Installer Guides
Page cover

Salesforce

Connecting Salesforce to LightBeam

Overview

LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data.

Example: Salesforce, Hubspot, ADP, Marketo, etc.

Connecting Salesforce Data Source

  1. Login to your LightBeam Instance.

  2. Click on DATASOURCES on the Top Navigation Bar.

  3. Click on “Add a data source”.

Figure 1. Add Data Source

  1. Search for “Salesforce”.

Figure 2. Type Salesforce in Search Box

  1. Click on Salesforce.

Figure 2.1 Salesforce

  1. Fill in the details as shown below and click on Next:

Basic Information

  • Data Source Name: This is the unique name given to the data source.

  • Description: This is an optional field needed to describe the use of this data source.

  • Primary Owner: An email address of who is responsible for this data source and in case of alerts this email ID will get alerts by default.

  • Entity Creation: LightBeam Spectra detects and associates attributes based on the context and identifies whose data it is; these are called as entities. Example: Jane Doe is an entity for whom LightBeam Spectra might have detected Name and SSN in a monitored data source.

  • Location: The location of the data source is indicated here.

  • Purpose: The purpose of why the data is being collected/processed.

  • Stage: The stage of the data source. Example: Source, Processing, Archival, etc.

Figure 3. LightBeam Salesforce - Basic Information

Datasource Configuration

  1. Provide the credentials as shown below (If the credentials belongs to a Salesforce sandbox account select the sandbox option) and click on Test Connection.

Figure 4. LightBeam Salesforce - Test Connection

  1. Verify that you get the message “Test Connection Success”.

Figure 5. LightBeam Salesforce - Connection Success

  1. Click on Save.

Now we are ready to browse through onboarded Salesforce datasource dashboard.

Note: To get the Salesforce data source details please check Appendix.

Appendix

Steps to Generate Salesforce Data Source Credentials

Success Tip: Salesforce editions vary in terms of API access. Enterprise Edition, Unlimited Edition, Developer Edition, and Performance Edition come with API access, which is essential for integrating LightBeam with Salesforce. However, Group Edition, Essentials Edition, and Professional Edition do not provide API access by default, although they can be purchased as an add-on for the Professional Edition. We recommend using an edition with built-in API access when creating a dedicated Salesforce Connected App specifically for integrating LightBeam with Salesforce.

  1. Log in to Salesforce as an Administrator. In the drop-down list of the account (in the upper-right corner), select Setup.

Fig.6. Salesforce - Setup

  1. In the left-hand pane, go to Apps > App Manager.

Fig.7. Salesforce - App Manager

  1. Click on New Connected App (in the upper right corner).

Fig.8. Salesforce - New Connected App

  1. On the New Connected App page, fill in the following required fields under

Basic Information: Connected App Name, API Name, Contact Email.

Fig.9. Salesforce - New Connected App - Basic Information

  1. Go to API (Enable OAuth Settings), and select Enable OAuth Settings.

In the Callback URL field, enter the redirect url value https://login.salesforce.com

Note: If the SSO is enabled and direct login to Salesforce is not available then use the SSO redirect URL of your organization.

Fig.10. Salesforce - API Config

In the Selected OAuth Scopes field, select each of the following options, and click on Add individually:

  • Access Connect REST API resources (chatter_api)

  • Manage user data via APIs (api)

  • Perform requests at any time (refresh_token, offline_access)

Fig.11. Salesforce - Selected OAuth Scopes

Success Tip for Streamlining API Access and Permissions for Salesforce Integration: To ensure a smooth and secure integration between LightBeam and Salesforce, you'll need specific API permissions. Ensure you have read access to all the fields in these Salesforce objects:

  • Account

  • Contact

  • Case

  • CaseFeed

  • EmailMessage

  • ContentDocument

  • ContentVersion

For the application to function optimally, the following app permissions are needed:

  1. Access Connect REST API resources (chatter_api)

  2. Manage user data via APIs (api)

  3. Perform requests at any time (refresh_token, offline_access)

If you're planning to use the redaction feature, also secure write access to the following:

  1. CaseFeed

  2. ContentVersion

  3. ContentDocument

Scroll down and tick the checkbox next to Enable Client Credentials Flow.

Fig.12. Salesforce - Enable Client Credentials Flow

This will open a pop-up as follows. Click on OK.

Fig.12.1 Salesforce - Enable Client Credentials Flow

  1. In the Connected Apps (Apps > App Manager) list, find the App that you just created, and then click Manage.

  2. On the Manage page, click the Edit button.

Fig.15 Salesforce - Connected Apps - Manage

  • Under OAuth policies, select All users may self-authorize in the Permitted Users list, and then click the Save button.

  1. Return to the Connected Apps (Apps > App Manager) list, find the App you just created, and click on View.

Fig.16 Salesforce - Consumer Details

  1. Obtain the authorization code by following these steps:

Unix/Linux/MacOS:

  1. Copy the Refresh Token Generation Script: Save the script to your local system.

https://github.com/lightbeamai/lb-installer/blob/master/salesforce/generate-salesforce-refresh-token.sh
Script to generate Salesforce refresh token

  1. Make the Script Executable: chmod +x generate-salesforce-refresh-token.sh

  2. Run the Script: Execute the script by running the following command in your terminalbash generate-salesforce-refresh-token.sh

  3. Provide Required Information:The script will prompt you for the following information: Instance URL, Consumer Key, Consumer Secret, and Redirect URL.

Retrieve the Refresh Token: The script will generate a Refresh Token. Please save this token as you will need it during the Lightbeam registration process.

Windows:

  1. Copy the Refresh Token Generation Script: Save the script to your local system.

https://github.com/lightbeamai/lb-installer/blob/master/salesforce/generate-salesforce-refresh-token-powershell.ps1
Script to generate Salesforce refresh token

  1. Run the Script: Right-click on the script and select "Run with PowerShell" from the context menu.

  2. Provide Required Information: The script will prompt you for the following information: Instance URL, Consumer Key, Consumer Secret, and Redirect URI.

  3. Retrieve the Refresh Token: The script will generate a Refresh Token. Please save this token as you will need it during the Lightbeam registration process.

For additional guidance or troubleshooting, you can refer to the documentation at https://github.com/lightbeamai/lb-installer/blob/master/salesforce/README.md.

  1. If you encounter an error that reads "REST API is not enabled for this Organization", follow these steps:

  • Click on Setup in the top right corner.

  • Go to ADMINISTRATION > Manage Users and click on Profiles.

  • Click Edit on the specific profile you want to update.

  • Scroll down to Administrative Permissions and check the API Enabled checkbox.

  • Save your changes.

With these steps completed, you will have all the required configuration parameters like Consumer Key, Consumer Secret, Access Token, and Refresh Token to onboard the Salesforce data source to LightBeam.

Success Tip: We recommend creating a dedicated Salesforce Connected App specifically for integrating LightBeam with Salesforce. This application should be exclusively used for this purpose and not shared or repurposed for any other clients or applications. By doing so, you ensure secure and efficient access control, as well as maintain proper management of the LightBeam-Salesforce connection

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.

For any questions or suggestions, please get in touch with us at: [email protected].

PreviousHubspotNextAutomated Data Processing (ADP)

Last updated