Salesforce Integration with Grip Security - Posture (SSPM)

  • Updated on Sep 9, 2025
  • Published on Mar 4, 2025
  • 2 minute(s) read
  • nT
 Prev Next

Overview

The Salesforce integration with Grip’s SSPM module lets Grip pull account data from a single Salesforce organization and provide configuration insights around Session Settings, Password Policies, Certificate and Key Management, File Sharing Security, and Access Controls.

This article covers the required permissions and flow to integrate Salesforce with Grip's SSPM module.

Prerequisites

  • A Salesforce System Administrator permission to configure a new connected app.

  • Verify that the “Network Access” page is empty and does not include any "Trusted IP ranges."

    If such ranges exist, you will need to add a “Relax IP restrictions” policy to Grip, under "External Client App Manager.”

    This step is performed after creating the Grip Application in Salesforce, as explained later in this guide.

Salesforce setup.

From Salesforce, go to Setup (1) >> Apps >> App Manager (2) >> New External Client App (3).

Enter the connected app “Basic Information(5).

In the “API (Enable OAuth Settings)”, fill in the following details:

  • Check the “Enable OAuth Settings” checkbox.

  • In the “Callback URL(5) enter the following URL.

    https://central-prod.dep.grip.security/central/v1/integrations/salesforce/auth/callback

  • Add the following OAuth scopes (6) :

    • Manage user data via APIs (api)

    • Perform requests at any time (refresh_token, offline_access)

Check only the below checkboxes:

  • Require Secret for Web Server Flow

  • Require Secret for Refresh Token Flow

! Pay attention.

Ensure the "Require Proof Key for Code Exchange…" is UNCHECKED

  • Click “Create.” (8)

  • Return to Apps » External Client Apps » External Client App Manager, select your Grip SSPM client.

If “Trusted IP ranges” exist, Configure “Relax IP restrictions”

  • Under the “Policies” tab, click the “Edit” button and expand the “OAuth Policies” dropdown.

  • Scroll down to “App Authorization” section

  • Under the “IP Relaxation” field, select “Relax IP restriction

  • Click “Save

  • Go to the “Settings” tab, expand OAuth settings (9), and click “Consumer Key and Secret.”

  • Paste the verification code you received.

  • Copy the “Consumer Key” and the “Consumer Secret.” (10)

 Connecting Salesforce to Grip SaaS Security Posture Management.

From the Grip portal, go to “Posture (1) >> “Add Tenant(2)

  • Click on “Salesforce(3)

  • Enter a “Display Name

  • The “OAuth Endpoint” should be populated with "mycompany.my.salesforce.com"

    Note

    If you want to test the endpoint in a “Sandbox environment,” enter test.salesforce.com in the OAuth Endpoint field

  • Paste the “Consumer key & secret” you copied in the previous step to the “Consumer Key(4) and “Consumer Secret (5) fields.

  

  • You will receive a link to send to the Salesforce admin.

  • The admin should navigate to the link and “Allow” the access.

  • This should connect the integration.

Once connected, please refresh the page, and the Tenant will be added to the “Connected Tenants” list.

Click the tenant to see and filter your policy statuses, assess your security posture, and begin fixing it.

Related articles