Povratne informacije Uredi

Connect to and manage Salesforce in Microsoft Purview (Preview)

  • Članak
  • 6 min. za čitanje

This article outlines how to register Salesforce, and how to authenticate and interact with Salesforce in Microsoft Purview. For more information about Microsoft Purview, read the introductory article.

Important

This feature is currently in PREVIEW. The Supplemental Terms of Use for Microsoft Azure Previews include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Supported capabilities

Metadata Extraction Full Scan Incremental Scan Scoped Scan Classification Access Policy Lineage Data Sharing
Yes Yes No Yes No No No

When scanning Salesforce source, Microsoft Purview supports extracting technical metadata including:

  • Organization
  • Objects including the fields, foreign keys, and unique_constraints

When setting up scan, you can choose to scan an entire Salesforce organization, or scope the scan to a subset of objects matching the given name(s) or name pattern(s).

Prerequisites

Note

If your data store is not publicly accessible (if your data store limits access from on-premises network, private network or specific IPs, etc.), you will need to configure a self hosted integration runtime to connect to it.

Required permissions for scan

If users will be submitting Salesforce Documents, certain security settings must be configured to allow this access on Standard Objects and Custom Objects. To configure permissions:

  • Within Salesforce, select Setup and then select Manage Users.
  • Under the Manage Users tree select Profiles.
  • Once the Profiles appear on the right, select which Profile you want to edit and select the Edit link next to the corresponding profile.

For Standard Objects, ensure that the "Documents" section has the Read permissions selected. For Custom Objects, ensure that the Read permissions selected for each custom objects.

Register

This section describes how to register Salesforce in Microsoft Purview using the Microsoft Purview governance portal.

Steps to register

To register a new Salesforce source in your data catalog, follow these steps:

  1. Navigate to your Microsoft Purview account in the Microsoft Purview governance portal.
  2. Select Data Map on the left navigation.
  3. Select Register
  4. On Register sources, select Salesforce. Select Continue.

On the Register sources (Salesforce) screen, follow these steps:

  1. Enter a Name that the data source will be listed within the Catalog.

  2. Enter the Salesforce login endpoint URL as Domain URL. For example, https://login.salesforce.com. You can use your company' instance URL (such as https://na30.salesforce.com) or My Domain URL (such as https://myCompanyName.my.salesforce.com/).

  3. Select a collection or create a new one (Optional)

  4. Finish to register the data source.

    register sources options

Scan

Follow the steps below to scan Salesforce to automatically identify assets. For more information about scanning in general, see our introduction to scans and ingestion.

Microsoft Purview uses Salesforce REST API version 41.0 to extract metadata, including REST requests like 'Describe Global' URI (/v41.0/sobjects/),'sObject Basic Information' URI (/v41.0/sobjects/sObject/), and 'SOQL Query' URI (/v41.0/query?).

Authentication for a scan

The supported authentication type for a Salesforce source is Consumer key authentication.

Create and run scan

To create and run a new scan, follow these steps:

  1. If your server is publicly accessible, skip to step two. Otherwise, you'll need to make sure your self-hosted integration runtime is configured:

    1. In the Microsoft Purview governance portal, got to the Management Center, and select Integration runtimes.
    2. Make sure a self-hosted integration runtime is available. If one isn't set up, use the steps mentioned here to set up a self-hosted integration runtime.

  2. In the Microsoft Purview governance portal, navigate to Sources.

  3. Select the registered Salesforce source.

  4. Select + New scan.

  5. Provide the below details:

    1. Name: The name of the scan

    2. Connect via integration runtime: Select the Azure auto-resolved integration runtime if your server is publicly accessible, or your configured self-hosted integration runtime if it isn't publicly available.

    3. Credential: Select the credential to connect to your data source. Make sure to:

      • Select Consumer key while creating a credential.
      • Provide the username of the user that the connected app is imitating in the User name input field.
      • Store the password of the user that the connected app is imitating in an Azure Key Vault secret.
        • If your self-hosted integration runtime machine's IP is within the trusted IP ranges for your organization set on Salesforce, provide just the password of the user.
        • Otherwise, concatenate the password and security token as the value of the secret. The security token is an automatically generated key that must be added to the end of the password when logging in to Salesforce from an untrusted network. Learn more about how to get or reset a security token.
      • Provide the consumer key from the connected app definition. You can find it on the connected app's Manage Connected Apps page or from the connected app's definition.
      • Stored the consumer secret from the connected app definition in an Azure Key Vault secret. You can find it along with consumer key.

    4. Objects: Provide a list of object names to scope your scan. For example, object1; object2. An empty list means retrieving all available objects. You can specify object names as a wildcard pattern. For example, topic?, *topic*, or topic_?,*topic*.

    5. Maximum memory available (applicable when using self-hosted integration runtime): Maximum memory (in GB) available on customer's VM to be used by scanning processes. This is dependent on the size of Salesforce source to be scanned.

      Note

      As a rule of thumb, please provide 1GB memory for every 1000 tables

      scan Salesforce

  6. Select Continue.

  7. Choose your scan trigger. You can set up a schedule or ran the scan once.

  8. Review your scan and select Save and Run.

View your scans and scan runs

To view existing scans, do the following:

  1. Go to the Microsoft Purview governance portal. Select the Data Map tab under the left pane.

  2. Select the desired data source. You will see a list of existing scans on that data source under Recent scans, or can view all scans under the Scans tab.

  3. Select the scan that has results you want to view.

  4. This page will show you all of the previous scan runs along with the status and metrics for each scan run. It will also display whether your scan was scheduled or manual, how many assets had classifications applied, how many total assets were discovered, the start and end time of the scan, and the total scan duration.

Manage your scans - edit, delete, or cancel

To manage or delete a scan, do the following:

  1. Go to the Microsoft Purview governance portal. Select the Data Map tab under the left pane.

  2. Select the desired data source. You will see a list of existing scans on that data source under Recent scans, or can view all scans under the Scans tab.

  3. Select the scan you would like to manage. You can edit the scan by selecting Edit scan.

  4. You can cancel an in progress scan by selecting Cancel scan run.

  5. You can delete your scan by selecting Delete scan.

Note

  • Deleting your scan does not delete catalog assets created from previous scans.
  • The asset will no longer be updated with schema changes if your source table has changed and you re-scan the source table after editing the description in the schema tab of Microsoft Purview.

Next steps

Now that you've registered your source, follow the below guides to learn more about Microsoft Purview and your data.