Views:
This section describes how to grant Cloud App Security access to Salesforce. During the access grant, a service account is created for Cloud App Security to access your Salesforce environment.
Cloud App Security accesses Salesforce through the OAuth 2.0 flow.
Note
Note
Cloud App Security allows only administrators assigned to the default Global administrator role to grant access. For details about Cloud App Security role-based access control, see Administrator and role.
Related information

Granting access to Salesforce

Grant Cloud App Security access to Salesforce Sandbox or Salesforce Production to allow Cloud App Security to run advanced threat protection and data loss prevention scanning on object records, for example, documents and feed posts, updated in your Salesforce environment.
Before you begin granting access, make sure that:
  • You have a valid Cloud App Security for Salesforce license.
  • You have purchased the Salesforce environment with a license that supports RESTful APIs.
  • You have the administrator's credentials for your Salesforce environment.
  • You have not logged on to your Salesforce environment using any other user account.
The steps outlined below detail how to grant access to Salesforce from Dashboard. This procedure uses Salesforce Sandbox as an example.

Procedure

  1. Go to DashboardService Status.
  2. Click Grant Access in the Action column for Salesforce Sandbox.
    The Grant Access to Salesforce Sandbox screen appears.
  3. Click Click here.
    The Salesforce Sandbox logon screen appears.
    Note
    Note
    Skip this and the next step if you have already installed the TrendMicro Cloud App Security app.
  4. Specify your Salesforce Sandbox administrator credentials, click Log In to Sandbox, and install TrendMicro Cloud App Security.
    You can also go to AppExchange, search for TrendMicro Cloud App Security, and click Install to install the application before granting access.
  5. Select the policy to enable automatically when the access grant is complete.
  6. Click Grant Permission.
  7. Specify your Salesforce Sandbox administrator credentials if the logon screen appears, and then click Log In.
    The Salesforce authorization screen appears.
  8. Click Allow.
  9. Go back to the Cloud App Security management console as instructed and click Done.
    Cloud App Security then retrieves your Salesforce Sandbox object metadata and profile information. The time required depends on how many object records and profiles you have in Salesforce Sandbox.
    Cloud App Security also adds Apex triggers to your objects. The TrendMicro Cloud App Security app uses these triggers to monitor changes to an object record and sends them to Cloud App Security upon detection. It then takes actions as instructed (through the RESTful API implemented in the app) by Cloud App Security based on the configured policies.
    Cloud App Security creates several custom objects in your Salesforce Sandbox environment to store data, for example, quarantined contents, which are accessible only to the Salesforce administrator.
    Note
    Note
    The TrendMicro Cloud App Security app stores quarantined contents within it before they are restored to their original locations.
  10. Hover over the notification icon in the upper-right corner of the management console.
    If the message "Salesforce Sandbox protected." appears on the Notifications screen, the access grant is successful.