Salesforce Integration with Grip Security - Posture (SSPM)

Updated
  • Updated on Apr 1, 2025
  • Published on Mar 4, 2025
  • 1 minute(s) read
  • nT

Overview

The Salesforce integration with Grip’s SSPM module lets Grip pull account data from a single Salesforce organization and provide configuration insights around Session Settings, Password Policies, Certificate and Key Management, File Sharing Security, and Access Controls.

This article covers the required permissions and flow to integrate Salesforce with Grip's SSPM module.

Prerequisites

A Salesforce System Administrator permission to configure a new connected app.

Salesforce setup.

From Salesforce, go to Setup (1) >> Apps >> App Manager (2) >> New Connected App (3).

Select the “Created a Connected App” option (4) and click “Continue.”

Enter the connected app “Basic Information(5).

In the “API (Enable OAuth Settings)”, fill in the following details:

  • Check the “Enable OAuth Settings” checkbox.

  • In the “Callback URL(6) enter the following URL.

    https://central-prod.dep.grip.security/central/v1/integrations/salesforce/auth/callback

  • Add the following Oath scopes (7) :

    • Manage user data via APIs (api)

    • Perform requests at any time (refresh_token, offline_access)

  • Check only the below checkboxes:

    Make sure you uncheck the first checkbox "Require Proof Key.."if it's checked by default.

    • Require Secret for Web Server Flow

    • Require Secret for Refresh Token Flow

  • Click “Save.” (8)

  • From the "App Manager" Page >> Click "Continue" >> click on “Manage Consumer Details. (9)

Note

To find the app in case you are out of this page, go to the "App Manager" Page -> Find the created connection -> Select "View," >> Click on “Manage Consumer Details."

  • Paste the verification code you received.

  • Copy the “Consumer Key” and the “Consumer Secret.” (10)

 Connecting Salesforce to Grip SaaS Security Posture Management.

From the Grip portal, go to “Posture (1) >> “Add Tenant(2)

  • Click on “Salesforce(3)

  • Enter a “Display Name

  • The “OAuth Endpoint” is automatically populated, but if you want to test it in a “Sandbox environment,” replace the word “login” with “test.”  

  • Paste the “Consumer key & secret” you copied in the previous step to the “Consumer Key(4) and “Consumer Secret (5) fields.

  

  • You will receive a link to send to the Salesforce admin.

  • The admin should navigate to the link and “Allow” the access.

  • This should connect the integration.

Once connected, the Tenant will be added to the “Connected Tenants” list.

Click the tenant to see and filter your policy statuses, assess your security posture, and begin fixing it.

Related articles