This article explains how to configure the Interconnected Apps integration for Salesforce.
Overview
Interconnected Apps provides you with visibility into third-party plugins connected to sanctioned SaaS applications. To provide Cato with visibility of data within an app, you need to set up an integration with the required application. For more information, see Viewing and Analyzing Interconnected Apps.
To configure the Interconnected Apps integration, you need to:
Configure the integration within the SaaS application
Create the API connector in the Cato Management Application (CMA)
A CASB license is required for Interconnected Apps. For more about purchasing a CASB license, please contact your Cato representative.
Configuring the Salesforce Integration
To configure the Salesforce integration, create the required configurations in your Salesforce account, then configure the connector within the CMA.
Step 1: Configure the Integration in your Salesforce Account
To configure the Salesforce integration, create a user, assign it the required permission, and create an external client app.
To create a user for the integration:
Login to your Salesforce account (
<your_tenant>.lightning.force.com)Click on the gear icon and click Setup.
Search for Users
Click New User
Add the required details, with these configurations:
User License: Salesforce
Profile: Standard User
Click Save.
To assign the user the required permissions:
In your Salesforce account, search for Permission Sets.
Click New.
Enter the required fields and click Save.
Click Edit, and add these permissions:
API Enabled
API Only User
Customize Application
Manage Connected Apps
Manage Custom Permissions
Password Never Expires
Run Reports
View all External Client Apps
View Dashboards in Public Folders
View Developer Name
View Event Log Files
View Reports in Public Folders
View Roles and Role Hierarchy
View Setup and Configuration
Modify Metadata Through Metadata API Functions
Click Save.
Click Manage Assignments > Add Assignment and choose the user created above.
To create the external client app:
In your Salesforce account, search for External Client App Manager.
Click New External Client App.
Enter the required fields, with this configuration:
Distribution State: Local
Select API (Enable OAuth Settings) and check the Enable Oauth checkbox.
Under App Settings and these configurations:
Callback URl :
https://cc.catonetworks.com/redirect/cas/salesforce/callbackOAuth Scopes:
Manage user data via APIs (api)
Perform requests at any time (refresh_token, offline_access)
Access Analytics REST API resources (wave_api)
Flow Enablement: Check the Enable Client Credentials Flow checkbox
Click Create.
In the app’s page, navigate to Policies and click Edit.
Under OAuth Policies > Plugin Policies > Permitted Users, select Admin approved users are pre-authorized.
Under App Policies > Select Permission Sets select the permission set you created
Under OAuth Flows and External Client App Enhancements select the Enable Client Credentials Flow checkbox.
Under Run As (Username) add the email of the integration user.
Click Save.
In the app’s page, navigate to Settings > OAuth Settings > App Settings.
Click Consumer Key and Secret copy and save the Key and Secret to enter into the CMA.
Note: You may need to authenticate to view the Key and Secret.
Step 2: Create the API Connector in the CMA
After you have set up an integration with the required application, add the details in the CMA.
To create the API connector in the CMA:
From the navigation menu, click Resources > Integrations.
Click the Configured Integrations tab.
Click New.
The New Integration panel opens.
Select the SaaS Application you want to add.
In the Capability drop down select Third Party Apps.
Add the details created during step one.
Click Save.
The app is visible on the Integrated Apps table with a Connected status.
After connecting your APIs, you can track the interconnected apps on the Plugins page. Data may take a few minutes to appear.