DigitSec recommends that organizations use an Admin level account to connect DigitSec to their Salesforce. By default, it has the requisite permissions to begin scanning right away.
This page seeks to provide more context for users that are interested in learning more about the permissions that we require. You can also rely on this information to set up an integration account rather than relying on a specific user's account.
Enable API
In order for DigitSec to connect to Salesforce and being scanning your custom code and config, the connecting account or profile will need the API enabled in Settings.
Modify-All Data
The Modify All permission is required for the user account that connects from DigitSec to Salesforce. While DigitSec does not WRITE any data to Salesforce, our access to the MetaData API for the purposes of scanning your custom code and configuration settings require Modify All.
Download App Exchange Packages
If you wish to enable Third Party package scanning, we will also require that your connecting user has the Download AppExchange Package permissions enabled. This will allow DigitSec to access the Tooling API and run a SOQL query to find your installed packages.
Installing Using a Connected App
Configurations on Salesforce
- Install a new connected app.
- Go to Setup > App Manager
- Click on New Connected App as follows:
- Configure the app as follows:
- Please make sure to add the IP addresses indicated above for the Refresh Token IP Allowlist. If your region is not North America, please review our Egress IP List to verify the correct IP addresses to use.
- Please make sure to activate the correct checkboxes as indicated above and press Save.
- Once Save is clicked, the screen that appears shows a buttom named Manage Consumer Details as follows:
Click this button to copy your consumer key.
It usually takes 10 minutes for these settings to go into effect.
When a Salesforce Sandbox Org is refreshed, it creates a new Consumer Key value. Use that new Consumer Key value with your existing DigitSec workspace by using the Edit dialog available from the Workspace Title Card’s 3-dot menu on the Workspaces Dashboard.
Configuration on DigitSec
Click on Add Workspace > Salesforce
Add Name
Select "Salesforce Custom Login & Connected App" from the "Salesforce Login URL" dropdown
Enter the URL for the org where the connected app was created (It should be in the format we shared earlier) > Add the Consumer Key copied in step 1.
Click Save
Login to the org, if you get redirected to s4.digitsec.com then the connection has been established. Login again to DigitSec and now you can run scans.