Description
The Salesforce connector uses the Salesforce REST API to discover user accounts, permission sets, profiles, and role assignments within a Salesforce org. It authenticates using OAuth 2.0 and enumerates all active and inactive users along with their assigned Salesforce profiles and permission sets, providing visibility into CRM application access.
System Type Classification
| Field | Value |
|---|
| System Type | Application |
| Default Scan Priority | 500 |
Version Support
| OrbisID Edition | Supported |
|---|
| Community | No |
| Pro | Yes |
| Enterprise | Yes |
Supported Protocol
| Protocol | Port | Notes |
|---|
| REST API (HTTPS) | 443 TCP | OAuth 2.0 username-password or client credentials flow |
What OrbisID Discovers
| Data | Source |
|---|
| Users | GET /services/data/v57.0/query?q=SELECT+Id,Username...+FROM+User |
| Profiles | GET /services/data/v57.0/query?q=SELECT+Id,Name+FROM+Profile |
| Permission sets | GET /services/data/v57.0/query?q=SELECT+Id,Name+FROM+PermissionSet |
| Permission set assignments | PermissionSetAssignment object |
| User enabled state | IsActive field |
Connection Requirements
Required Permissions
Create a dedicated connected app and service account with read access to user and permission objects.
Minimum permissions:
- View All Users system permission
- View Setup and Configuration system permission
- API access enabled on the profile
Credential Mapping
| OrbisID Field | Value |
|---|
credential.username | Salesforce username (e.g., scanner@example.com) |
credential.password | Salesforce password + security token (concatenated) |
system.clientId | Connected app Consumer Key |
system.clientSecret | Connected app Consumer Secret |
Network Requirements
The OrbisID server must have HTTPS access to login.salesforce.com and {instance}.salesforce.com on port 443.
Configuration Steps
- Create a Connected App in Salesforce: Setup → App Manager → New Connected App
- Enable OAuth and add
Full access (full) or restricted scopes
- Create a dedicated integration user with View All Users and API access
- Create a Credential in OrbisID:
- Username: Salesforce integration username
- Password: Password concatenated with security token
- Navigate to Systems → Add System
- Fill in the fields:
| Field | Value |
|---|
| Name | Descriptive name (e.g., Salesforce – Production Org) |
| OS Type | Salesforce |
| System Type | Application |
| Client ID | Connected app Consumer Key |
| Client Secret | Connected app Consumer Secret |
| Credential | The integration user credential |
- Click Test Connection
- Click Save
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|
Authentication failed | Invalid credentials or security token | Append the security token to the password field |
INVALID_LOGIN | IP not trusted | Add the OrbisID server IP to the org's trusted IP ranges |
| No users returned | Missing View All Users permission | Enable the system permission on the integration profile |
API_DISABLED_FOR_ORG | API access not enabled | Enable API access in the Salesforce org and user profile |