Creating a Salesforce Cloud Account

A Cloud Account is a cloud environment that Configuration Manager monitors. For more information about monitoring Cloud Accounts, see Getting Started with Configuration Manager.

Quick Start Video

This video provides a simplified overview of the procedure below.

To create a Salesforce Cloud Account, you need to:

upload or create an SSL certificate to secure communication with Configuration Manager
create a connected app in your Salesforce account
create a user account and user profile in Salesforce

Start by creating the cloud account in Configuration Manager.

In Configuration Manager, navigate to Environment > Cloud Accounts and click New.
In the New Cloud Account pane, enter a Name and Description to identify this account.
Select Salesforce as the account type.

Add or generate the SSL certificate.

To upload an existing certificate:

Click Upload Key File.
Navigate to the .PEM certificate file and select it.

Note:	Make sure that the selected certificate does not use a passphrase.

To generate a new certificate:

(Optional) Change the Days Until Expiration value from 365, if desired.
Click Generate Keypair.
Select a location for the new certificate file and save it.

Next, open a new browser tab to configure a Salesforce connected app.

Log in to Salesforce using an account that has permissions to create a connected app, a user account, and a user profile.
In the Salesforce Classic UI, select Create > Apps from the left pane build menu,

In the Lightning UI, select Apps > App Manager from the PLATFORM TOOLS menu.
In the Classic UI, select New in the Connected Apps section of the Apps page.

In the Lightning UI, select New Connected App in the Lightning Experience App Manager page.
On the New Connected App page, complete these fields in Basic Information:
- Connected App Name: CM_SFDC_Configuration
- API Name: (This field is populated automatically based on the previous value)
- Contact Email: The e-mail address of your Salesforce Administrator.
In the API (Enable OAuth Settings) section, select Enable OAuth Settings.
The Callback URL field isn't used by this app, so enter https://www.example.com or something similar.
Select Use digital signatures, click Choose File, then select the certificate from the previous step.
In the Selected OAuth Scopes section, select the following values in the Available column and move them to the Selected column with the Add arrow:
- Manage user data via APIs (api)
- Perform requests at any time (refresh_token, offline_access)
- Manage user data via Web browsers (web)
Click Save.
On the New Connected App page, click Continue.
Copy the Consumer Key value from the API (Enable OAuth Settings) section of the CM_SFDC_Configuration page and paste it into Connected App Consumer Key field in Configuration Manager.
To configure policies for the Connected App:
1. In the CM_SFDC_Configuration page, click Manage.
2. In the CM_SFDC_Configuration detail page, click Edit Policies.
3. In the CM_SFDC_Configuration edit page, select Admin approved users are pre-authorized in the OAuth policies section of the Permitted Users field.
4. Click Save.

Next create a user profile and user account in Salesforce that Configuration Manager can use.

In the Salesforce Classic UI, select Manage Users > Profiles from the Administer menu.

In the Lightning UI, select Users > Profiles from the ADMINISTRATION menu.
In the Profiles page click New Profile.
In the Existing Profile field of the Clone Profile page, select Read Only.
In the Profile Name field, enter SFDC_CM_User_Profile and click Save.
Now create a user account:

In the Profile Detail section of the SFDC_CM_User_Profile page, click View Users and then New User.
In the New User page, enter values for first name, last name, and email.

Salesforce may use this information for alerts, so we recommend specifying a Configuration Manager admin here.

In the User License field, select Salesforce.

Note:	An available Salesforce license is required in order to select Salesforce here, and to select a custom profile in the next step.

In the Profile field, select SFDC_CM_User_Profile.
Click Save.

Copy the Username value from Salesforce and paste it into the User ID field in Configuration Manager.
Click Save in the New Cloud Account dialog.

Finally, you need to map the connected app to the user profile in Salesforce and assign permissions.

In the Classic UI, select Create > Apps from the Build menu in the left pane.

In the Lightning UI, select Apps > App Manager from the PLATFORM TOOLS menu.
In the Classic UI, click the Manage link next to CM_SFDC_Configuration in the Connected Apps section.

In the Lightning UI, select Manage from the dropdown next to CM_SFDC_Configuration.
In the Profiles section, click Manage Profiles. Then select SFDC_CM_User_Profile and click Save.
In the Classic UI, select Create > Apps from the Build menu in the left pane.

In the Lightning UI, select Apps > App Manager from the PLATFORM TOOLS menu.
In the Classic UI, click the Manage link next to CM_SFDC_Configuration in the Connected Apps section.

In the Lightning UI, select Manage from the drop-down next to CM_SFDC_Configuration.
In the Profiles section, select SFDC_CM_User_Profile and in the Profile Detail section, click Edit.
In the SFDC_CM_User_Profile edit page, make sure the following permissions are selected:
- Administrative Permissions > API Enabled
- Administrative Permissions > Manage Certificates
- Administrative Permissions > Modify Metadata Through Metadata API Functions
- General User Permissions > Manage Connected Apps
To enable Configuration Manager to remediate changes on this account automatically, select these additional permissions:
- Administrative Permissions > Manage Password Policies
- Administrative Permissions > Manage Security Center
- Administrative Permissions > Manage Session Permission Set Activations
Click Save.