將 Salesforce 連接至 Microsoft Cloud App SecurityConnect Salesforce to Microsoft Cloud App Security

適用於:Microsoft Cloud App SecurityApplies to: Microsoft Cloud App Security


Microsoft 的威脅防護產品名稱即將變更。Threat protection product names from Microsoft are changing. 如需有關此變更的詳細資訊與其他更新,請參閱這裡Read more about this and other updates here. 我們將在不久的將來更新產品與文件中的名稱。We'll be updating names in products and in the docs in the near future.

本文提供如何使用應用程式連接器 API,將 Microsoft Cloud App Security 連線到您現有 Salesforce 帳戶的指示。This article provides instructions for connecting Microsoft Cloud App Security to your existing Salesforce account using the app connector API. 此連線可讓您檢視及控制 Salesforce 的使用。This connection gives you visibility into and control over Salesforce use. 如需 Cloud App Security 如何保護 Salesforce 的詳細資訊,請參閱 保護 salesforceFor information about how Cloud App Security protects Salesforce, see Protect Salesforce.

如何將 Salesforce 連接至 Cloud App SecurityHow to connect Salesforce to Cloud App Security

  1. 建議使用 Cloud App Security 專屬的服務系統管理員帳戶。It's recommended to have a dedicated service admin account for Cloud App Security.

  2. 驗證 REST API 已在 Salesforce 中啟用。Validate that REST API is enabled in Salesforce.

    您的 Salesforce 帳戶必須是下列其中一個包含 REST API 支援的版本︰Your Salesforce account must be one of the following editions that include REST API support:

    效能企業無限制開發人員Performance, Enterprise, Unlimited, or Developer.

    Professional 版本預設沒有 REST API,但可以依需求新增。The Professional edition doesn't have REST API by default, but it can be added on demand.

    請檢查您的版本有 REST API 可用且已啟用,如下所示︰Check to see that your edition has REST API available and enabled as follows:

    • 登入您的 Salesforce 帳戶,並移至 [設定]**** 頁面。Sign in to your Salesforce account and go to the Setup page.

    • 在 [管理使用者]**** 下,移至 [使用者設定檔]**** 頁面。Under Manage Users, go to the User Profiles page.

      salesforce 管理使用者設定檔salesforce manage users profiles

    • 按一下 [新增]**** 建立新的設定檔。Create a new profile by clicking New.

    • 選擇您剛才用來部署 Cloud App Security 的設定檔,然後按一下 [編輯]****。Choose the profile you just created to deploy Cloud App Security and click Edit. 此設定檔將用於 Cloud App Security 服務帳戶,以設定應用程式連線程式。This profile will be used for the Cloud App Security service account to set up the App connector.

      salesforce 編輯設定檔salesforce edit profile

    • 請確定您已啟用下列核取方塊:Make sure you have the following checkboxes enabled:

      • 啟用 APIAPI Enabled
      • 檢視所有資料View All Data
      • 管理 Salesforce CRM 內容Manage Salesforce CRM Content
      • 管理使用者Manage Users
      • 查詢所有檔案Query All Files

      如果未選取這些核取方塊,您可能需要連絡 Salesforce 以將其新增至您的帳戶。If these checkboxes aren't selected, you may need to contact Salesforce to add them to your account.

  3. 如果您的組織已啟用 Salesforce CRM 內容,請確定目前的系統管理帳戶也有啟用它。If your organization has Salesforce CRM Content enabled, make sure that the current administrative account has it enabled as well.

    1. 移至您的 Salesforce 設定頁面。Go to your Salesforce setup page.

      salesforce 設定salesforce setup

    2. 從側邊功能表上,選取 [管理使用者]****,然後按一下 [使用者]****。From the side-menu, select Manage Users and then click Users.

      salesforce 功能表使用者salesforce menu users

    3. 將目前的系統管理使用者選取為專屬的 Cloud App Security 使用者。Select the current administrative user to your dedicated Cloud App Security user.

    4. 請確定已選取 [Salesforce CRM Content User](Salesforce CRM 內容使用者)**** 核取方塊。Make sure that the Salesforce CRM Content User check box is selected.

      如果未選取,請按一下 [編輯]****,然後核取此核取方塊。If it isn't selected, click Edit and then check the check box.

      salesforce crm 內容使用者salesforce crm content user

    5. 按一下 [檔案] 。Click Save.

  4. 在 Cloud App Security 主控台中,依序按一下 [調查]**** 和 [連線應用程式]****。In the Cloud App Security console, click Investigate and then Connected apps.

  5. 在 [App 連線程式]**** 頁面中,依序按一下加號按鈕及 [Salesforce]****。In the App connectors page, click the plus button followed by Salesforce.

    連接 salesforceconnect salesforce

  6. 取決於您想要安裝哪一個執行個體,在 [Salesforce 設定] 頁面的 [API] 索引標籤中,按一下 [連入此連結]****。In the Salesforce settings page, on the API tab, click Follow this link, depending on which instance you want to install.

  7. 即會開啟 Salesforce 登入頁面。This opens the Salesforce sign in page. 輸入您的認證,允許 Cloud App Security 存取您小組的 Salesforce 應用程式。Enter your credentials to allow Cloud App Security access to your team's Salesforce app.

    salesforce 登入salesforce sign-in

  8. Salesforce 會詢問您是否要允許 Cloud App Security 存取小組資訊和活動記錄檔,並允許其以任何小組成員的身分執行任何活動。Salesforce will ask you if you want to allow Cloud App Security access to your team information and activity log and perform any activity as any team member. 若要進行,請按一下 [允許]****。To proceed, click Allow.

  9. 此時,您會收到部署成功或失敗的通知。At this point, you'll receive a success or failure notice for the deployment. 現在,Cloud App Security 已在 Salesforce.com 中獲得授權。Cloud App Security is now authorized in Salesforce.com.

  10. 返回 Cloud App Security 主控台時,您應該會看到 Salesforce 已順利連接的訊息。Back in the Cloud App Security console, you should see the Salesforce was successfully connected message.

  11. 按一下 [測試 API]**** 確定連線成功。Make sure the connection succeeded by clicking Test API.

    測試可能需要幾分鐘的時間。Testing may take a couple of minutes. 收到成功通知之後,按一下 [完成]****。After receiving a success notice, click Done.

連線到 Salesforce 之後,您將會收到下列「事件」:自連線起的觸發程序、連線前 60 天的登入事件與設定稽核線索、EventMonitoring 30 天前或 1 天前的事件 (根據您的 Salesforce EventMonitoring 授權而定)。After connecting Salesforce, you'll receive Events as follows: Triggers from the moment of connection, Log in events, and Setup Audit Trail for 60 days prior to connection, EventMonitoring 30 days, or 1 day back - depending on your Salesforce EventMonitoring license. Cloud App Security API 會直接與 Salesforce 提供的 API 進行通訊。The Cloud App Security API communicates directly with the APIs available from Salesforce. 因為 Salesforce 限制了可以接收的 API 呼叫數目,所以 Cloud App Security 會將此納入考量並遵守限制。Because Salesforce limits the number of API calls it can receive, Cloud App Security takes this into account and respects the limitation. Salesforce API 傳送的每個回應都有 API 計數器欄位,包括可用總計數和剩餘計數。Salesforce APIs send each response with a field for the API counters, including total available and remaining. Cloud App Security 以百分比計算此值,確保一律保留 10% 的可用 API 呼叫。Cloud App Security calculates this into a percentage and makes sure to always leave 10% of available API calls remaining.


Cloud App Security 節流只計算它自己和 Salesforce 的 API 呼叫,不計算任何其他應用程式和 Salesforce 進行的 API 呼叫。Cloud App Security throttling is calculated solely on its own API calls with Salesforce, not with those of any other applications making API calls with Salesforce. 因為限制而限制 API 呼叫會降低 Cloud App Security 內嵌資料的速率,但通常隔夜就會趕上進度。Limiting API calls due to the limitation may slow down the rate at which data is ingested in Cloud App Security, but usually catches up over night.

Cloud App security 處理 Salesforce 事件的方式如下︰Salesforce events are processed by Cloud App security as follows:

  • 每隔15分鐘登入事件Sign-in events every 15 minutes
  • 每隔 15 分鐘設定稽核線索Setup audit trails every 15 minutes
  • 每隔1小時的事件記錄檔。Event logs every 1 hour. 如需 Salesforce 事件的詳細資訊,請參閱使用事件監視 (英文)。For more information about Salesforce events, see Using event monitoring.

如果您在連接應用程式時遇到任何問題,請參閱 疑難排解應用程式連接器If you have any problems connecting the app, see Troubleshooting App Connectors.

下一步Next steps

若您遇到任何問題,我們隨時提供協助。If you run into any problems, we're here to help. 若要取得產品問題的協助或支援,請建立支援票證To get assistance or support for your product issue, please open a support ticket.