Salesforce
Salesforce connections to the CipherTrust Manager can be configured using the following:
Managing Salesforce Connections using GUI
Username - username to access the Salesforce server.
Client ID - application ID of the Salesforce application. It can be used either with Client Secret or Certificate to authenticate the application.
Note
The Salesforce Connection Manager does not allow using one client id for multiple connections for certificate based authentication. This limitation exists because the Salesforce server allows only one certificate for a client id at any given time.
However, if client credential based authentication is used, multiple connections are allowed with one client id.Cloud Name - the name of the Salesforce cloud to connect to. Currently, only the following options are available:
Salesforce Sandbox Cloud
Salesforce Cloud
Authentication - you can use either Client Secret or Certificate for authentication purpose.
Client Secret – this authentication method uses the account password and the Client Secret for the given Client ID to enable the communication between Salesforce and the CipherTrust Manager.
Certificate - this authentication method is used to enable password-less communication between Salesforce and the CipherTrust Manager. To do so:
Select the Certificate radio button and click the Generate and Download button.
Upload the downloaded certificate on Salesforce for the provided Client ID.
Once the upload is done, verify the Certificate Subject on the CipherTrust Manager and Salesforce, and both the Certificate Subjects must match.
Specify Certificate Duration in Days.
Note
The default certificate duration is 730 days (2 years).
Click Next to move to the next step.
Note
Currently, the only product supported for Salesforce connection is Cloud Key Manager.
Managing Salesforce Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete an Salesforce connection
List all Salesforce connections
Test an existing Salesforce connection
Test parameters for a Salesforce connection
Creating a Salesforce Connection
The Salesforce connection can be created using:
Internal certificate
External certificate
Creating an Salesforce Connection using internal certificate
To create a Salesforce connection using internally generated self-signed certificate, run:
Syntax
ksctl connectionmgmt salesforce create --name <Connection-Name> --products <Products-Names> --clientid <Salesforce-Key-ID> --username <Salesforce-Client-Secret> --cloudname <Salesforce-Cloud-Name> --use-certificate <yes/y> --certificate-duration <Certificate-Duration>
Example Request
ksctl connectionmgmt salesforce create --name "salesforce-3" --products "cckm" --cloudname "Salesforce Sandbox Cloud" --clientid 123456 --username "xyz@gmail.com" --use-certificate yes --certificate-duration 730
Example Response
{
"id": "93734270-78e0-4a80-b545-dd87d536e1d3",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce-3-93734270-78e0-4a80-b545-dd87d536e1d3",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-05-13T07:04:14.160133827Z",
"updatedAt": "2022-05-13T07:04:14.158769531Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-3",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud",
"client_id": "123456",
"username": "xyz@gmail.com",
"certificate": "-----BEGIN CERTIFICATE-----\nMIIFvTCCA6WgAwIBAgIQT3N0S1zNYmmO8lrBpKh9FzANBgkqhkiG9w0BAQsFADB/\nMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2Fu\nIEpvc2UxDzANBgNVBAoTBlRoYWxlczEUMBIGA1UECxMLQ2lwaGVyVHJ1c3QxITAf\nBgNVBAMTGGNja20udGhhbGVzZXNlY3VyaXR5LmNvbTAeFw0yMjA1MTMwNzA0MTRa\nFw0yNDA1MTIwNzA0MTRaMH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y\nbmlhMREwDwYDVQQHEwhTYW4gSm9zZTEPMA0GA1UEChMGVGhhbGVzMRQwEgYDVQQL\nEwtDaXBoZXJUcnVzdDEhMB8GA1UEAxMYY2NrbS50aGFsZXNlc2VjdXJpdHkuY29t\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArceaWBh8OpA+6IEI0InP\nJpcxGH62xpWbQ/IRX7mYRZ2o78jEcp4JSVRyv4M471vD+x3McUrNQv1upxVvSPEw\nWD8XYIllKh9jgitJ4KihEUAmVSzaZUhknj/enozcj+6VPaPmlg99HtcZNuktsE9F\ndnl9iniRcthHg3LeIy6N80RwsYY8V+d3dRlZYxuWfeRaJOa2IQfP0+sgExqkKcgZ\nbXD5Vs2+fkmx8DISUZ9wHhcZPpguDuH9Ww/WYqJolUhRpQE0BilG4bD0uQ1m1T+T\nWnwIHvy4IKYlIrJybMEr05yfvWaQz5oNNZVxbtxcMbDg2CktlaS/71tr9IfC5e6+\nxIJbUV84nEqIvJ83IfaCfG5ZgMCdALudv0eTrhxOc5XDVmGWUsTU0oVYUm5sE0Wj\nYJEtPn5j56umI+GkufBXtMq29+ufNcxVkWExW1i8ypYIfnbDprt4ioSEFNFWMFq3\nZf1lFpT/SvN2pzUQtXcXIunCEWjKi/hs019Zh98olPG7JAfiM7xRBFQohpcTEXQE\nl+Sa7PhR5LB39WXiPtxZ/TudFaeWOeVOhr1Mxy/BZYSYdm933jy1WDI8Tvzjnwxd\nI3am/U7Yl7Xl6xSInmoM/MUCC4VDBOPqua9cgJFWH6GE15tbOxgBXDhmYqDaOTIM\nuVm4ugHxvb833QhxlhVf10MCAwEAAaM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud\nJQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB\nAIGXc8mf66zUaQWjeTkltdCdz2Wbo5CHqfRs2SQIOBON5sS6gKYz3HWzwM4op3JI\nvciW6ueiFe+vLV1CRn6uF1kvDKxMzIB1dGFIl2aRWjvyhyrrcLUzK9qGe7giloru\noPoPdx7pGmpSERkVJWFEVIWd0KCBWtpwt0Z5BukcrHdu9y/LVbJ6JaQ1KV3BwQwF\nfW3jzIJzNQ7ffO/WyW0kLFstBjr38wBZWcxGDa9nopbaVdGAhXlsQTuehvHjHdlc\nDmVhR61kGhtsGojM4RzooRCpn5hoXLahVRQCcB38+VYjnbEvAM9VpOfdQbxbw9Nt\nNJfWX371ya9DKnDmDS7cDlHkB4dvx+wSVK/3jxKakwETO5lEib31v/lsF5lGGuKy\n5QfUrouwlFmAlIdf8fanBqfdIK3nzowvdvAp7OTjuXO2eHKly321ScuLYVsh+eMx\niArdzP3McH4buvPoP/PGXUFTpcrz7rynmUCD5chpkAmVGrkjmgY1QWAgeoAEnhva\nhmhkqsY2xsEQhYo873gbb9CP+8yJOLgAGUJVRC+e6FVm40Svm7e9ffkaekBAyWRq\nlPPqzrPzxlKIlAW8uEaeFcg+3N94oXqI3UDJ7nq29Op1I9IcyzkiigNSZ7lboDGV\n1TO/xYlVRyMxZyhI3R4a/WyWtvCcCXcnnhe3Z7iVSyBa\n-----END CERTIFICATE-----\n",
"certificate_subject": "CN=cckm.thalesesecurity.com,OU=CipherTrust,O=Thales,L=San Jose,ST=California,C=US"
}
Creating an Salesforce Connection using external certificate
Note
The external certificate cannot be used with use_certificate
and client_secret
parameters.
To create an Salesforce connection using external certificate generated from custom CSR signed by any internal or external CA:
Generate a new Certificate Signing Request (CSR). The Salesforce connections support RSA 1024, 2048, and 4096 bit keys for creating CSRs.
Syntax
ksctl connectionmgmt connections csr --cn <common-name> --csr-outfile <filename>
Example
ksctl connectionmgmt connections csr --cn "test" --csr-outfile "Salesforce.pem"
Response
{ "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIHJMHECAQAwDzENMAsGA1UEAxMEdGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABAjn2IrYo9SuscMXGwz0oEDcYCpb2U9F15BF3Y9myZQk40cNMjZ8XMwYYLOR\nyDOMyg8N0XTGy3kg5wqnnSm5namgADAKBggqhkjOPQQDAgNIADBFAiBa7LjFF2D9\niPKhU89pjndsgG9cx2M9JSC6ZzWol5Py0QIhAJUHgBeYKttzcpo87Ej3eQHRb8MT\nJRVOqvM3mdbA/ToQ\n-----END CERTIFICATE REQUEST-----\n" }
This CSR can only be used for one connection in the native domain. Also, this CSR can't be reused in other domains.
Sign the CSR with any local or external CA. It will generate an external certificate.
Upload the generated certificate to the Salesforce portal.
Create the Salesforce connection using the external certificate generated above.
Example
ksctl connectionmgmt salesforce create --json-file certificatesalesforcecreation.json --name "testsalesforce"
Response
{ "id": "b1b23132-507e-4807-aef9-9af2a6c5c2fe", "uri": "kylo:kylo:connectionmgmt:connections:testsalesforce-b1b23132-507e-4807-aef9-9af2a6c5c2fe", "account": "kylo:kylo:admin:accounts:kylo", "createdAt": "2022-08-23T07:18:33.757838337Z", "updatedAt": "2022-08-23T07:18:33.756451354Z", "service": "salesforce", "category": "cloud", "last_connection_ok": null, "last_connection_at": "0001-01-01T00:00:00Z", "name": "testsalesforce", "products": [ "cckm" ], "cloud_name": "Salesforce Sandbox Cloud", "client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12", "username": "xyz@abc.com", "certificate": "-----BEGIN CERTIFICATE-----\nMIIFUjCCAzqgAwIBAgIQKPONHN6+j5mJCtT+MeR+BDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcTBkF1c3RpbjEPMA0G\nA1UEChMGVGhhbGVzMRwwGgYDVQQDExNDaXBoZXJUcnVzdCBSb290IENBMB4XDTIy\nMDgyMjA3MTUyM1oXDTIzMDgyMzA3MTUyM1owZDELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRUwEwYDVQQKEwxUaGFsZXMgR3JvdXAx\nDDAKBgNVBAsTA1JuRDERMA8GA1UEAxMIa3lsby5jb20wggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDZ5ZbOf1PDufiAhUj0pHxTGKyQ+lG2bm2/CLzMgaZD\nVvWsBipyhA8NgZbYLQd26Dz+7xlKJyzXdUjiVtPkMrwoF5G9gOoaCV98rHrqAut7\nJiyaSW8XiXHpvqm6Gz6tb9OtTSgtiGbnnpQnUytSYr0IAjDBaS/zNs6Sy+q+E+Ov\n88YutwsF7BTrRB82bC+2LtmU0qfbonELEU/5TMwXmsfN4a+ELjoZcYem+tJ+hojm\nnr343Icp32o3l7w/CAslrbLe98fuCIIxef3L3TPe8tSYI2MRmSVCfnA3kdYVvif7\n6Fda6hSPhrIt03a0AgyENMrOEv3/6LLMq4ANDY9BTYubAgMBAAGjggEIMIIBBDAO\nBgNVHQ8BAf8EBAMCA4gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIw\nADAfBgNVHSMEGDAWgBQl1oSSRLU+8NqYyBK8J7yJeg5RWjBOBgNVHREERzBFghEq\nLnRoYWxlc2dyb3VwLmNvbYIRKi50aGFsZXNncm91cC5uZXSBF2NvbnRhY3RAdGhh\nbGVzZ3JvdXAuY29thwQBAQEBMF4GA1UdHwRXMFUwU6BRoE+GTWh0dHA6Ly9jaXBo\nZXJ0cnVzdG1hbmFnZXIubG9jYWwvY3Jscy8xY2IxNDlkNS03NmE4LTRkMDUtYmNl\nNy1kOGJkZmU1MTc2MjguY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQALSJCy3AqJCmFb\n6m/b6Dj0kJqqUP/xttYGgNZ07zVp22GPJhlwp0XJe9ZFcrZCmW7t1B7QUClQF+/y\n36gztJ/9RGd95PR9SEXhHrY/z1qJ8egD/opTS3sbDVKC10rbEGG+KI4Of5kF70Kn\nivKhyd8zrfJ2LcC4MkEzuDKab/1yfSMBzjIs47Ydx28Z1UWMA6AYEWRJY/J7mQmZ\nxX3xRvvkVat7cHs2933LzNm3EK0QO5C+gUIRmzCvOLUB2GHsQr0muFyWqgRAwRfG\nKSeYyi3oQcqpqc+IpF8adxDNcAYW4HtB5AGIV2fkGqa519dh1VSSLxHu6RIPzXKE\nJYhzg+hc2m4XhxRXeW98lgXLEU6Ij5ilvuC/wZiJK8ksEAvRp4EpiKD1ID0ikm2r\nn7F2d02XB5IzKYZ+cM7fmgMOXkgvebSwQk7WVl+v1MqcXx/cBl3m7BXU7rHz18je\nk2GYsFnyskfAcDmsroG4xtx5J9coHTNzVPxr2hPIpc4gKyjxKQ3mMdGD+MaHp7ED\nyJTcLY8MKt1s+YVRPtPv3furYU5rY04szyln7xj5XIW7SmcT5TvQn7O9K/+bXkYc\nOLvHFHcKHY2If84Y0ik8gtvM4MOCsooFQqzAPDMSdRgY8mIMcJYTzZruKqMt4Lh9\nvOjrBGHmKstG7gIA74frT0ZelHfeZQ==\n-----END CERTIFICATE-----\n", "certificate_subject": "CN=kylo.com,OU=RnD,O=Thales Group,L=Belcamp,ST=MD,C=US" }
JSON File
{ "products": [ "cckm" ], "cloud_name": "Salesforce Sandbox Cloud", "client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12", "username": "xyz@abc.com", "certificate": "-----BEGIN CERTIFICATE-----\nMIIFUjCCAzqgAwIBAgIQKPONHN6+j5mJCtT+MeR+BDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcTBkF1c3RpbjEPMA0G\nA1UEChMGVGhhbGVzMRwwGgYDVQQDExNDaXBoZXJUcnVzdCBSb290IENBMB4XDTIy\nMDgyMjA3MTUyM1oXDTIzMDgyMzA3MTUyM1owZDELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRUwEwYDVQQKEwxUaGFsZXMgR3JvdXAx\nDDAKBgNVBAsTA1JuRDERMA8GA1UEAxMIa3lsby5jb20wggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDZ5ZbOf1PDufiAhUj0pHxTGKyQ+lG2bm2/CLzMgaZD\nVvWsBipyhA8NgZbYLQd26Dz+7xlKJyzXdUjiVtPkMrwoF5G9gOoaCV98rHrqAut7\nJiyaSW8XiXHpvqm6Gz6tb9OtTSgtiGbnnpQnUytSYr0IAjDBaS/zNs6Sy+q+E+Ov\n88YutwsF7BTrRB82bC+2LtmU0qfbonELEU/5TMwXmsfN4a+ELjoZcYem+tJ+hojm\nnr343Icp32o3l7w/CAslrbLe98fuCIIxef3L3TPe8tSYI2MRmSVCfnA3kdYVvif7\n6Fda6hSPhrIt03a0AgyENMrOEv3/6LLMq4ANDY9BTYubAgMBAAGjggEIMIIBBDAO\nBgNVHQ8BAf8EBAMCA4gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIw\nADAfBgNVHSMEGDAWgBQl1oSSRLU+8NqYyBK8J7yJeg5RWjBOBgNVHREERzBFghEq\nLnRoYWxlc2dyb3VwLmNvbYIRKi50aGFsZXNncm91cC5uZXSBF2NvbnRhY3RAdGhh\nbGVzZ3JvdXAuY29thwQBAQEBMF4GA1UdHwRXMFUwU6BRoE+GTWh0dHA6Ly9jaXBo\nZXJ0cnVzdG1hbmFnZXIubG9jYWwvY3Jscy8xY2IxNDlkNS03NmE4LTRkMDUtYmNl\nNy1kOGJkZmU1MTc2MjguY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQALSJCy3AqJCmFb\n6m/b6Dj0kJqqUP/xttYGgNZ07zVp22GPJhlwp0XJe9ZFcrZCmW7t1B7QUClQF+/y\n36gztJ/9RGd95PR9SEXhHrY/z1qJ8egD/opTS3sbDVKC10rbEGG+KI4Of5kF70Kn\nivKhyd8zrfJ2LcC4MkEzuDKab/1yfSMBzjIs47Ydx28Z1UWMA6AYEWRJY/J7mQmZ\nxX3xRvvkVat7cHs2933LzNm3EK0QO5C+gUIRmzCvOLUB2GHsQr0muFyWqgRAwRfG\nKSeYyi3oQcqpqc+IpF8adxDNcAYW4HtB5AGIV2fkGqa519dh1VSSLxHu6RIPzXKE\nJYhzg+hc2m4XhxRXeW98lgXLEU6Ij5ilvuC/wZiJK8ksEAvRp4EpiKD1ID0ikm2r\nn7F2d02XB5IzKYZ+cM7fmgMOXkgvebSwQk7WVl+v1MqcXx/cBl3m7BXU7rHz18je\nk2GYsFnyskfAcDmsroG4xtx5J9coHTNzVPxr2hPIpc4gKyjxKQ3mMdGD+MaHp7ED\nyJTcLY8MKt1s+YVRPtPv3furYU5rY04szyln7xj5XIW7SmcT5TvQn7O9K/+bXkYc\nOLvHFHcKHY2If84Y0ik8gtvM4MOCsooFQqzAPDMSdRgY8mIMcJYTzZruKqMt4Lh9\nvOjrBGHmKstG7gIA74frT0ZelHfeZQ==\n-----END CERTIFICATE-----\n", "cert_duration": 730 }
The CipherTrust Manager allows you to modify the external certificate in the existing connection. Any unused certificate will be automatically deleted after 24 hours.
Getting Details of a Salesforce Connection
To get details of a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt salesforce get --id 5818ec3d-c5e9-4039-b911-efd45cb08f88
Example Response
{
"id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-08-10T10:21:29.967822Z",
"updatedAt": "2021-08-10T10:21:29.966606Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-1",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud",
"client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12",
"username": "xyz@gmail.com"
}
Updating a Salesforce Connection
To update a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce modify --id <Connection-Name/ID> --products <Products-Names> --clientid <Salesforce-Key-ID> --secret <Salesforce-Client-Secret> --meta <Key:Values>
Example Request
ksctl connectionmgmt salesforce modify --id 5818ec3d-c5e9-4039-b911-efd45cb08f88 --username abcd@gmail.com
Example Response
{
"id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-08-10T10:21:29.967822Z",
"updatedAt": "2021-08-10T10:25:06.228123698Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-1",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud",
"client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12",
"username": "abcd@gmail.com"
}
Deleting a Salesforce Connection
To delete a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt salesforce delete --id c4a11fc1-d226-4f19-8d03-5911198e89e5
Example Response
There will be no response if Salesforce connection is deleted successfully.
Getting List of Salesforce Connections
To list all the Salesforce connections, run:
Syntax
ksctl connectionmgmt salesforce list
Example Request
ksctl connectionmgmt salesforce list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-08-10T10:21:29.967822Z",
"updatedAt": "2021-08-10T10:21:29.966606Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-1",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud"
}
]
}
Testing an Existing Salesforce Connection
To test an existing Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce test --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt salesforce test --id 5087c384-43aa-4750-951e-3a0f2b60d43b
Example Response
{
"connection_ok": true,
}
Testing Parameters for a Salesforce Connection
To test parameters for a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce test --id <Connection-Name/ID> --clientid <Salesforce-Key-ID> --secret <Salesforce-Client-Secret>
Example Request
ksctl connectionmgmt salesforce test --clientid 3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12 --secret BC0556E7A0B4C96E218EF91370C5B --username salesforce-1 --conn-password 123456 --cloudname "Salesforce Sandbox Cloud"
Example Response
{
"connection_ok": true,
}