Managing Salesforce Organizations
This section describes how to manage Salesforce organizations on CCKM. Before proceeding, a connection to your Salesforce account must exist on the CipherTrust Manager. Refer to Connection Manager for details.
After the connection is configured, you can add organizations to the CipherTrust Manager. Salesforce organizations can be added, viewed, modified, or deleted on the Salesforce Organizations page.
Each Salesforce organization consumes one CCKM license cloud unit when added to CCKM.
A Salesforce organization is needed to upload tenant secrets, upload cache-only keys, and view Salesforce reports.
Adding an Existing Salesforce Organization
You can add existing organizations linked to a Salesforce connection to the CipherTrust Manager. An existing organization can only be added just once.
To add an existing Salesforce organization:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Salesforce Organizations. The Salesforce Organizations page is displayed.
Click Add Existing Organization. The Add Existing Organization screen is displayed.
Select the desired Connection from the drop-down list. The list of existing organizations linked with the selected connection is displayed in the Organization field.
Select the desired Organization.
Click Add.
The selected organization is displayed on the Salesforce Organizations page. Now, you can manage the organization from CCKM on the CipherTrust Manager.
The organization is available to upload tenant secrets, associate to cache-only key endpoints, and view Salesforce reports.
If the selected organization is already added to the CipherTrust Manager, an error message is displayed.
Viewing Salesforce Organizations
The Salesforce Organizations page shows the list of organizations added to the CipherTrust Manager. Search for the organizations by Name or Connection.
To view the list of organizations added to the CipherTrust Manager:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Salesforce Organizations. The Salesforce Organizations page shows the list of organizations added to the CipherTrust Manager.
The page displays the following details:
Column Description Organization Name Name of the organization. Organization ID ID of the Salesforce organization. Organization Type Type of the Salesforce organization. Connection Name of the Salesforce connection added to the CipherTrust Manager. Cloud Name Name of the Salesforce cloud. The cloud can be SFDC or Sandbox. Last Refreshed Time when the group was refreshed the last.
To view the custom columns, click the Customize View () icon, select the desired option, and click OK to display the column.
Refreshing Organizations
Refreshing is the process to download keys created in Salesforce organizations to the CCKM. You can refresh keys from individual or all Salesforce organizations.
Refreshing Specific Organizations
To refresh an organization:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Salesforce Organizations. The Salesforce Organizations page is displayed.
Click the overflow icon () corresponding to the desired organization and click Refresh Now.
A message Refresh started... is displayed on the screen. To cancel the refresh, click Cancel Refresh.
The refreshed keys are listed on the Cloud Keys > Salesforce > Salesforce Keys page. Refer to Viewing Salesforce Keys for details.
Refreshing All Organizations
To refresh all organizations:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Salesforce Organizations. The Salesforce Organizations page is displayed.
Click Refresh All. The This may take a while... message is displayed.
Note
Refresh all organizations is a time intensive operation that could take several hours or days to complete. It will continue running in the background.
Click Refresh All to continue.
A message Refresh started... is displayed on the screen. To cancel the refresh, click Cancel Refresh.
The refreshed keys are listed on the Cloud Keys > Salesforce > Salesforce Keys page. Refer to Viewing Salesforce Keys for details.
Viewing Details of an Organization
To view the details of an organization on CCKM:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Salesforce Organizations.
Click the Organization Name link of the desired organization.
Alternatively, click the overflow icon () corresponding to the desired organization, and click View/Edit Details.
The edit view of the Salesforce Organizations page shows additional details of the selected organization under the ACCESS CONTROL, CERTIFICATES, ENDPOINTS, and CONNECTION sections. Expand each section to view more details.
Changing the Salesforce Connection
To change the Salesforce connection:
Expand CONNECTION.
From the Connection ID drop-down list, select the Salesforce connection.
Click Update.
The connection of the Salesforce organization is changed.
Managing User Permissions on Salesforce Organizations
To work with the Salesforce cloud, users/group must have the minimum set of permissions that allow them to use the Salesforce resources such as keys, organizations, and certificates. Initially, the CCKM user only has permission to view the keys. However, if required, the CCKM administrator can grant and revoke permissions.
Note
Only the users who are member of the CCKM Users group will be granted permissions to perform operations on Salesforce organizations.
Users with the following characteristics can perform operations for Salesforce keys, Salesforce organizations, and Salesforce certificates:
Users in the
CCKM Admins
groupUsers in the
Admin
groupUsers who are administrators for a domain
Users who are in the
CCKM Users
group and which have had a CCKM Admin assign permissions through the UI or the/v1/cckm/sfdc/organizations/{id}/update-acls
endpoint in the REST API.Note
A CCKM administrator can only assign permissions to do Salesforce certificate operations or Salesforce cache-only key operations through the REST API.
Adding Permissions for a User/Group
To add permissions for a user/group:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Salesforce Organizations.
Click the Organization Name link of the desired organization.
Alternatively, click the overflow icon () corresponding to the desired organization, and click View/Edit Details.
Expand the ACCESS CONTROL section. This section contains the BYOK Keys, Native Keys, Cache-Only Keys, and Certificates tabs.
Click Assign User/Group. The Assign User/Group dialog box is displayed.
Select the desired user or group from the User/Group drop-down list.
Click Save.
The newly added user/group is displayed under Name in the ACCESS CONTROL section. You can now grant additional permissions to the user/group, as appropriate. Refer to Granting Permission to Perform an Operation for details.
Granting Permission to Perform an Operation
To grant permissions to the user or group to perform any of the above mentioned operations:
In the ACCESS CONTROL section, click the desired tab.
Select the check box under the desired operation corresponding to the desired users or groups.
Click Update.
A success message is displayed on the screen.
To revoke permissions from a user/group, refer to Removing a Permission for details.
Removing a Permission
To remove a permission assigned to a user or group:
In the ACCESS CONTROL section, click the desired tab.
Clear the check box under the desired operation corresponding to the desired users or groups.
Click Update.
A success message is displayed on the screen.
Removing Permission from a User/Group
To remove current permissions assigned to the user/group:
In the ACCESS CONTROL section, click the desired tab.
Under Unassign, click the X button corresponding to the desired user/group.
On the Remove User / Remove Group screen, click Remove.
Note
Removing this user/group will remove all permissions currently assigned to the user/group.
Click Remove to confirm the action. To cancel the action, click Keep It.
A success message is displayed on the screen.
Removing a Salesforce Organization
Salesforce organizations can be removed on the Salesforce Organizations page. Search for existing organizations using Name or Connection.
Note
When a Salesforce organization is removed from CCKM, it is also deleted from the Salesforce cloud.
To remove an organization from CCKM:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Salesforce Organizations. The Salesforce Organizations page is displayed. The list of organizations added to CCKM is displayed.
Click the overflow icon () corresponding to the organization you want to remove.
Click Delete. The Delete Organization dialog box is displayed.
Click Delete.
The Salesforce organization is deleted successfully. The organization is removed from the list of Salesforce organizations.