>
    Strata Copilot
    Onboard Salesforce Agentforce [Operator] to SaaS Agent Security
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Agent Security
    3. Onboard AI Agent Platforms to SaaS Agent Security
    4. Onboard Salesforce Agentforce [Operator] to SaaS Agent Security
    Download PDF
    SaaS Agent Security

    Onboard Salesforce Agentforce [Operator] to SaaS Agent Security

    Table of Contents

    Onboard Salesforce Agentforce [Operator] to SaaS Agent Security

    Onboard Salesforce Agentforce to SaaS Agent Security to gain deep visibility and security for your Salesforce Agentforce AI platform and apps.
    Onboard Salesforce Agentforce (Operator based scanning) to SaaS Agent Security to gain deep visibility and security for your Salesforce Agentforce AI platform and apps.
    Prerequisites
    • Ensure you onboard the Salesforce SaaS Security Posture Management connector before onboarding Salesforce Agentforce to SaaS Agent Security.
    To access your Salesforce Agentforce instance, SaaS Agent Security requires the following information, which you will specify during the onboarding process.
    ItemDescription
    UsernameA Salesforce username is a unique identifier, formatted like an email address (e.g., jane@company.com), that users must provide to log into their Salesforce accounts. This username must be distinct across all Salesforce organizations, both production and sandbox environments, meaning you cannot have the same username in two different Salesforce accounts. While it resembles an email address, it doesn't need to be a real, working email. Salesforce now offers a simplified login option on the login page, allowing users to log in with their actual email address instead of the specific Salesforce username.
    PasswordA Salesforce password is a secret string of characters that authenticates a user's identity and grants them access to their Salesforce account, data, and features. Users must meet their organization's password policies, which set requirements for length, complexity, and expiration, and the password is case-sensitive.
    TOTP SecretA Salesforce TOTP secret is a unique, shared cryptographic key that is used to set up and generate time-based one-time password (TOTP) codes for multi-factor authentication (MFA). When you register an authenticator app, like Salesforce Authenticator, the secret key is exchanged between Salesforce and the app. This allows the app to use the key, along with the current time, to generate a unique, short-lived numeric code that verifies your identity when you log in.
    1. Log in to Salesforce using Org Admin credentials.
    2. Select Setup MenuSetup.
    3. In the search box, start typing My Domain.
      You can view your Domain URL in the My Domain Settings page. Copy it and keep it handy for onboarding later.
    4. In the search box, start typing App Manager.
      You can view your app name in the Lightning Experience App Manager page.
    5. Select your app, use the drop-down at the right and click View.
    6. In the Manage Connected Apps page, under API (Enable OAuth Settings), click Manage Consumer Details.
      The Consumer Key (Client ID) and Consumer Secret (Client Secret) are displayed.
    7. Copy the Consumer Key (Client ID) and Consumer Secret (Client Secret) and keep it handy for onboarding later.
    8. To manage the permissions for your user, use the same drop-down you used above and click Manage.
    9. In the App Manager page, navigate to the Client Credentials Flow section and click on your user name to view the profile associated with it.
    10. Click on the Minimum Access - Metadata API profile to edit the permissions. Alternatively, you can also search for Profile from the Setup.
    11. In the Profiles page, navigate to System Permissions section and enable the following custom permissions.
      • API Enabled
      • Custom Application
      • Modify Metadata Through Metadata API Functions. The View Roles and Role Hierarchy and View Setup and Configuration are enabled by default when you enable this profile.
      • Apex REST Services
    12. Onboard Salesforce Agentforce platform to SaaS Agent Security.
      1. To start onboarding Salesforce Agentforce platform to SaaS Agent Security, log in to Strata Cloud Manager.
      2. Select Agent Platform OnboardingOnboard Agent PlatformSFDC Agentforce Copilot and click Next.
      3. Ensure you have completed all the three steps mentioned in the following onboarding wizard and then Get Started.
      4. Select API in the Authorization Method Selection page.
      5. ,
      6. On the Enter Service Principal Credentials page, enter the following information and Complete.
        • Instance URL
        • Client ID
        • Client Secret
        The system validates the credentials and permissions. After the validation is successful, you will see a confirmation message.

    © 2025 Palo Alto Networks, Inc. All rights reserved.