Connected app

We have introduced a new solution architecture and a new application type called Connected App to WithSecure Cloud Protection for Salesforce to bolster current scanning capabilities. New architecture brings more effective protection for your business-critical Salesforce platform today and empowers us to deliver more advanced protection capabilities in the future. In this article we explain the benefits of and logic behind connected app. 

WithSecure Cloud Protection for Salesforce is a natively integrated solution. The simple and non-disruptive app protects your Salesforce cloud against advanced cyber threats in real time.

Due to structural limits in Salesforce platform, WithSecure Cloud Protection for Salesforce has limitations when it comes to processing large amounts of data. To overcome this, we have introduced a new solution architecture called connected app. A connected app is an application type that allows external systems to securely access and interact with data and functionalities within the Salesforce platform by leveraging APIs. WithSecure Cloud Protection connected app operates the same way as any other connected app in Salesforce. It uses Salesforce REST APIs to retrieve files and return threat analysis results. 

Salesforce uses secure standard protocols such as OAuth or OpenID to authenticate and authorize the app and grant it access to a customer's data. 

Once the necessary authentication is successful and the Salesforce admin grants explicit consent to the connected app, it is given a time-limited token to access data on behalf of the user who granted access. This token is automatically refreshed and included in every Salesforce API. The connected app uses Salesforce SOAP or REST API to read or update data remotely.   

The access and operations with data within the Salesforce platform can be limited with permissions and sharing rules set by the admin. If necessary, the admin can revoke access for the connected app at any point. When access is revoked, any tokens used by the connected app become invalid, and the app will not be able to retrieve any data anymore. 

If your unique Salesforce environment is used to upload and store large files, we highly recommend you enable and set up connected app on your WithSecure Cloud Protection for Salesforce. It will also ensure you get the maximum value out of your security investments and enable you to adopt new and more advanced capabilities in the future.  

Key benefits now: 

• Bolstered file scanning for very large files 
• Enhanced overall performance 
• More responsive threat analysis 

Key benefits in the future: 

• Faster new feature development 
• Development of more advanced security capabilities for your Salesforce

We have introduced a new solution architecture and a new application type called Connected App to WithSecure Cloud Protection for Salesforce to bolster current scanning capabilities.  

New architecture brings more effective protection for your business-critical Salesforce platform today and empowers us to deliver more advanced protection capabilities in the future.  

In this article we provide you clear guidance how to connect WithSecure Cloud Protection for Salesforce with your Salesforce org.  

Watch the tutorial video or read on.

Before enabling WithSecure Cloud Protection connected app, you need to set up the user account and assign the required permissions.  

You can accomplish this through following simple steps: 

• Create a dedicated integration user. 
• Create WithSecure Cloud Protection Connected App permission set with the required permissions. 
• Assign WithSecure Cloud Protection Admin and WithSecure Cloud Protection Connected App permission sets to the integration user. 

WithSecure Cloud Protection connected accesses your Salesforce org under the user who enables it. We highly recommend you create a dedicated user account for the connected app and assign only required permissions.  

It’s important to note that an integration account needs different access levels to Salesforce data and functionalities than what regular users do. Creating a separate account for integration purposes enables better tracking and access control to Salesforce data. For example, if an issue arises with the integration, it is easier to trace the problem to the specific integration account, rather than trying to identify which regular user account may be causing the issue.  

If you use a regular user account for integration, and that user leaves the organization, the integration will no longer work. Having a separate account, that is not tied to a specific user, ensures continuity even if your users change. 

The integration account should be properly secured, with a strong and unique password, and it should be regularly monitored for any suspicious activity. 

Follow the steps below to create a new integration user for WithSecure Cloud Protection connected app. 

• Open Salesforce Setup. 
• Navigate to Administration > Users > Users. 
• Click New User to create a new user. 
• Enter the Last Name, Alias, Email, Username, and other details for a new user account as appropriate. For User License select Salesforce, and for Profile select Standard User. 

• Click Save.
• The new user is created and an email message is sent to the email address specified in Email. 
• Complete user account creation by setting up the login password and logging under the newly created user.

Follow the steps below to create a new permission set with the required permissions.

• Open Salesforce Setup.
• Navigate to Administration > Users> Permission Sets.
• Click New to create a new permission set.
• Enter the Label and API name for the new permission set. For example, the label can be "WithSecure Cloud Protection Connected App" with auto-generated API name: WithSecure_Cloud_Protection_Connected_App

• Click Save.
• On the page with the newly created permission set, find and click System Permissions.
• On the page with System Permissions, click Edit.

• In System section, find and enable API Enabled and View All Data checkboxes.

• Click Save.
• Click Save in Permission Changes Confirmation dialog to enable additional system and object permissions.

• The new permission set is now created.

• Follow the steps below to assign the permissions sets to the user under which WithSecure Cloud Protection app will access your Salesforce org.
• Open Salesforce Setup.
• Navigate to Administration > Users > Users.
• Find and open the user created or intended to be used for WithSecure Cloud Protection connected app.
• Click Permission Set Assignments and then Edit Assignments.
• On the list of Available Permission Sets, select WithSecure Cloud Protection Admin and the permission set created earlier (WithSecure Cloud Protection Connected App).

• Login to Salesforce under the user that is created or intended to be used for WithSecureÔ Cloud Protection for Salesforce connected app.
• Open WithSecure's Cloud Protection app.
• Navigate to Administration > Tools.
• Click Connect under Manage connected app.

• Click Connect when Connect WithSecure™ Cloud Protection is shown.

• When Allow Access dialog is shown, please verify the requested permissions and click Allow.

• WithSecure Cloud Protection for Salesforce will shortly connect to your Salesforce org. You can click Close window.

• Once the connection is successfully established, the status will be reflected on the Tools page. Your admin user can always see the status of the connection on the Tools page.

• The informational alert will be created, and you can find it under Analytics > Alerts. The app keeps a track of who connects or disconnects the backend and when.

• All set!