Salesforce is a popular cloud-based customer relationship management (CRM) platform. In many organizations, Salesforce houses a wealth of data, including sensitive data, that multiple teams such as sales, marketing, and customer support use. Therefore, it is often the starting point for many data access requests in an organization. Satori’s data security platform provides secure and automated access to data through the application of security policies and access controls.
In this blog post, we provide an example of how to integrate Satori and Salesforce using an API relay server.
Integrating Satori and Salesforce
Satori provides a comprehensive and straightforward way to control access and enforce access policies to data stored in Salesforce. For example, a marketing Salesforce user needs temporary access to a customer’s Salesforce dataset.
The API relay server, which acts as a gateway between Salesforce and Satori, intercepts inbound Salesforce requests and forwards them to Satori for authentication and authorization. Having defined access control and security policies, Satori authenticates the user and either authorizes or blocks the request for access to data.
Satori’s fine-grained access controls provide access on a need-to-know basis. This access is revoked after a specified period of time ensuring that users are not over privileged. Satori’s security policies include dynamic data masking (where data is anonymized according to the user or their roles), RBAC, ABAC, and row-level security, so that only authorized users can access data through Salesforce requests.
Satori provides detailed information about Salesforce users’ requests and responses to specific Salesforce data. The visibility into data access and including any unauthorized access attempts help to increase data security while facilitating access to data.
Read more about Access Control: The Dementor of Data Engineering
The benefit of this integration is the time-to-value access that the Salesforce marketer receives from gaining access to necessary information. The benefits accrue from:
- Reduced time spent on administrative tasks. Automating access management reduces the time and effort required for administrative tasks. Admin and data engineering teams can now spend more time on productive activities instead of access controls.
- Improved security. Only authorized Salesforce users can access sensitive data, lowering the risk of data breaches and other security incidents. This reduces downtime and mitigates the impact of security incidents on business operations, increasing productivity.
- Increased collaboration. The ability to quickly access specific Salesforce data enables collaboration between teams such as Marketing and Sales, and facilities knowledge sharing.
Read more about increasing productivity and security.
Let’s take a look at how to set up the integration between Salesforce and Satori so that the Marketer can get access to required information quickly, easily and securely.
Example Using an API Relay Server
In this example, we create a small relay server to receive inbound URL parameters and convert those to valid Satori Rest API usage. We then create some Salesforce items to talk to this relay server.
We tested this using Salesforce Classic but have not yet tested it on Salesforce Lightning.
1. Create a New Custom Salesforce Object
This custom salesforce object becomes a child object on the Account. This allows us to obtain Salesforce reporting, for example, we can obtain “how many data access requests are being generated in Salesforce.”
The custom object also stores the information which we combine into a URL in the next step.
Define the necessary parameters for the Satori access request, in this case, satori_requests__c.
- Name of request (auto-generated by Salesforce)
- Duration (integer representing hours)
- Satori Dataset name
- Currently logged in user email {!User.Email}
- Time of request, who created the request (usual, default Salesforce behavior here)
2. Create a New Custom Link
Using the custom object we just created we use the information to create a custom link, which should look like the following link:
https://satori-api-server-oerhpdsjkla-wl.a.run.app?dataset={!Satori_Access_Request__c.Satori_Info__c}&duration={!Satori_Access_Request__c.Duration__c}&apikey=sdj222satori2022fdjk$339281^dks&email={!User.Email}
3. Connecting to an API Rely Server
The user connects to the relay server by clicking on the record link created in Salesforce. In this example the API relay server is satori-api-server-oerhpdsjkla-wl.a.run.app.
We have provided an Example Python code using the flask library for requests to the Satori API. For convenience, we deployed this code using Google Cloud Run. But this example could be any language on any cloud provider.
In Salesforce you also need to trust this URL to prevent warnings or blocks:
4. Connect your Satori Information to the Relay Server Code
Add your Satori Service ID and Service Key to the python relay server code per the readme file provided in the previous step.
5. Satori’s Secure Data Access from Salesforce
The relay server knows how to parse the request from Salesforce, and then creates individual access to the desired dataset for the desired period of time (hours).
Conclusion
Satori’s integration with Salesforce improves productivity by providing a secure and efficient way to manage access to data, based on Salesforce actions. Automated access controls and application of security policies ensure that Salesforce users gain access to data quickly and can easily collaborate with other teams, increasing the organization’s productivity.
To learn more about Satori:
- Learn more about increasing productivity and security
- Learn more about Fine-grained access control