A walk through of how to install Nightfall's DLP solution for Salesforce.
Nightfall's Salesforce integration allows you to scan updates to objects and fields in real-time across sandbox and production organizations in Salesforce. This getting started guide will walk you through installing and upgrading the components of the solution.
Salesforce vertical cloud offerings are not supported as of today.
Nightfall's Salesforce integration allows you to scan updates to objects and fields in real-time across sandbox and production organizations in Salesforce. This getting started guide will walk you through installing and upgrading the components of the solution.
Nightfall DLP for Salesforce supports the following Salesforce Sales Cloud editions across both production and sandbox instances:
Enterprise
Unlimited
Developer
Salesforce vertical cloud offerings are not supported as of today.
You can install and authorize Nightfall DLP app package in Salesforce production environments.
You can view and remediate Salesforce DLP policy violations within the Nightfall dashboard and violations monitoring page.
Learn how to install Nightfall DLP for Salesforce.
Registering a Salesforce organization involves two steps:
Deploying the Nightfall DLP package to the Salesforce organization
Authorising the Nightfall DLP package to be used to scan updates to Salesforce
To successfully execute the above two steps, the credentials of a Salesforce user with a System Admin profile would be required.
Nightfall can ‘auto-discover' all Sandbox organizations associated with a production organization. Upon installing Nightfall in a production organization, the system administrator grants privileges to the organization using OAuth, Nightfall displays all sandbox organizations within the organization.
All sandbox organizations display as Unauthorized until the administrator explicitly sets up these organizations for scanning by Nightfall.
The user account must remain valid and set up as a Salesforce admin profile while the Salesforce org is onboarded and remains active on Nightfall.
Credentials for a user account that is of type Salesforce admin profile
The user account should remain valid and set up as a Salesforce admin profile while the Salesforce org is onboard and remains active on Nightfall.
Click Salesforce under the Integrations section, from the left menu bar.
Click Begin Setup on the Salesforce Setup section.
Select one of the Salesforce org types.
Sandbox: Select this option to install the Nightfall DLP for Salesforce in a sandbox environment.
Production: Select this option to install the Nightfall DLP for Salesforce in an actual Salesforce production environment.
Click Install. The Salesforce login page is displayed in a new browser tab.
IMPORTANT
If you have enabled SSO on your Salesforce account, Nightfall does not redirect you to the SSO page in Salesforce when you click the Install button in the previous step. You are still redirected to the Salesforce login page. In this case, you must perform one of the following tasks.
On the Salesforce login page, click the Use Custom Domain button. You are redirected to Salesforce Custom Domain page. On the Custom Domain page, you must enter your organisation's salesforce domain and hit the enter key. If you have set up redirection on your Salesforce domain, you are redirected to the SSO page and you must login with SSO and the installation process continues.
OR
If you have not set up redirection on your Salesforce domain, you must first login to your Salesforce account using SSO and then navigate to the Nightfall UI and start the installation process. In this case, you need not enter the credentials after clicking the Install button and the process will continue without any bottlenecks.
The Salesforce Installed Packages window is displayed. Verify that the Nightfall DLP package is displayed.
Return to the browser in which you opened the Nightfall App. The Authenticate with Salesforce window is displayed.
Click Authenticate. The Salesforce permission page is displayed.
If a permission link is displayed, click Allow.
Click Finish.
Learn how you can upgrade the Nightfall DLP package, installed in a Salesforce org.
You can choose to upgrade Nightfall DLP for Salesforce from one of the following methods.
Upgrading the Nightfall package is the same as that to install Nightfall package for the first time in a Salesforce org. To upgrade from Nightfall’s console,
Login into Nightfall console https://app.nightfall.ai
Select Salesforce under My Integrations.
Click Add Org (In the following image three Salesforce orgs are already configured. If you are adding a Salesforce org for the first time, you will not see any org added).
Select either Production or Sandbox options. You must select the option in which you wish to upgrade the Nightfall for Salesforce DLP.
Click Continue.
Click Install.
Login to the Salesforce environment in which you wish to upgrade the Nightfall DLP.
Select Install for Admins Only to install the upgrade package only to Salesforce admin users.
Click Upgrade.
Once the upgrade is completed, you can view the following screen. Click Done.
To upgrade from within Salesforce
Navigate to the Salesforce App Exchange site.
Login to your Appexchange account.
Use the search bar to find the Nightfall app.
Select the Nightfall - Data Security and Compliance app.
Click Get It Now.
Select the connected Salesforce Production or Sandbox org in which you wish to upgrade the package.
Click Install in Production or Install in Sandbox, based on the selection you made in the previous step.
Agree to the Terms and Conditions check box and click Confirm and Install.
You are redirected to the Salesforce login page.
Log in to the selected Salesforce account you selected in step 7.
Select Install for Admins Only to install the upgrade package only to Salesforce admin users.
Click Upgrade.
Once the upgrade is completed, you can view the following screen. Click Done.
Learn how you can configure integration level alerts in Salesforce.
The Nightfall DLP for Salesforce supports the configuration of alerts at the policy level and the integration level. Alerts for Salesforce can be sent to the following alert destinations.
When you configure alert settings at the integration level, the alert settings apply to all the policies, created for the Salesforce DLP integration. However, when you configure alert settings specifically for a policy, which is created in the Salesforce DLP integration, the alert settings are applicable only for that specific policy.
This document explains how to configure alerts at the integration level. To learn about how to configure alerts at the policy level, read this document.
To use Slack as an alert platform, you must first perform the required Slack configurations. You can refer to this document to learn more about how to configure Slack as an Alert platform.
To use Webhook as an alert platform, you must first perform the required Webhook configurations. You can refer to this document to learn more about how to configure Webhook as an Alert platform.
To use JIRA as an alert platform, you must have the DLP for the JIRA app installed from the Atlassian Marketplace. You can read more about the DLP for JIRA integration here.
You can configure alerts at the integration level once you have installed the Nightfall for Salesforce DLP integration.
To configure alerts at the integration level:
Navigate to the Salesforce DLP integration
Scroll down to the Alerting section.
You can configure one or multiple alert channels.
To configure Slack as an alert channel, click + Slack channel.
In the Slack alert channel field, enter the name of the Slack channel in which you wish to receive the alerts.
Click Save.
A confirmation pop-up box is displayed to confirm if the Slack channel (entered in the second step) must be used only for Salesforce DLP integration or all the Nightfall integrations.
Select No, only integration level to use the Slack channel only for Salesforce DLP, or select Yes, please to use the selected Slack channel for all the Nightfall integrations.
Click + Email.
Enter the Email ID of the recipient who should receive the notifications.
Click Save.
A confirmation pop-up box is displayed to confirm if the Email ID (entered in the second step) must be used only for Salesforce DLP integration or all the Nightfall integrations.
Select No, only integration level to use the Slack channel only for Salesforce DLP, or select Yes, please to use the selected Slack channel for all the Nightfall integrations.
Click + Webhook.
Enter the Webhook URL.
Click Test. If the test result is not successful, check the Webhook URL.
(Optional) Click Add Header to add headers.
Click Save.
When you configure alerts to a Webhook, Nightfall AI sends occasional posts to:
To validate that the Webhook is properly configured before the policy is saved.
Periodically thereafter to ensure that the Webhook is still valid.
The response to the test Webhooks is 200
status code if successful.
An example of Webhook request is as follows.
This is part of alert event consumption and can be ignored.
Click + Jira Ticket.
Select a JIRA project from the Jira Project drop-down menu.
Select an issue type from the Issue Type drop-down menu.
(Optional) Add comments to be added in the JIRA ticket.
Click Save changes.
A confirmation pop-up box is displayed to confirm if the JIRA settings configured for the Salesforce DLP integration must be applied to all the other Nightfall integrations too.
Select No, only integration level to use the configurations only for Salesforce DLP, or select Yes, please to use the selected JIRA configurations for all the Nightfall integrations.
When a Violation occurs, Nightfall sends a notification to the end-user whose actions triggered the violation. While notifying the end-user, Nightfall also sends a text message. You can draft the text message to be sent to the end-user. This message applies to all the policies. Click Save changes once done.