Meet the Satori team at CDOIQ Symposium, July 16-18 ☘️

Access Control,

Satori

Automatic Data Access Requests in Salesforce with Satori

|Solution Architect

Salesforce is a popular cloud-based customer relationship management (CRM) platform. In many organizations, Salesforce houses a wealth of data, including sensitive data, that multiple teams such as sales, marketing, and customer support use. Therefore, it is often the starting point for many data access requests in an organization. Satori’s data security platform provides secure and automated access to data through the application of security policies and access controls.

In this blog post, we provide an example of how to integrate Satori and Salesforce using an API relay server. 

Integrating Satori and Salesforce

Satori provides a comprehensive and straightforward way to control access and enforce access policies to data stored in Salesforce. For example, a marketing Salesforce user needs temporary access to a customer’s Salesforce dataset. 

The API relay server, which acts as a gateway between Salesforce and Satori, intercepts inbound Salesforce requests and forwards them to Satori for authentication and authorization. Having defined access control and security policies, Satori authenticates the user and either authorizes or blocks the request for access to data.

Satori’s fine-grained access controls provide access on a need-to-know basis. This access is revoked after a specified period of time ensuring that users are not over privileged. Satori’s security policies include dynamic data masking (where data is anonymized according to the user or their roles), RBAC, ABAC, and row-level security, so that only authorized users can access data through Salesforce requests. 

Satori provides detailed information about Salesforce users’ requests and responses to specific Salesforce data. The visibility into data access and including any unauthorized access attempts help to increase data security while facilitating access to data. 

Read more about Access Control: The Dementor of Data Engineering 

The benefit of this integration is the time-to-value access that the Salesforce marketer receives from gaining access to necessary information. The benefits accrue from:

  1. Reduced time spent on administrative tasks. Automating access management reduces the time and effort required for administrative tasks. Admin and data engineering teams can now spend more time on productive activities instead of access controls. 
  2. Improved security. Only authorized Salesforce users can access sensitive data, lowering the risk of data breaches and other security incidents. This reduces downtime and mitigates the impact of security incidents on business operations, increasing productivity. 
  3. Increased collaboration. The ability to quickly access specific Salesforce data enables collaboration between teams such as Marketing and Sales, and facilities knowledge sharing. 

Read more about increasing productivity and security.

Let’s take a look at how to set up the integration between Salesforce and Satori so that the Marketer can get access to required information quickly, easily and securely. 

Get the latest from Satori

Example Using an API Relay Server

In this example, we create a small relay server to receive inbound URL parameters and convert those to valid Satori Rest API usage. We then create some Salesforce items to talk to this relay server.

We tested this using Salesforce Classic but have not yet tested it on Salesforce Lightning. 

1. Create a New Custom Salesforce Object

This custom salesforce object becomes a child object on the Account. This allows us to obtain Salesforce reporting, for example, we can obtain “how many data access requests are being generated in Salesforce.” 

The custom object also stores the information which we combine into a URL in the next step. 

Define the necessary parameters for the Satori access request, in this case, satori_requests__c.  

  • Name of request (auto-generated by Salesforce)
  • Duration (integer representing hours)
  • Satori Dataset name
  • Currently logged in user email {!User.Email}
  • Time of request, who created the request (usual, default Salesforce behavior here)

2. Create a New Custom Link

Using the custom object we just created we use the information to create a custom link, which should look like the following link:

https://satori-api-server-oerhpdsjkla-wl.a.run.app?dataset={!Satori_Access_Request__c.Satori_Info__c}&duration={!Satori_Access_Request__c.Duration__c}&apikey=sdj222satori2022fdjk$339281^dks&email={!User.Email}

3. Connecting to an API Rely Server

The user connects to the relay server by clicking on the record link created in Salesforce. In this example the API relay server is satori-api-server-oerhpdsjkla-wl.a.run.app

We have provided an Example Python code using the flask library for requests to the Satori API. For convenience, we deployed this code using Google Cloud Run. But this example could be any language on any cloud provider.

In Salesforce you also need to trust this URL to prevent warnings or blocks:

4. Connect your Satori Information to the Relay Server Code

Add your Satori Service ID and Service Key to the python relay server code per the readme file provided in the previous step.

5. Satori’s Secure Data Access from Salesforce

The relay server knows how to parse the request from Salesforce, and then creates individual access to the desired dataset for the desired period of time (hours).

Conclusion

Satori’s integration with Salesforce improves productivity by providing a secure and efficient way to manage access to data, based on Salesforce actions. Automated access controls and application of security policies ensure that Salesforce users gain access to data quickly and can easily collaborate with other teams, increasing the organization’s productivity. 

To learn more about Satori:

Learn More About Satori
in a Live Demo
Book A Demo
About the author
|Solution Architect

Ty Alevizos is a Principal Solution Architect at Satori Inc. He has 3 decades of experience in data-related fields, including database management, BI and visual analysis, data science principles, and organizational best practices around data topologies and data security. He graduated from U.C. Berkeley with a degree in music composition, and in his spare time plays jazz bass in Seattle and the Pacific Northwest region.

Back to Blog