SalesForce Setup Requirements

One of these two methods are required to allow Nessus access:

• Add the scanner IP to the Trusted IP Ranges in Salesforce.
• Use a security token.

Adding a trusted IP range

• In Salesforce, go to Setup > Security Controls > Network Access.
• Add the public IP the scanner will use to connect to Salesforce, or a range of IP addresses. This is the IP address as it will appear to Salesforce, not an internal IP behind NAT.
• When you enter the credentials in Salesforce plugin preferences in Nessus:
  • Enter the username.
  • Enter the user password.

Using a security token

• Log in as the user you will use and reset their security token if you do not already have it. The security token is sent via email to the user.
• When you enter the credentials in Salesforce plugin preferences in Nessus:
  • Enter the username
  • Append the security token to the user password (e.g., If the security password is”MyPassword” and the security token is “MyToken”, enter “MyPasswordMyToken”)

User Permissions

The login user must have a profile set with the following permissions enabled:

• API Enabled

  Salesforce location: Profiles > Profile Name > Administrative Permissions > API Enabled

• Modify All Permissions

  Salesforce location: Profiles > Profile Name > Administrative Permissions > Modify All Data

• Modify Metadata

  Salesforce location: Profiles > Profile Name > Administrative Permissions > Modify Metadata

• View All Users

  Salesforce location: Profiles > Profile Name > Administrative Permissions > View All Users

• View Roles and Role Hierarchy

  Salesforce location: Profiles > Profile Name > Administrative Permissions > View Roles and Role Hierarchy

• View Setup and Configuration

  Salesforce location: Profiles > Profile Name > Administrative Permissions > View Setup and Configuration