Automatic Data Access Requests in Salesforce with Satori

Salesforce is a popular cloud-based customer relationship management (CRM) platform. In many organizations, Salesforce houses a wealth of data, including sensitive data, that multiple teams such as sales, marketing, and customer support use. Therefore, it is often the starting point for many data access requests in an organization. Satori’s data security platform provides secure and automated access to data through the application of security policies and access controls.

In this blog post, we provide an example of how to integrate Satori and Salesforce using an API relay server. 

Satori provides a comprehensive and straightforward way to control access and enforce access policies to data stored in Salesforce. For example, a marketing Salesforce user needs temporary access to a customer’s Salesforce dataset. 

The API relay server, which acts as a gateway between Salesforce and Satori, intercepts inbound Salesforce requests and forwards them to Satori for authentication and authorization. Having defined access control and security policies, Satori authenticates the user and either authorizes or blocks the request for access to data.

Satori’s fine-grained access controls provide access on a need-to-know basis. This access is revoked after a specified period of time ensuring that users are not over privileged. Satori’s security policies include dynamic data masking (where data is anonymized according to the user or their roles), RBAC, ABAC, and row-level security, so that only authorized users can access data through Salesforce requests. 

Satori provides detailed information about Salesforce users’ requests and responses to specific Salesforce data. The visibility into data access and including any unauthorized access attempts help to increase data security while facilitating access to data. 

Read more about Access Control: The Dementor of Data Engineering 

The benefit of this integration is the time-to-value access that the Salesforce marketer receives from gaining access to necessary information. The benefits accrue from:

1. Reduced time spent on administrative tasks. Automating access management reduces the time and effort required for administrative tasks. Admin and data engineering teams can now spend more time on productive activities instead of access controls. 
2. Improved security. Only authorized Salesforce users can access sensitive data, lowering the risk of data breaches and other security incidents. This reduces downtime and mitigates the impact of security incidents on business operations, increasing productivity. 
3. Increased collaboration. The ability to quickly access specific Salesforce data enables collaboration between teams such as Marketing and Sales, and facilities knowledge sharing. 

Read more about increasing productivity and security.

Let’s take a look at how to set up the integration between Salesforce and Satori so that the Marketer can get access to required information quickly, easily and securely. 

In this example, we create a small relay server to receive inbound URL parameters and convert those to valid Satori Rest API usage. We then create some Salesforce items to talk to this relay server.

We tested this using Salesforce Classic but have not yet tested it on Salesforce Lightning. 

This custom salesforce object becomes a child object on the Account. This allows us to obtain Salesforce reporting, for example, we can obtain “how many data access requests are being generated in Salesforce.” 

The custom object also stores the information which we combine into a URL in the next step. 

Define the necessary parameters for the Satori access request, in this case, satori_requests__c.  

• Name of request (auto-generated by Salesforce)
• Duration (integer representing hours)
• Satori Dataset name
• Currently logged in user email {!User.Email}
• Time of request, who created the request (usual, default Salesforce behavior here)

Using the custom object we just created we use the information to create a custom link, which should look like the following link:

https://satori-api-server-oerhpdsjkla-wl.a.run.app?dataset={!Satori_Access_Request__c.Satori_Info__c}&duration={!Satori_Access_Request__c.Duration__c}&apikey=sdj222satori2022fdjk$339281^dks&email={!User.Email}

The user connects to the relay server by clicking on the record link created in Salesforce. In this example the API relay server is satori-api-server-oerhpdsjkla-wl.a.run.app. 

We have provided an Example Python code using the flask library for requests to the Satori API. For convenience, we deployed this code using Google Cloud Run. But this example could be any language on any cloud provider.

In Salesforce you also need to trust this URL to prevent warnings or blocks:

Add your Satori Service ID and Service Key to the python relay server code per the readme file provided in the previous step.

The relay server knows how to parse the request from Salesforce, and then creates individual access to the desired dataset for the desired period of time (hours).

Satori’s integration with Salesforce improves productivity by providing a secure and efficient way to manage access to data, based on Salesforce actions. Automated access controls and application of security policies ensure that Salesforce users gain access to data quickly and can easily collaborate with other teams, increasing the organization’s productivity. 

To learn more about Satori:

• Book a demo with one of our experts

• Learn more about increasing productivity and security

• Learn more about Fine-grained access control