SalesForce Setup Requirements

One of these two methods are required to allow Nessus access:

• Add the scanner IP to the Trusted IP Ranges in Salesforce.
• Use a security token.

Adding a trusted IP range

• In Salesforce, go to Setup > Security Controls > Network Access.
• Add the public IP the scanner will use to connect to Salesforce, or a range of IP addresses. This is the IP address as it will appear to Salesforce, not an internal IP behind NAT.
• When you enter the credentials in Salesforce plugin preferences in Nessus:
  • Enter the username.
  • Enter the user password.

Using a security token

• Log in as the user you will use and reset their security token if you do not already have it. The security token is sent via email to the user.
• When you enter the credentials in Salesforce plugin preferences in Nessus:
  • Enter the username
  • Append the security token to the user password (e.g., If the security password is”MyPassword” and the security token is “MyToken”, enter “MyPasswordMyToken”)

User Permissions

The login user must have a profile set with "API Enabled" and "Modify All Permissions" enabled.

You can enable these options in the following locations in Salesforce:

• Profiles > Profile Name > Administrative Permissions > API Enabled
• Profiles > Profile Name > Administrative Permissions > Modify All Data