Configure Salesforce for the Code42 data connection

Temporarily disable the Enhanced Profile user interface

Salesforce's Enhanced Profile user interface helps streamline your experience, but also dramatically changes how you interact with Salesforce profiles and settings. These changes can lock user profiles, which makes creating a custom profile and a new service user for Code42 according to the steps below difficult or even impossible.

If you use it, disable the Enhanced Profile user interface in Salesforce before creating a custom profile and Code42 user. You can re-enable it after completing these steps.

Create a custom profile

1. Log into Salesforce using your administrator account.
2. If needed, navigate to Setup.
   • In Lightning Experience: Click the Setup icon in the upper-right corner of the screen, then select Setup from the menu that appears.
   • In Salesforce Classic: Click Setup in the upper-right corner of the screen.
   Salesforce "remembers" what you were last working on when you log out. If you were last working in Setup, you may not need to navigate there again.
3. Navigate to Profiles.
   • In Lightning Experience: Under Administration in the left navigation pane, select Users > Profiles.
   • In Salesforce Classic: Under Administer in the left navigation pane, go to Manage Users > Profiles.
     Alternately, use the Quick Find search to search for "Profiles," then click the Profiles link.
4. Clone an existing profile to create a new one with the permissions Code42 requires. Locate a profile in the list that uses the Salesforce user license and click Clone in the Action column.
   The Code42 service account's profile requires a Salesforce user license
   You must select an existing profile that uses the Salesforce user license. Other licenses do not include the permissions that Code42 needs to monitor reports generated in your Salesforce environment. In these steps, we cloned the existing Read Only profile. If you have already set up a custom profile for service accounts, you can also edit that profile to add the required permissions.
5. When the Clone Profile screen opens, name the new profile and click Save.
   Use a descriptive name for the new profile, such as "Code42 API service profile."
6. After the new profile is created, click Edit.
7. Under Tab Settings, select Tab Hidden for every tab.
8. Under Administrative Permissions, select only these options:
   The Chatter Internal User, Lightning Console User, and View Help Link options are selected by default and cannot be updated.
   • API Enabled
   • Chatter Internal User
   • Customize Application
   • Lightning Console User
   • Lightning Experience User
     Select this only if you anticipate a need to log into Salesforce with the Code42 user account to complete any administrative tasks using Salesforce's Lightning Experience interface. This permission isn't required for the Code42 service account's profile or any Code42 monitoring.
   • Manage All Private Reports and Dashboards
   • Manage Custom Permissions
   • Modify Metadata Through Metadata API Functions
   • View Help Link
   • View Roles and Role Hierarchy
   • View Setup and Configuration
   For more information on why the Code42 profile requires these permissions, see Permissions the Code42 Salesforce service account user requires.
9. Under General User Permissions, select only these options:
   The Access Activities and Allow View Knowledge options are selected by default and cannot be updated.
   • Access Activities
   • Allow View Knowledge
   • Run Reports
   • View Real-Time Event Monitoring Data
     Code42 monitoring requires the Salesforce Shield or Salesforce Event Monitoring add-on subscriptions
     You must have either the Salesforce Shield or Salesforce Event Monitoring add-on subscriptions to use the Code42 Salesforce data connection. Only these subscriptions include the View Real-time Event Monitoring Data permission required to collect information about reports downloaded from your Salesforce environment.
   For more information on why the Code42 profile requires these permissions, see Permissions the Code42 Salesforce service account user requires.
10. Under Password Policies, from the User passwords expire in list, select Never expires.
    Expired passwords disable Code42 monitoring
    To avoid disruption, consider setting up the profile so that the Code42 service account's password never expires. When the password for the Code42 account expires, Code42's connection cannot be authenticated and Code42's monitoring of your Salesforce environment stops until a new password is selected. 
    
    If the password expires, the Code42 connection enters an error status and a message is displayed in the Code42 connection's details. Reset the password in your Salesforce environment to resolve the error and return the connection to the Monitoring status.
11. Click Save.

Create a Code42 user with the custom profile

1. In Setup, navigate to Users.
   • In Lightning Experience: Under Administration, go to Users > Users.
   • In Salesforce Classic: Under Administer, go to Manage Users > Users.
2. Click New User.
3. Enter the required information about the user.
   • Use the First Name, Last Name, Alias, and Nickname fields to identify the user as the Code42 service account.
   • Enter a unique email address for this service account user in the Email field. You'll use this email address to authorize Code42's connection to your Salesforce environment and for automated notifications.
4. From the User License list, select Salesforce.
   If Salesforce is not listed, this means that all of your available Salesforce licenses are currently in use. You can either reassign one of these users to a different license or contact Salesforce to increase your license count.
5. Select the new custom profile from the Profile list to assign it to the new user.
6. Click Save.
   When you authorize Code42 to connect to Salesforce, you'll enter this service account's credentials.