This article provides instructions for connecting your Salesforce to the Expel Workbench.

Step 1: Create Profile for access control

Salesforce uses profiles to manage user access to data, so the first step is to create a profile for Expel.

  1. In Salesforce, navigate to Profiles.

  2. Clone the Read Only profile and name it Expel. Click Save.

  3. Verify that API Enabled is selected under Administrative Permissions.

  4. Enable Customize Application Permissions under Administrative Permissions. This is required to enable Logout Events.

  5. Enable View Real-Time Event Monitoring Data under General User Permissions.

  6. Click Save Profile.

Step 2: Create Expel user

Now that the Expel profile is created, the next step is to create a user with that profile.

Note

Expel secures all login information our SOC analysts need about your devices in an MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.

  1. Navigate to Users.

  2. Click New User.

  3. Type in the required information:

    • For Last Name type ExpelAPI.

    • For Alias type expelapi.

    • For Email: soc+<Your_Organization_Name>@expel.io.

      Tip

      Yes, the "+" sign is part of the email address, and it's important. Click here to find out why.

    • For Username and Nickname use the Salesforce default entries.

    • For Role select any role.

    • For User License select Salesforce.

    • For Profile select Expel.

  4. Reset Password for the user.

    Note

    The new password is sent to the email address for the Expel Salesforce User.

Step 3: Get security token

  1. From your personal settings, type reset in the Quick Find text box, and then select Reset My Security Token.

  2. Click Reset Security Token.

    Note

    The new security token is sent to the email address for the Expel Salesforce User.

Step 4: Create connected app

  1. Login to Salesforce with the same user credentials that you want to collect data in your Salesforce deployment.

  2. From Setup, type App Manager in the Quick Find text box, then select App Manager.

  3. Click New Connected App.

  4. Type the connected app name (Expel), which appears in the App Manager and on its App Launcher tile.

  5. Type the API name.

    Tip

    The default is a version of the name without spaces. Only letters, numbers, and underscores are allowed. If the original app name contains any other characters, edit the default name.

  6. Type your contact email for Salesforce.

  7. In the API (Enable OAuth Settings) area of the page, select Enable OAuth Settings.

  8. Select Enable for Device Flow.

  9. Select the following OAuth scopes to apply to the connected app:

    • Manage user data via APIs (api)

  10. Note

    It can take about 10 minutes for the changes to take effect.

  11. Retrieve the Consumer Key and Consumer Secret from the app page.

    Note

    Save this info for later use.

Step 5. Connect your technology to Workbench

  1. In a new browser tab, log into https://workbench.expel.io.

  2. On the console page, navigate to Organization Settings and click Security Devices.

  3. At the top of the page, click + Add Security Device.

  4. Type in the required information:

    mceclip9.png
    • For Name create a name.

    • For Location type the physical location of your Salesforce domain.

    • For Salesforce domain type your Salesforce domain info from Before You Begin.

    • For Client ID type the Connected App’s Consumer Key.

    • For Client secret, type the Connected App’s Consumer Secret.

    • For Username type the Expel user’s username.

    • For Password type the Expel user’s password.

    • For Security token, type the Expel user’s security token.

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!