Salesforce
The Salesforce connections to the CipherTrust Data Security Platform Service can be configured using the following:
Note
If you wish to use external certificate authentication, you must first create a valid external certificate.
Managing Salesforce Connections using GUI
-
Client ID - application ID of the Salesforce application. It can be used either with Client Credential, Certificate or Password to authenticate the application.
Note
The Salesforce Connection Manager does not allow using one client id for multiple connections for certificate based authentication. This limitation exists because the Salesforce server allows only one certificate for a client id at any given time.
However, if client credential based authentication is used, multiple connections are allowed with one client id. -
Cloud Name - the name of the Salesforce cloud to connect to. Currently, only the following options are available:
-
Salesforce Sandbox Cloud
-
Salesforce Cloud
-
-
Authentication - you can use the following authentication methods.
-
Client Credential (My Domain) - this authentication method uses Client Secret and Domain Name for the given Client ID to enable the communication between Salesforce and the CipherTrust Data Security Platform Service. The Domain Name is mapped to My Domain in Salesforce login and application URLs.
The client credentials don't require "username" and "password" for authentication. For details, refer to Salesforce documentation.
-
Certificate - this authentication method is used to enable password-less communication between Salesforce and the CipherTrust Data Security Platform Service. To do so:
-
Select the Certificate radio button.
-
Enter the Username.
-
Select Application or External as the Certificate Type.
The Application certificate type is generated by CipherTrust Data Security Platform Service and self-signed.
The External certificate type is a pre-existing certificate generated on CipherTrust Data Security Platform Service and then signed by a CA external to the CipherTrust Data Security Platform Service. To use this option, you first need to create a valid external certificate.
-
Click the Generate and Download button.
-
Upload the downloaded certificate on Salesforce for the provided Client ID.
-
Once the upload is done, verify the Certificate Subject on the CipherTrust Data Security Platform Service and Salesforce. Both the Certificate Subjects must match.
-
(Optional) Specify Certificate Duration in Days. The default certificate duration is 730 days (2 years).
Ensure that you have fulfilled the prerequisites to create a valid external certificate.
Do one of the following:
-
Select File Upload and click the Upload Certificate to upload the external certificate as a file.
-
Select Text and paste the certificate contents in the text box.
Note
The CipherTrust Data Security Platform Service allows you to modify the external certificate in the existing connection. Any unused certificate will be automatically deleted after 24 hours.
-
-
Password – this authentication method uses the Client Secret, Username, and Password for the given Client ID to enable the communication between Salesforce and the CipherTrust Data Security Platform Service.
Note
-
If you have enabled the Multi-Factor authentication on the API, password authentication will not work.
-
Before creating a Salesforce connection using "Password" based authentication, ensure that the "Allow OAuth Username-Password Flows" setting is enabled on the Salesforce cloud (Salesforce > Setup > Settings > Identity > OAuth and OpenID Connect Settings > Allow OAuth Username-Password Flows).
-
-
-
(Optional) Enable Mutual TLS.
Click Next to move to the Add Products screen of the Add Connection wizard.
Note
Currently, the only product supported for Salesforce connection is Cloud Key Manager.
Click Next to move to the next step.
Note
For Salesforce Organizations, you can provide the Mutual TLS Certificate details, you need to Enable Mutual TLS.
Mutual TLS Certificate
In the Mutual TLS Certificate section, provide the TLS Client Certificate details.
Select File Upload and click Upload Certificate to upload the certificate (in PEM format). You can also select Text and enter the certificate in the text area.
Enter the Password of TLS Client Certificate.
Click Next to move to the Add Products screen of the Add Connection wizard.
Managing Salesforce Connections using ksctl
The following operations can be performed:
-
Create/Get/Update/Delete an Salesforce connection
-
List all Salesforce connections
-
Test an existing Salesforce connection
-
Test parameters for a Salesforce connection
Authentication methods
The Salesforce connection can be created using the following authentication methods:
-
Password
-
Certificate
-
Client Credential (My Domain)
Creating a Salesforce Connection
Note
Before creating a Salesforce connection using "Password" based authentication, ensure that the "Allow OAuth Username-Password Flows" setting is enabled on the Salesforce cloud (Salesforce > Setup > Settings > Identity > OAuth and OpenID Connect Settings > Allow OAuth Username-Password Flows).
It is consumer secret based authentication. Following fields are used for authentication:
-
name - username to access the Salesforce server
-
client_id - application ID of the Salesforce application
-
client_secret - consumer secret for the Salesforce application
-
password - password for the Salesforce account
To create a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce create --name <connection-name> --products <products-names> --clientid <salesforce-client-id> --secret <salesforce-client-secret> --username <salesforce-client-username> --conn-password <salesforce-client-password> --cloudname <salesforce-cloud-name>
Example Request
ksctl -v connectionmgmt salesforce create --name salesforce2 --products cckm --clientid "3MVG9c1ghSpUbLl_2HbT5XAlPgXdC.voJEM.D4jfqQipoLHa.8rtSEO9Zw6qX0MhVdK3V7LrASTjEmBIpQwkv" --username monika.kataria@thalesgroup.com.ranjansfdc --cloudname "Salesforce Sandbox Cloud" --conn-password thalesdiscplusa--ranjansfdc --secret 8177EE1E5967F39381DED2D41B363910B865AD881587AA4DF62C5E813988322A
Example Response
{
"id": "bad74caa-25e4-42b6-a348-99190db7edf1",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce2-bad74caa-25e4-42b6-a348-99190db7edf1",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-06-14T12:43:10.528951737Z",
"updatedAt": "2023-06-14T12:43:10.527954022Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce2",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud",
"client_id": "3MVG9c1ghSpUbLl_2HbT5XAlPgXdC.voJEM.D4jfqQipoLHa.8rtSEO9Zw6qX0MhVdK3V7LrASTjEmBIpQwkv",
"username": "monika.kataria@thalesgroup.com.ranjansfdc"
}
It is certificate-based authentication. Following fields are used for authentication:
-
name - username to access the Salesforce server.
-
client_id - application ID of the Salesforce application.
-
certificate - represents the internal/external certificate.
The Salesforce connection can be created using:
-
Internal certificate
-
External certificate
You can also enable mutual TLS (mTLS) for a Salesforce connection.
Using Internal certificate
To create a Salesforce connection using internally generated self-signed certificate, run:
Syntax
ksctl connectionmgmt salesforce create --name <Connection-Name> --products <Products-Names> --clientid <Salesforce-Key-ID> --username <Salesforce-Client-Secret> --cloudname <Salesforce-Cloud-Name> --certificate <yes/y> --certificate-duration <Certificate-Duration>
Example Request
ksctl connectionmgmt salesforce create --name "salesforce-3" --products "cckm" --cloudname "Salesforce Sandbox Cloud" --clientid 123456 --username "xyz@gmail.com" --certificate yes --certificate-duration 730
Example Response
{
"id": "93734270-78e0-4a80-b545-dd87d536e1d3",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce-3-93734270-78e0-4a80-b545-dd87d536e1d3",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-05-13T07:04:14.160133827Z",
"updatedAt": "2022-05-13T07:04:14.158769531Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-3",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud",
"client_id": "123456",
"username": "xyz@gmail.com",
"certificate": "-----BEGIN CERTIFICATE-----\nMIIFvTCCA6WgAwIBAgIQT3N0S1zNYmmO8lrBpKh9FzANBgkqhkiG9w0BAQsFADB/\nMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2Fu\nIEpvc2UxDzANBgNVBAoTBlRoYWxlczEUMBIGA1UECxMLQ2lwaGVyVHJ1c3QxITAf\nBgNVBAMTGGNja20udGhhbGVzZXNlY3VyaXR5LmNvbTAeFw0yMjA1MTMwNzA0MTRa\nFw0yNDA1MTIwNzA0MTRaMH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y\nbmlhMREwDwYDVQQHEwhTYW4gSm9zZTEPMA0GA1UEChMGVGhhbGVzMRQwEgYDVQQL\nEwtDaXBoZXJUcnVzdDEhMB8GA1UEAxMYY2NrbS50aGFsZXNlc2VjdXJpdHkuY29t\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArceaWBh8OpA+6IEI0InP\nJpcxGH62xpWbQ/IRX7mYRZ2o78jEcp4JSVRyv4M471vD+x3McUrNQv1upxVvSPEw\nWD8XYIllKh9jgitJ4KihEUAmVSzaZUhknj/enozcj+6VPaPmlg99HtcZNuktsE9F\ndnl9iniRcthHg3LeIy6N80RwsYY8V+d3dRlZYxuWfeRaJOa2IQfP0+sgExqkKcgZ\nbXD5Vs2+fkmx8DISUZ9wHhcZPpguDuH9Ww/WYqJolUhRpQE0BilG4bD0uQ1m1T+T\nWnwIHvy4IKYlIrJybMEr05yfvWaQz5oNNZVxbtxcMbDg2CktlaS/71tr9IfC5e6+\nxIJbUV84nEqIvJ83IfaCfG5ZgMCdALudv0eTrhxOc5XDVmGWUsTU0oVYUm5sE0Wj\nYJEtPn5j56umI+GkufBXtMq29+ufNcxVkWExW1i8ypYIfnbDprt4ioSEFNFWMFq3\nZf1lFpT/SvN2pzUQtXcXIunCEWjKi/hs019Zh98olPG7JAfiM7xRBFQohpcTEXQE\nl+Sa7PhR5LB39WXiPtxZ/TudFaeWOeVOhr1Mxy/BZYSYdm933jy1WDI8Tvzjnwxd\nI3am/U7Yl7Xl6xSInmoM/MUCC4VDBOPqua9cgJFWH6GE15tbOxgBXDhmYqDaOTIM\nuVm4ugHxvb833QhxlhVf10MCAwEAAaM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud\nJQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB\nAIGXc8mf66zUaQWjeTkltdCdz2Wbo5CHqfRs2SQIOBON5sS6gKYz3HWzwM4op3JI\nvciW6ueiFe+vLV1CRn6uF1kvDKxMzIB1dGFIl2aRWjvyhyrrcLUzK9qGe7giloru\noPoPdx7pGmpSERkVJWFEVIWd0KCBWtpwt0Z5BukcrHdu9y/LVbJ6JaQ1KV3BwQwF\nfW3jzIJzNQ7ffO/WyW0kLFstBjr38wBZWcxGDa9nopbaVdGAhXlsQTuehvHjHdlc\nDmVhR61kGhtsGojM4RzooRCpn5hoXLahVRQCcB38+VYjnbEvAM9VpOfdQbxbw9Nt\nNJfWX371ya9DKnDmDS7cDlHkB4dvx+wSVK/3jxKakwETO5lEib31v/lsF5lGGuKy\n5QfUrouwlFmAlIdf8fanBqfdIK3nzowvdvAp7OTjuXO2eHKly321ScuLYVsh+eMx\niArdzP3McH4buvPoP/PGXUFTpcrz7rynmUCD5chpkAmVGrkjmgY1QWAgeoAEnhva\nhmhkqsY2xsEQhYo873gbb9CP+8yJOLgAGUJVRC+e6FVm40Svm7e9ffkaekBAyWRq\nlPPqzrPzxlKIlAW8uEaeFcg+3N94oXqI3UDJ7nq29Op1I9IcyzkiigNSZ7lboDGV\n1TO/xYlVRyMxZyhI3R4a/WyWtvCcCXcnnhe3Z7iVSyBa\n-----END CERTIFICATE-----\n",
"certificate_subject": "CN=cckm.thalesesecurity.com,OU=CipherTrust,O=Thales,L=San Jose,ST=California,C=US"
}
Using external certificate
Note
The external certificate cannot be used with use_certificate and client_secret parameters.
To create an Salesforce connection using external certificate generated from custom CSR signed by any external CA:
-
Generate a new Certificate Signing Request (CSR). The Salesforce connections support RSA 1024, 2048, and 4096 bit keys for creating CSRs.
Syntax
ksctl connectionmgmt connections csr --cn <common-name> --csr-outfile <filename>Example
ksctl connectionmgmt connections csr --cn "test" --csr-outfile "Salesforce.pem"Response
{ "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIHJMHECAQAwDzENMAsGA1UEAxMEdGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABAjn2IrYo9SuscMXGwz0oEDcYCpb2U9F15BF3Y9myZQk40cNMjZ8XMwYYLOR\nyDOMyg8N0XTGy3kg5wqnnSm5namgADAKBggqhkjOPQQDAgNIADBFAiBa7LjFF2D9\niPKhU89pjndsgG9cx2M9JSC6ZzWol5Py0QIhAJUHgBeYKttzcpo87Ej3eQHRb8MT\nJRVOqvM3mdbA/ToQ\n-----END CERTIFICATE REQUEST-----\n" }This CSR can only be used for one connection in the native domain. Also, this CSR can't be reused in other domains.
-
Sign the CSR with an external CA. It will generate an external certificate.
-
Upload the generated certificate to the Salesforce portal.
-
Create the Salesforce connection using the external certificate generated above.
Example
ksctl connectionmgmt salesforce create --json-file certificatesalesforcecreation.json --name "testsalesforce"Response
{ "id": "b1b23132-507e-4807-aef9-9af2a6c5c2fe", "uri": "kylo:kylo:connectionmgmt:connections:testsalesforce-b1b23132-507e-4807-aef9-9af2a6c5c2fe", "account": "kylo:kylo:admin:accounts:kylo", "createdAt": "2022-08-23T07:18:33.757838337Z", "updatedAt": "2022-08-23T07:18:33.756451354Z", "service": "salesforce", "category": "cloud", "last_connection_ok": null, "last_connection_at": "0001-01-01T00:00:00Z", "name": "testsalesforce", "products": [ "cckm" ], "cloud_name": "Salesforce Sandbox Cloud", "client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12", "username": "xyz@abc.com", "certificate": "-----BEGIN CERTIFICATE-----\nMIIFUjCCAzqgAwIBAgIQKPONHN6+j5mJCtT+MeR+BDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcTBkF1c3RpbjEPMA0G\nA1UEChMGVGhhbGVzMRwwGgYDVQQDExNDaXBoZXJUcnVzdCBSb290IENBMB4XDTIy\nMDgyMjA3MTUyM1oXDTIzMDgyMzA3MTUyM1owZDELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRUwEwYDVQQKEwxUaGFsZXMgR3JvdXAx\nDDAKBgNVBAsTA1JuRDERMA8GA1UEAxMIa3lsby5jb20wggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDZ5ZbOf1PDufiAhUj0pHxTGKyQ+lG2bm2/CLzMgaZD\nVvWsBipyhA8NgZbYLQd26Dz+7xlKJyzXdUjiVtPkMrwoF5G9gOoaCV98rHrqAut7\nJiyaSW8XiXHpvqm6Gz6tb9OtTSgtiGbnnpQnUytSYr0IAjDBaS/zNs6Sy+q+E+Ov\n88YutwsF7BTrRB82bC+2LtmU0qfbonELEU/5TMwXmsfN4a+ELjoZcYem+tJ+hojm\nnr343Icp32o3l7w/CAslrbLe98fuCIIxef3L3TPe8tSYI2MRmSVCfnA3kdYVvif7\n6Fda6hSPhrIt03a0AgyENMrOEv3/6LLMq4ANDY9BTYubAgMBAAGjggEIMIIBBDAO\nBgNVHQ8BAf8EBAMCA4gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIw\nADAfBgNVHSMEGDAWgBQl1oSSRLU+8NqYyBK8J7yJeg5RWjBOBgNVHREERzBFghEq\nLnRoYWxlc2dyb3VwLmNvbYIRKi50aGFsZXNncm91cC5uZXSBF2NvbnRhY3RAdGhh\nbGVzZ3JvdXAuY29thwQBAQEBMF4GA1UdHwRXMFUwU6BRoE+GTWh0dHA6Ly9jaXBo\nZXJ0cnVzdG1hbmFnZXIubG9jYWwvY3Jscy8xY2IxNDlkNS03NmE4LTRkMDUtYmNl\nNy1kOGJkZmU1MTc2MjguY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQALSJCy3AqJCmFb\n6m/b6Dj0kJqqUP/xttYGgNZ07zVp22GPJhlwp0XJe9ZFcrZCmW7t1B7QUClQF+/y\n36gztJ/9RGd95PR9SEXhHrY/z1qJ8egD/opTS3sbDVKC10rbEGG+KI4Of5kF70Kn\nivKhyd8zrfJ2LcC4MkEzuDKab/1yfSMBzjIs47Ydx28Z1UWMA6AYEWRJY/J7mQmZ\nxX3xRvvkVat7cHs2933LzNm3EK0QO5C+gUIRmzCvOLUB2GHsQr0muFyWqgRAwRfG\nKSeYyi3oQcqpqc+IpF8adxDNcAYW4HtB5AGIV2fkGqa519dh1VSSLxHu6RIPzXKE\nJYhzg+hc2m4XhxRXeW98lgXLEU6Ij5ilvuC/wZiJK8ksEAvRp4EpiKD1ID0ikm2r\nn7F2d02XB5IzKYZ+cM7fmgMOXkgvebSwQk7WVl+v1MqcXx/cBl3m7BXU7rHz18je\nk2GYsFnyskfAcDmsroG4xtx5J9coHTNzVPxr2hPIpc4gKyjxKQ3mMdGD+MaHp7ED\nyJTcLY8MKt1s+YVRPtPv3furYU5rY04szyln7xj5XIW7SmcT5TvQn7O9K/+bXkYc\nOLvHFHcKHY2If84Y0ik8gtvM4MOCsooFQqzAPDMSdRgY8mIMcJYTzZruKqMt4Lh9\nvOjrBGHmKstG7gIA74frT0ZelHfeZQ==\n-----END CERTIFICATE-----\n", "certificate_subject": "CN=kylo.com,OU=RnD,O=Thales Group,L=Belcamp,ST=MD,C=US" }JSON File
{ "products": [ "cckm" ], "cloud_name": "Salesforce Sandbox Cloud", "client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12", "username": "xyz@abc.com", "certificate": "-----BEGIN CERTIFICATE-----\nMIIFUjCCAzqgAwIBAgIQKPONHN6+j5mJCtT+MeR+BDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcTBkF1c3RpbjEPMA0G\nA1UEChMGVGhhbGVzMRwwGgYDVQQDExNDaXBoZXJUcnVzdCBSb290IENBMB4XDTIy\nMDgyMjA3MTUyM1oXDTIzMDgyMzA3MTUyM1owZDELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRUwEwYDVQQKEwxUaGFsZXMgR3JvdXAx\nDDAKBgNVBAsTA1JuRDERMA8GA1UEAxMIa3lsby5jb20wggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDZ5ZbOf1PDufiAhUj0pHxTGKyQ+lG2bm2/CLzMgaZD\nVvWsBipyhA8NgZbYLQd26Dz+7xlKJyzXdUjiVtPkMrwoF5G9gOoaCV98rHrqAut7\nJiyaSW8XiXHpvqm6Gz6tb9OtTSgtiGbnnpQnUytSYr0IAjDBaS/zNs6Sy+q+E+Ov\n88YutwsF7BTrRB82bC+2LtmU0qfbonELEU/5TMwXmsfN4a+ELjoZcYem+tJ+hojm\nnr343Icp32o3l7w/CAslrbLe98fuCIIxef3L3TPe8tSYI2MRmSVCfnA3kdYVvif7\n6Fda6hSPhrIt03a0AgyENMrOEv3/6LLMq4ANDY9BTYubAgMBAAGjggEIMIIBBDAO\nBgNVHQ8BAf8EBAMCA4gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIw\nADAfBgNVHSMEGDAWgBQl1oSSRLU+8NqYyBK8J7yJeg5RWjBOBgNVHREERzBFghEq\nLnRoYWxlc2dyb3VwLmNvbYIRKi50aGFsZXNncm91cC5uZXSBF2NvbnRhY3RAdGhh\nbGVzZ3JvdXAuY29thwQBAQEBMF4GA1UdHwRXMFUwU6BRoE+GTWh0dHA6Ly9jaXBo\nZXJ0cnVzdG1hbmFnZXIubG9jYWwvY3Jscy8xY2IxNDlkNS03NmE4LTRkMDUtYmNl\nNy1kOGJkZmU1MTc2MjguY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQALSJCy3AqJCmFb\n6m/b6Dj0kJqqUP/xttYGgNZ07zVp22GPJhlwp0XJe9ZFcrZCmW7t1B7QUClQF+/y\n36gztJ/9RGd95PR9SEXhHrY/z1qJ8egD/opTS3sbDVKC10rbEGG+KI4Of5kF70Kn\nivKhyd8zrfJ2LcC4MkEzuDKab/1yfSMBzjIs47Ydx28Z1UWMA6AYEWRJY/J7mQmZ\nxX3xRvvkVat7cHs2933LzNm3EK0QO5C+gUIRmzCvOLUB2GHsQr0muFyWqgRAwRfG\nKSeYyi3oQcqpqc+IpF8adxDNcAYW4HtB5AGIV2fkGqa519dh1VSSLxHu6RIPzXKE\nJYhzg+hc2m4XhxRXeW98lgXLEU6Ij5ilvuC/wZiJK8ksEAvRp4EpiKD1ID0ikm2r\nn7F2d02XB5IzKYZ+cM7fmgMOXkgvebSwQk7WVl+v1MqcXx/cBl3m7BXU7rHz18je\nk2GYsFnyskfAcDmsroG4xtx5J9coHTNzVPxr2hPIpc4gKyjxKQ3mMdGD+MaHp7ED\nyJTcLY8MKt1s+YVRPtPv3furYU5rY04szyln7xj5XIW7SmcT5TvQn7O9K/+bXkYc\nOLvHFHcKHY2If84Y0ik8gtvM4MOCsooFQqzAPDMSdRgY8mIMcJYTzZruKqMt4Lh9\nvOjrBGHmKstG7gIA74frT0ZelHfeZQ==\n-----END CERTIFICATE-----\n", "cert_duration": 730 }
The CipherTrust Data Security Platform Service allows you to modify the external certificate in the existing connection. Any unused certificate will be automatically deleted after 24 hours.
It is domain name based authentication and uses "domain_name" to map My Domain in Salesforce login and application URLs.
The client credentials don't require "username" and "password" for authentication. For details, refer to Salesforce documentation.
Following fields are used for authentication:
-
client_id - application ID of the Salesforce application
-
client_secret - consumer secret for the Salesforce application
-
domain_name - represents My Domain used in the Salesforce account.
To create a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce create --name <connection-name> --products <products-names> --clientid <salesforce-client-id> --secret <salesforce-client-secret> --cloudname <salesforce-cloud-name> --domain-name <salesforce-org-domain-name>
Example Request
ksctl connectionmgmt salesforce create -n salesforce-1 -c "Salesforce Cloud" --domain-name "thalesdiscplusa--ranjansfdc" -d "3MVG9c1ghSpUbLl_2HbT5XAlPgXdC.voJEM.D4jfqQipoLHa.8rtSEO9Zw6qX0MhVdK3V7LrASTjEmBIpQwkv" -t "8177EE1E5967F39381DED2D41B363910B865AD881587AA4DF62C5E813988322A"
Example Response
{
"id": "e9b10913-400c-40c3-9f78-e5a4277d5724",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-e9b10913-400c-40c3-9f78-e5a4277d5724",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-06-13T11:17:25.000529654Z",
"updatedAt": "2023-06-13T11:17:24.999224701Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-1",
"cloud_name": "Salesforce Cloud",
"client_id": "3MVG9c1ghSpUbLl_2HbT5XAlPgXdC.voJEM.D4jfqQipoLHa.8rtSEO9Zw6qX0MhVdK3V7LrASTjEmBIpQwkv",
"domain_name": "thalesdiscplusa--ranjansfdc"
}
Creating a Salesforce Connection with mTLS enabled
CipherTrust Data Security Platform Service provides an option to secure specific API calls from CipherTrust Data Security Platform Service to Salesforce with an mTLS certificate. You can provide a TLS client certificate and a private key while creating a Salesforce connection to enable mTLS certificate authentication. If the private key is protected with a passphrase, then there is the option to also provide this passphrase. For the prerequisite steps to take within Salesforce to set up the use of this Salesforce mTLS option, refer to Setting Up a Mutual Authentication Certificate and associated Salesforce Help topics.
We support pkcs8 format for the certificate. If the certificate is protected by a passphrase, we support pcks1 format for the private key. If the certificate is not protected by a passphrase, we support pcks8 or pcks1 formats for the private key.
To create a Salesforce connection with the verification of a TLS client-side certificate, run:
Syntax
./ksctl connectionmgmt salesforce create --name sfdc1 --clientid "clientid" --secret "salesforce-client-secret" --username "email-of-user" --conn-password "connection-passwd" --cloudname "name-of-salesforce-cloud" --tls-client-cert-with-private-key-file "pointer-to-file-containing-mtls-client-cert" --tls-client-private-key-password "password-of-private-key" --enable-mutual-tls "boolean"
Example Request
./ksctl connectionmgmt salesforce create --name sfdc1 --clientid 3MVG9p1Q1BCe9GmC3YCMWFj2f.NBP_SD5K24usl_MOX3uRIzzi9IH2b77VwN0Ov4XpIi.G1t2CoHSURy4b1AK --secret DF98FB4CB875C8934E699114E3832C8C57AF45374CF1450CFF88494ADEDCD65A --username xyz@gmail.com --conn-password Thales2023# --cloudname 'Salesforce Cloud' --tls-client-cert-with-private-key-file /home/user1/Downloads/letscrypt_fullcert_01182023_with_passphrase.pem --tls-client-private-key-password Ssl12345# --enable-mutual-tls true
Example Response
{
"id": "e561bc25-63de-461d-aa94-d76baa595dc4",
"uri": "kylo:kylo:connectionmgmt:connections:sfdc1-e561bc25-63de-461d-aa94-d76baa595dc4",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-03-14T20:45:37.431827324Z",
"updatedAt": "2023-03-14T20:45:37.427742423Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "sfdc1",
"cloud_name": "Salesforce Cloud",
"client_id": "3MVG9p1Q1BCe9GmC3YCMWFj2f.NBP_SD5K24usl_MOX3uRIzzi9IH2b77VwN0Ov4XpIi.G1t2CoHSURy4b1AK",
"username": "xyz@gmail.com",
"enable_mutual_tls": true,
"tls_client_certificate": "-----BEGIN CERTIFICATE-----\nMIIEZTCCA02gAwIBAgISA0mUYC0i/8xCeuuJ5vkaVzeaMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMzAxMTgxOTE2NTRaFw0yMzA0MTgxOTE2NTNaMBkxFzAVBgNVBAMM\nDioudGhhbGVzY3BsLmlvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvdVSqoKa\n91XgggHCGbXTBxbMLhdvj6Wvzn/L/gR8NqiVQ+xucpvRXERNRhHHbJfy/DGNPq5Q\nbC0U04EOxAT5GKOCAlcwggJTMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr\nBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUc/b+f3Zd\nwC30i5JIlYgvHSLqL4YwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYw\nVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5v\ncmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wJwYDVR0RBCAw\nHoIOKi50aGFsZXNjcGwuaW+CDHRoYWxlc2NwbC5pbzBMBgNVHSAERTBDMAgGBmeB\nDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxl\ndHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3ALc++yTfnE26\ndfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhcaG/90AAAQDAEgwRgIhAKcf4YZR\n2uchfq2wvjuabAyXbV773mWIgbhLp/EGbVY1AiEApzfjoX+LN7KUIQp6jovlWd2m\nu1hWfGd4tcyc5wn1HGwAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1Lr\nUgAAAYXGhv/yAAAEAwBGMEQCIF2t/AGzjkm4mskUB4XAnawlgN7mFI1jERQMt9me\nlL3qAiAuxYZ+MdWLF1i6TedCoaSPqTV3RE7tbwr6QQMfGmkIPjANBgkqhkiG9w0B\nAQsFAAOCAQEAsh8MJL8weXCZrIFe4yH1bHYHmtaSMHTLTRH+S+PLM+wqTsgPRg80\n8UB5o6e5dHhaLkrEp0xtu+H5kjVDEfqAuP0pl+is/8ADuQsWdD9vzeV2xzEKxj97\np/YCpS065euJgcRgNGGNijCZjZFtm2TFIOMVlteJm9Fb9nwC61GnZAGXSPMdorj4\nqIHm+b2XGcZ/1m9kTLKl3GeVqLnsE9+Ujkzl0VEsL2urkKpDTPnBlziO8E7DxIX8\noAl/0Yh2SxOYOn67Yv0Joofv+Tl5ilVnKVky7ndRehjMlevs5r6cHFib0if4e/WQ\nP03rukbsgCGFDw43Bbs0fBhC1k80oPGNmA==\n-----END CERTIFICATE-----\n"
}
Getting Details of a Salesforce Connection
To get details of a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt salesforce get --id 5818ec3d-c5e9-4039-b911-efd45cb08f88
Example Response
{
"id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-08-10T10:21:29.967822Z",
"updatedAt": "2021-08-10T10:21:29.966606Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-1",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud",
"client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12",
"username": "xyz@gmail.com"
}
Updating a Salesforce Connection
To update a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce modify --id <Connection-Name/ID> --products <Products-Names> --clientid <Salesforce-Key-ID> --secret <Salesforce-Client-Secret> --meta <Key:Values>
Example Request
ksctl connectionmgmt salesforce modify --id 5818ec3d-c5e9-4039-b911-efd45cb08f88 --username abcd@gmail.com
Example Response
{
"id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-08-10T10:21:29.967822Z",
"updatedAt": "2021-08-10T10:25:06.228123698Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-1",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud",
"client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12",
"username": "abcd@gmail.com"
}
Deleting a Salesforce Connection
To delete a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt salesforce delete --id c4a11fc1-d226-4f19-8d03-5911198e89e5
Example Response
There will be no response if Salesforce connection is deleted successfully.
Getting List of Salesforce Connections
To list all the Salesforce connections, run:
Syntax
ksctl connectionmgmt salesforce list
Example Request
ksctl connectionmgmt salesforce list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-08-10T10:21:29.967822Z",
"updatedAt": "2021-08-10T10:21:29.966606Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-1",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud"
}
]
}
Testing an Existing Salesforce Connection
To test an existing Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce test --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt salesforce test --id 5087c384-43aa-4750-951e-3a0f2b60d43b
Example Response
{
"connection_ok": true,
}
Testing Parameters for a Salesforce Connection
To test parameters for a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce test --id <Connection-Name/ID> --clientid <Salesforce-Key-ID> --secret <Salesforce-Client-Secret>
Example Request
ksctl connectionmgmt salesforce test --clientid 3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12 --secret BC0556E7A0B4C96E218EF91370C5B --username salesforce-1 --conn-password 123456 --cloudname "Salesforce Sandbox Cloud"
Example Response
{
"connection_ok": true,
}
