Salesforce Integration with Grip Security - Posture (SSPM)

  • Updated on Jul 5, 2025
  • Published on Mar 4, 2025
  • 1 minute(s) read
  • nT
 Prev Next

Overview

The Salesforce integration with Grip’s SSPM module lets Grip pull account data from a single Salesforce organization and provide configuration insights around Session Settings, Password Policies, Certificate and Key Management, File Sharing Security, and Access Controls.

This article covers the required permissions and flow to integrate Salesforce with Grip's SSPM module.

Prerequisites

A Salesforce System Administrator permission to configure a new connected app.

Salesforce setup.

From Salesforce, go to Setup (1) >> Apps >> App Manager (2) >> New Connected App (3).

Enter the connected app “Basic Information(5).

In the “API (Enable OAuth Settings)”, fill in the following details:

  • Check the “Enable OAuth Settings” checkbox.

  • In the “Callback URL(5) enter the following URL.

    https://central-prod.dep.grip.security/central/v1/integrations/salesforce/auth/callback

  • Add the following OAuth scopes (6) :

    • Manage user data via APIs (api)

    • Perform requests at any time (refresh_token, offline_access)

Check only the below checkboxes:

  • Require Secret for Web Server Flow

  • Require Secret for Refresh Token Flow

! Pay attention.

Ensure the "Require Proof Key for Code Exchange…" is UNCHACKED

  • Click “Create.” (8)

  • In the newly created app, go to the “Settings” tab, expand OAuth settings (9), and click “Consumer Key and Secret.”

Note

To find the app in case you are off this page, go to the "App Manager" Page -> Find the created connection -> Select "View" -> Click on “Manage Consumer Details."

  • Paste the verification code you received.

  • Copy the “Consumer Key” and the “Consumer Secret.” (10)

 Connecting Salesforce to Grip SaaS Security Posture Management.

From the Grip portal, go to “Posture (1) >> “Add Tenant(2)

  • Click on “Salesforce(3)

  • Enter a “Display Name

  • The “OAuth Endpoint” is automatically populated, but if you want to test it in a “Sandbox environment,” replace the word “login” with “test.”  

  • Paste the “Consumer key & secret” you copied in the previous step to the “Consumer Key(4) and “Consumer Secret (5) fields.

  

  • You will receive a link to send to the Salesforce admin.

  • The admin should navigate to the link and “Allow” the access.

  • This should connect the integration.

Once connected, the Tenant will be added to the “Connected Tenants” list.

Click the tenant to see and filter your policy statuses, assess your security posture, and begin fixing it.

Related articles