opens. Click Install.

  1. On the Reco Introspection for Salesforce Connected app page, click Edit Policies.

  2. Under OAuth Policies, set IP Relaxation to Relax IP restrictions.

  3. Click Save.

What do we ingest exactly?

Permission

API / Object

Access Analytics REST API Charts Geodata resources

eclair_api

Access Analytics REST API resources

wave_api

Access Connect REST API resources

chatter_api

Access the identity URL service

id, profile, email, address, phone

Access unique user identifiers

OpenID

Manage user data via APIs

Perform ANSI SQL queries on Customer Data Platform data

cdp_query_api

Perform requests at any time

refresh_token, offline_access

Metadata

  1. Salesforce User Information

  2. Salesforce Roles

  3. Salesforce Accounts

  4. Salesforce Opportunities

  5. Salesforce Leads

  6. Salesforce Contacts

  7. Salesforce Permission Sets

  8. Salesforce Permission Set Assignments

  9. Salesforce Organizations

  10. Salesforce Groups

  11. Salesforce Group Members

  12. Salesforce Events

  13. Salesforce Event Log Files

  14. Salesforce Connected Applications

  15. Salesforce Documents

  16. Salesforce Attachments

  17. Salesforce Verification Histories

  18. Salesforce Blob Event Log Files

  19. Salesforce Cases

  20. Salesforce Tasks

  21. Salesforce API Events

  22. Salesforce Lightning URI Events

  23. Salesforce URI Events

  24. Salesforce Bulk API Events

  25. Salesforce Bulk Lightning URI Events

  26. Salesforce Bulk URI Events

  27. Salesforce Profiles

  28. Salesforce Login Events

  29. Salesforce Bulk Login Events

  30. Salesforce Login History

  31. Salesforce Bulk Login History

  32. Salesforce API Anomaly Event Store

  33. Salesforce Bulk API Result Event Store

  34. Salesforce Credential Stuffing Event Store

  35. Salesforce File Event Store

  36. Salesforce Identity Provider Event Store

  37. Salesforce Identity Verification Event

  38. Salesforce List View Events

  39. Salesforce Login As Events

  40. Salesforce Logout Events

  41. Salesforce Permission Set Event Store

  42. Salesforce Report Anomaly Event Store

  43. Salesforce Report Events

  44. Salesforce Session Hijacking Event Store

  45. Salesforce Content Distribution

  46. Salesforce Setup Audit Trail

  47. Salesforce Object Permissions

Did this answer your question?