Learn how Nightfall's DLP Capabilities can now be used in Salesforce!
You can now use Nightfall DLP, in Beta, to scan objects and fields in real-time across sandbox and production organizations in Salesforce.
With the instantaneous discovery of sensitive data sprawl within your Salesforce environment, Nightfall also enables you to take instantaneous remediation actions to eliminate all data security risks.
Salesforce Tiers Supported:
Nightfall DLP for Salesforce supports the below-mentioned Salesforce Sales Cloud editions: Enterprise, Unlimited and Developer editions across both production and sandbox organizations. Salesforce Service Cloud and other cloud offerings are not supported as of today.
What can Nightfall scan within Salesforce?
Objects - Nightfall DLP for Salesforce supports the below-listed objects with real-time scans: Accounts, Case, Task, Feed Comments, Feed Item, Attachments and Email messages.
Fields - Field of type boolean, date-time, reference, and id field are unsupported. All other field types are supported.
Create a dedicated Salesforce user with System administrator permissions who will be the administrator of the Nightfall app in Salesforce.
This user will need to login with their Salesforce credentials when authorizing the Salesforce DLP app using OAuth in the Nightfall console.
Install the Nightfall connected app package within Salesforce
Login to Salesforce with the admin credentials.
To authorize the custom Nightfall application package, select Install for administrators only. Select Install to install the package, as shown in the screenshots below.
Select 'Install for Admins Only'
Confirm that the installation has completed successfully.
The NightfallDLP package can now be seen in Installed Packages within Salesforce.
Create a Salesforce user (Nightfall administrator) with system administrator privileges
As a security best practice, Nightfall recommends that you create a dedicated user who shall administer Nightfall DLP for your Salesforce environment. Assign System administrator permissions to this user.
Navigate to the Setup - Administration - Users configuration within your Salesforce organization.
Select permission sets.
Create a new permission set and assign the system permissions to this set which are required for Nightfall DLP. This enables the Nightfall DLP app to discover and protect sensitive data found in any Salesforce objects and fields in real-time.
The process can be seen in the screenshots below:
Select Users. Create a new user.
Once you have created the user, navigate to the permissions sets for that user. Assign the newly created permissions set to the user (administrator for Nightfall) of the Salesforce DLP application.
Example User addition
Grant access to the Nightfall application
We will now switch over to the Nightfall console. Navigate to the Salesforce tab within the Nightfall console, and you can begin the process to Install the Nightfall app in your organization.
You will see the Salesforce option in the list of Integrations on the left
To authorize, you will be prompted to Login to Salesforce with your admin credentials.
These would be the credentials of the newly created user for the Nightfall DLP app.
Salesforce Permission Approval screen
Once complete, you should be redirected to the Nightfall console and you will be ready to begin Policy Creation, with steps at the page below!