SalesForce Setup Requirements
One of these two methods are required to allow Nessus access:
- Add the scanner IP to the Trusted IP Ranges in Salesforce.
- Use a security token.
Adding a trusted IP range
- In Salesforce, go to Setup > Security Controls > Network Access.
- Add the public IP the scanner will use to connect to Salesforce, or a range of IP addresses. This is the IP address as it will appear to Salesforce, not an internal IP behind NAT.
- When you enter the credentials in Salesforce plugin preferences in Nessus:
- Enter the username.
- Enter the user password.
Using a security token
- Log in as the user you will use and reset their security token if you do not already have it. The security token is sent via email to the user.
- When you enter the credentials in Salesforce plugin preferences in Nessus:
- Enter the username
- Append the security token to the user password (e.g., If the security password is”MyPassword” and the security token is “MyToken”, enter “MyPasswordMyToken”)
User Permissions
The login user must have a profile set with "API Enabled" and "Modify All Permissions" enabled.
You can enable these options in the following locations in Salesforce:
- Profiles > Profile Name > Administrative Permissions > API Enabled
- Profiles > Profile Name > Administrative Permissions > Modify All Data