This section describes how to provision Salesforce. "Provisioning" means both creating a service account and the process by which Cloud App Security is granted the ability to access your Salesforce environment.
Cloud App Security provisions the service account for Salesforce through the OAuth 2.0 flow.
Cloud App Security allows only administrators assigned to the default Global administrator role to provision service accounts. For details about Cloud App Security role-based access control, see Administrator and Role.
Provision a service account for Salesforce Sandbox or Salesforce Production to allow Cloud App Security to run advanced threat protection and data loss prevention scanning on object records, for example, documents and feed posts, updated in your Salesforce environment.
Before you begin provisioning, make sure that:
You have a valid Cloud App Security for Salesforce license.
You have purchased the Salesforce environment with a license that supports RESTful APIs.
You have the administrator's credentials for your Salesforce environment.
You have not logged on to your Salesforce environment using any other user account.
The steps outlined below detail how to provision a service account for Salesforce from Dashboard. This procedure uses Salesforce Sandbox as an example.
The Provision Service Account for Salesforce Sandbox screen appears.
The Salesforce Sandbox logon screen appears.
Skip this and the next step if you have already installed the TrendMicro Cloud App Security app.
You can also go to AppExchange, search for TrendMicro Cloud App Security, and click Install to install the application before provisioning.
The Salesforce authorization screen appears.
Cloud App Security then retrieves your Salesforce Sandbox object metadata and profile information. The time required depends on how many object records and profiles you have in Salesforce Sandbox.
Cloud App Security also adds Apex triggers to your objects. The TrendMicro Cloud App Security app uses these triggers to monitor changes to an object record and sends them to Cloud App Security upon detection. It then takes actions as instructed (through the RESTful API implemented in the app) by Cloud App Security based on the configured policies.
Cloud App Security creates several custom objects in your Salesforce Sandbox environment to store data, for example, quarantined contents, which are accessible only to the Salesforce administrator.
The TrendMicro Cloud App Security app stores quarantined contents within it before they are restored to their original locations.
If the message "Salesforce Sandbox protected." appears on the Notifications screen, the provisioning is successful.