Skip to main content

Who is this article for?

Incydr Professional, Enterprise, Horizon, and Gov F2
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Configure Salesforce for the Code42 data connection

Overview

You need to configure your Salesforce environment before you can authorize the Code42 data connection to it. This confirms that you have completed the following in Salesforce in preparation for the data connection:

This article shows you how.

Considerations

Code42 connects to your environment using a service account that requires one of your Salesforce user licenses. To free up a Salesforce license, you may need to reassign a user to a profile that uses a different license, or contact Salesforce to increase your license count.

Before you begin

Verify you have the required Salesforce edition and add-on subscriptions.

Code42 monitoring requires the Salesforce Shield or Salesforce Event Monitoring add-on subscriptions
You must have either the Salesforce Shield or Salesforce Event Monitoring add-on subscriptions to use the Code42 Salesforce data connection. Only these subscriptions include the View Real-time Event Monitoring Data permission required to collect information about reports downloaded from your Salesforce environment.

Enable the streaming of events in Salesforce

Code42 monitoring requires that streaming for events is enabled
In order for Code42 to be able to monitor report downloads from your business data, streaming of the following events must be enabled for your organization in the Salesforce Event Manager:
  • Login Event
  • Logout Event
  • Report Event

If streaming of these events is not enabled, Code42 cannot collect data and no file events are displayed in Forensic Search. If streaming of any of these events is disabled, the Code42 connection enters the Error status and monitoring stops. Enable streaming for these events in your Salesforce environment to resolve the error and return the connection to the Monitoring status.

  1. Log into Salesforce using your administrator account.
  2. If needed, navigate to Setup.
    • In Lightning Experience: Click the Setup icon in the upper-right corner of the screen, then select Setup from the menu that appears.
    • In Salesforce Classic: Click Setup in the upper-right corner of the screen.
    Salesforce "remembers" what you were last working on when you log out. If you were last working in Setup, you may not need to navigate there again.
  3. Navigate to Event Manager.
    • In Lightning Experience: Under Platform Tools, go to Events > Event Manager.
    • In Salesforce Classic: Under Build in the left navigation pane, go to Develop > Events > Event Manager.
  4. Locate the Login Event, Logout Event, and Report Event entries in the Events list.
    • If a check mark appears in the Streaming Data column for the entry, it's already enabled for the organization.
    • If no check mark appears, click the arrow on the right side of the screen and select Enable Streaming.
      Salesforce adds a check mark to the entry to indicate that streaming is enabled for that event for your organization.

Set up a Code42 service account in Salesforce

Set up a service or integration account in Salesforce that you'll use to connect Code42 to your Salesforce environment. Having a dedicated service account has several advantages:

  • Because it's not tied to a specific user, there are no disruptions to your business workflows as users leave and join your company.
  • In Salesforce, you can apply permissions to service accounts so that they can log in only using API calls (and not through the user interface) to secure your environment.
  • You can more easily identify activity generated by a service account compared to activity generated by your employee users.

To set up a service account in Salesforce:

  1. If you use the Enhanced Profile user interface in Salesforce, temporarily disable it.
  2. Create a custom profile that contains the permissions required for Code42 to access your Salesforce data.
  3. Create a new Code42 user in Salesforce and assign it that new profile.

Temporarily disable the Enhanced Profile user interface

Salesforce's Enhanced Profile user interface helps streamline your experience, but also dramatically changes how you interact with Salesforce profiles and settings. These changes can lock user profiles, which makes creating a custom profile and a new service user for Code42 according to the steps below difficult or even impossible.

If you use it, disable the Enhanced Profile user interface in Salesforce before creating a custom profile and Code42 user. You can re-enable it after completing these steps.

Create a custom profile

  1. Log into Salesforce using your administrator account.
  2. If needed, navigate to Setup.
    • In Lightning Experience: Click the Setup icon in the upper-right corner of the screen, then select Setup from the menu that appears.
    • In Salesforce Classic: Click Setup in the upper-right corner of the screen.
    Salesforce "remembers" what you were last working on when you log out. If you were last working in Setup, you may not need to navigate there again.
  3. Navigate to Profiles.
    • In Lightning Experience: Under Administration in the left navigation pane, select Users > Profiles.
    • In Salesforce Classic: Under Administer in the left navigation pane, go to Manage Users > Profiles.
      Alternately, use the Quick Find search to search for "Profiles," then click the Profiles link.
  4. Clone an existing profile to create a new one with the permissions Code42 requires. Locate a profile in the list that uses the Salesforce user license and click Clone in the Action column.
    The Code42 service account's profile requires a Salesforce user license
    You must select an existing profile that uses the Salesforce user license. Other licenses do not include the permissions that Code42 needs to monitor reports generated in your Salesforce environment. In these steps, we cloned the existing Read Only profile. If you have already set up a custom profile for service accounts, you can also edit that profile to add the required permissions.
  5. When the Clone Profile screen opens, name the new profile and click Save.
    Use a descriptive name for the new profile, such as "Code42 API service profile."
  6. After the new profile is created, click Edit.
  7. Under Tab Settings, select Tab Hidden for every tab.
  8. Under Administrative Permissions, select only these options:
    The Chatter Internal User, Lightning Console User, and View Help Link options are selected by default and cannot be updated.
    • API Enabled
    • Chatter Internal User
    • Customize Application
    • Lightning Console User
    • Lightning Experience User
      Select this only if you anticipate a need to log into Salesforce with the Code42 user account to complete any administrative tasks using Salesforce's Lightning Experience interface. This permission isn't required for the Code42 service account's profile or any Code42 monitoring.
    • Manage All Private Reports and Dashboards
    • Manage Custom Permissions
    • Modify Metadata Through Metadata API Functions
    • View Help Link
    • View Roles and Role Hierarchy
    • View Setup and Configuration
    For more information on why the Code42 profile requires these permissions, see Permissions the Code42 Salesforce service account user requires.
  9. Under General User Permissions, select only these options:
    The Access Activities and Allow View Knowledge options are selected by default and cannot be updated.
    • Access Activities
    • Allow View Knowledge
    • Run Reports
    • View Real-Time Event Monitoring Data
      Code42 monitoring requires the Salesforce Shield or Salesforce Event Monitoring add-on subscriptions
      You must have either the Salesforce Shield or Salesforce Event Monitoring add-on subscriptions to use the Code42 Salesforce data connection. Only these subscriptions include the View Real-time Event Monitoring Data permission required to collect information about reports downloaded from your Salesforce environment.
    For more information on why the Code42 profile requires these permissions, see Permissions the Code42 Salesforce service account user requires.
  10. Under Desktop Integration Clients, from the Offline list, select Off (access denied).
  11. Under Password Policies, from the User passwords expire in list, select Never expires.
    Expired passwords disable Code42 monitoring
    To avoid disruption, consider setting up the profile so that the Code42 service account's password never expires. When the password for the Code42 account expires, Code42's connection cannot be authenticated and Code42's monitoring of your Salesforce environment stops until a new password is selected. 

    If the password expires, the Code42 connection enters an error status and a message is displayed in the Code42 connection's details. Reset the password in your Salesforce environment to resolve the error and return the connection to the Monitoring status.
  12. Click Save.

Create a Code42 user with the custom profile

  1. In Setup, navigate to Users.
    • In Lightning Experience: Under Administration, go to Users > Users.
    • In Salesforce Classic: Under Administer, go to Manage Users > Users.
  2. Click New User.
  3. Enter the required information about the user.
    • Use the First Name, Last Name, Alias, and Nickname fields to identify the user as the Code42 service account.
    • Enter a unique email address for this service account user in the Email field. You'll use this email address to authorize Code42's connection to your Salesforce environment and for automated notifications.
  4. From the User License list, select Salesforce.
    If Salesforce is not listed, this means that all of your available Salesforce licenses are currently in use. You can either reassign one of these users to a different license or contact Salesforce to increase your license count.
  5. Select the new custom profile from the Profile list to assign it to the new user.
  6. Click Save.
    When you authorize Code42 to connect to Salesforce, you'll enter this service account's credentials.
  • Was this article helpful?