Salesforce

What is Salesforce?

Salesforce is the world's leading CRM platform. Because it stores significant amounts of customer data, it is often reviewed in compliance audits. Connecting Salesforce lets Imara collect evidence about how access to that data is controlled and monitored.

What Imara collects from Salesforce

• User accounts, profiles, and permission sets
• Multi-factor authentication (MFA) status per user
• Login policies and session security settings
• Connected app configurations
• Field-level security and data access settings
  
  

Required permissions

Imara connects via a Salesforce Connected App using OAuth. The authorizing user should have a profile with the following permissions (read-only usage):

• View Setup and Configuration — read users, profiles, and permission sets
• API Enabled — allow API access
  
  

Imara does not create or modify any Salesforce records, users, or settings.

How to connect

1. In Salesforce, create a Connected App in Setup → Apps → App Manager with OAuth enabled and the api and refresh_token scopes.
2. In Imara, go to Integrations and select Salesforce.
3. Click Connect, sign in with a Salesforce admin account, and authorize the connection.
   
   

Frameworks supported

SOC 2, ISO 27001, LGPD, GDPR, CCPA, HIPAA.

What to expect

Imara maps Salesforce access controls and security settings to data protection controls. Users without MFA and profiles with excessive permissions are the most common findings.