Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.airmdr.com/llms.txt

Use this file to discover all available pages before exploring further.

Purpose

The Salesforce integration enables AirMDR to connect with Salesforce using OAuth-based authentication and securely retrieve or act on Salesforce data through approved API access. This guide explains how to collect the required Salesforce configuration values:
AirMDR FieldSalesforce Value
Instance URLSalesforce org URL / My Domain URL
Client IDConnected App Consumer Key
Client SecretConnected App Consumer Secret
Remote AgentAirMDR remote agent used to route integration traffic, if required
Salesforce uses Connected Apps to allow external applications to integrate through OAuth and API access..

Supported Versions

ComponentSupported Details
SalesforceSalesforce Lightning Experience
AuthenticationOAuth 2.0 using Connected App
API AccessSalesforce REST API
AirMDR RequirementValid Salesforce Instance URL, Client ID, Client Secret, and Remote Agent if the customer environment requires agent-based connectivity
The Salesforce user configuring this integration must have permission to access Setup, create or manage Connected Apps, and view OAuth consumer details.

Authentication

Salesforce uses OAuth 2.0 credentials generated from a Connected App.
CredentialDescription
Client IDSalesforce Consumer Key generated for the Connected App
Client SecretSalesforce Consumer Secret generated for the Connected App
Instance URLSalesforce org URL, usually the My Domain URL
OAuth ScopesPermissions granted to the Connected App
Remote AgentAirMDR agent used when the Salesforce API endpoint must be reached through a customer-managed network path
Salesforce requires identity verification before viewing the Consumer Key and Consumer Secret in some orgs.

Pre-requisites

Users must have Administrator access to the Salesforce.
Dedicated Salesforce Integration User.
AirMDR Remote Agent and Network Connectivity installed and active (if required by deployment model).

Configure Salesforce

1

Retrieve the Salesforce Instance URL

  1. Log in to the Salesforce.
  2. Copy the base URL from the browser address bar.
    https://companyname.my.salesforce.com
  3. Remove any page-specific path after the domain. Use only the base URL: https://companyname.my.salesforce.com
    For sandbox environments, the URL may look similar to https://companyname--sandbox.sandbox.my.salesforce.com
2

Create a Connected App in Salesforce

  1. Log in to Salesforce as an administrator.
  2. Click the Setup gear icon.
  3. In Quick Find, search for App Manager.
  4. Select App Manager.
  5. Click New Connected App.
  6. Enter the basic app details:
FieldRecommended Value
Connected App NameAirMDR Salesforce Integration
API NameAuto-generated
Contact EmailAdmin or SOC team email
  1. Select Enable OAuth Settings.
    Salesforce’s Connected App configuration is used to enable OAuth settings for API integration.
3

Configure OAuth Settings

In the API (Enable OAuth Settings) section:
  1. Select Enable OAuth Settings.
  2. Enter the Callback URL.
    Recommended callback URL: 
    https://login.salesforce.com/services/oauth2/success
    For sandbox: 
    https://test.salesforce.com/services/oauth2/success
    Salesforce documentation lists these callback URLs as valid examples when creating a Connected App.
  3. Add the required OAuth scopes. Recommended scopes:
    ScopePurpose
    Access and manage your dataAllows API access to Salesforce data
    Perform requests at any timeAllows refresh-token based access where applicable
    Manage user data via APIsRequired if AirMDR needs API-based user or object access
    Select only the scopes required for the approved AirMDR use case. Avoid granting broad access unless explicitly required.
  4. Click Save.
  5. Click Continue.
    Salesforce may take a few minutes to apply Connected App changes.
4

Retrieve the Client ID and Client Secret

  1. Go to Setup.
  2. In Quick Find, search for App Manager.
  3. Locate the Connected App created for AirMDR.
  4. Click the dropdown arrow beside the app.
  5. Select View or Manage Consumer Details.
  6. Complete identity verification if prompted.
  7. Copy the following values:
Salesforce FieldAirMDR Field
Consumer KeyClient ID
Consumer SecretClient Secret
Salesforce identifies the Consumer Key and Consumer Secret as the credentials used by the connected app for OAuth authentication.
5

Configure Connected App Policies

  1. In App Manager, locate the AirMDR Connected App.
  2. Click the dropdown arrow.
  3. Select Manage.
  4. Review the policy settings.
Recommended configuration:
SettingRecommendation
Permitted UsersAdmin approved users are pre-authorized
IP RelaxationEnforce IP restrictions if required by customer policy
Refresh Token PolicyFollow customer security policy
Session PolicyUse the organization’s standard session controls
If Admin approved users are pre-authorized is selected, assign the Connected App to an approved profile or permission set.
6

Assign the Connected App to Users or Permission Sets

  1. Go to Setup.
  2. Search for Permission Sets.
  3. Open the permission set used for the AirMDR integration user.
  4. Go to Connected App Access.
  5. Click Edit.
  6. Select the AirMDR Connected App.
  7. Click Save.
    Use a dedicated Salesforce integration user where possible. This improves auditability and avoids dependency on an individual user account.

Validate Connectivity

Use the following sample token request only for validation from an approved secure environment: 
curl -X POST "https://login.salesforce.com/services/oauth2/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=<client_id>" \
  -d "client_secret=<client_secret>"

curl -X POST "https://test.salesforce.com/services/oauth2/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=<client_id>" \
  -d "client_secret=<client_secret>"
Salesforce supports OAuth 2.0 client credentials flow where the app exchanges its consumer key and consumer secret for an access token.

Configure Salesforce in AirMDR Integrations Dashboard

  1. Navigate to AirMDR, provide the credentials and click Login
  2. Navigate to the AirMDR Integrations Dashboard in the left navigation pane and select Integrations.
  3. Use the search option, enter the keyword “Salesforce”, select the Connections tab, and click + Create button.
  4. Enter an unique name to the Instance (e.g., your org name-Salesforce) to easily identify the user connection by AirMDR.
  5. Enter the application credentials like Instance URL, Client ID, and Client Secret in the Authentication Details field params, and click Save.

Skills provided by this Integration

Skill IDPurpose
Create Salesforce RecordCreate a new Salesforce sObject record by posting field values to /sobjectsk/{Typer}/
Get Salesforce Setup Audit TrailRetrieve Salesforce SetupAuditTrail records with optional filters by time range, duration, user, and action.
Get Salesforce Event Log FilesQuery Salesforce EventLogFile records and return parsed log entries. Supports filtering by event type, time range, relative duration, and log interval.
Delete Salesforce RecordDelete a Salesforce sObject record via DELETE(sobjects/{Type}/{id}
Get Salesforce Release NotesDetect the connected orgs latest API version and return the canonical Salesforce release notes URL.
Execute Salesforce SOQL QueryExecute a SOQL SELECT statement against Salesforce and return the records (paginated automatically). Only SELECT queries are allowed.
Get Salesforce ReportFetch a Salesforce Analytics report by Id. Returns reportMetadata, factMap, groupingsAcross, and groupingsDown.
Upsert Salesforce RecordUpsert (create or update) a Salesforce sObject record by an external Id field via PATCH /sobjects/{Type}/{ExternalldField}/{value}
Update Salesforce RecordUpdate an existing Salesforce sObject record via PATCH /sobjects/{Type}/{id}
List Salesforce Event TypesList the distinct EventTypes available in the Salesforce organizations EventLogFile.
To view the details of Input Parameters and Output for the respective skills
  • Go to AirMDR → Salesforce Integration page.
  • Select the Skills tab and click on the required listed skills.

Additional Information

ErrorPossible CauseRecovery
Invalid Client IDIncorrect Consumer Key copiedReopen Connected App and copy the Consumer Key again
Invalid Client SecretSecret copied incorrectly or rotatedGenerate or retrieve the current Consumer Secret
Invalid GrantOAuth flow not enabled or policy mismatchReview Connected App OAuth settings
Access DeniedUser lacks required permissionAssign Connected App access through profile or permission set
Instance URL UnreachableWrong URL or network issueValidate My Domain URL and Remote Agent connectivity
API Permission ErrorMissing OAuth scope or Salesforce permissionAdd required scope or permission to integration user

Salesforce Monitoring

Use the following Salesforce areas for monitoring:
LocationPurpose
Setup → Login HistoryReview authentication attempts
Setup → Connected Apps OAuth UsageReview OAuth app usage
Setup → Event MonitoringReview API and security events, if licensed
Setup → Debug LogsTroubleshoot user-level execution issues

AirMDR Monitoring

In AirMDR:
  1. Go to Integrations.
  2. Open the Salesforce integration.
  3. Review connection status.
  4. Check recent sync or execution logs.
  5. Validate any failed authentication or API request errors.
Sample log:
INFO  Salesforce integration initialized
INFO  OAuth token request submitted
INFO  Salesforce API connection successful
ERROR Salesforce authentication failed: invalid_client_id_or_secret
EnvironmentRecommended Level
ProductionINFO / WARN
TroubleshootingDEBUG temporarily
Security ReviewAudit logs enabled
  • Use a dedicated Salesforce integration or service account instead of a personal user account exclusively for AirMDR integration
  • Store the Salesforce Client ID and Client Secret securely using approved secret-management solutions. Never expose credentials in emails, tickets, screenshots, or shared documentation
  • Enable Multi-Factor Authentication (MFA) for Salesforce administrator accounts managing Connected Apps and integration settings.
  • Configure Connected App policies to allow only approved users, profiles, or permission sets to access the integration. Monitor Authentication Activity
    • Regularly review:
      • Salesforce Login History
      • Connected App OAuth Usage
      • AirMDR integration logs
      • Failed authentication attempts
  • Rotate Secrets Periodically Rotate the Salesforce Consumer Secret periodically based on organizational security policies or after any suspected credential exposure.
  • Validate Remote Agent Connectivity If a Remote Agent is used, ensure it is deployed in a secure environment with controlled outbound network access to Salesforce endpoints only.
  • Enforce Secure Communication Ensure all communication between AirMDR and Salesforce occurs over encrypted HTTPS/TLS connections.
  • Review Integration Permissions Regularly Conduct periodic reviews of:
    • OAuth scopes
    • User permissions
    • Connected App policies
    • Remote Agent assignments
  • 📧 Contact AirMDR Support through your designated support channel.
  • 🔁 Rotate credentials regularly.
  • 🔄 Reconnect in AirMDR when secrets are changed.
  • For integration issues, collect the following before contacting support: 
    Salesforce Instance URL
Connected App name
Timestamp of failed connection
AirMDR integration error message
Remote Agent name, if applicable
Salesforce login or OAuth error details
    Do not share the Client Secret in support tickets. Share only masked values when required.