RecordPoint’s Connector Framework enables the transparent in-place management of data across a broad range of applications, including Salesforce. These are customised per customer and are designed to reflect the specific needs and data models of your organisation.
The connector is hosted in RecordPoint’s infrastructure and uses the native APIs of Salesforce to automatically identify new records (e.g. new messages or files), classify and manage these records within the RecordPoint platform and dispose of eligible records in Salesforce.
About Enterprise Connectors
At RecordPoint, we understand that every business has unique requirements for data management and integration. Systems like SharePoint and Google Drive offer the same configurations for a seamless rollout, whereas platforms such as Salesforce and SAP are more customized and require a more configurable approach. Our customizable Enterprise Connectors are designed to address these specific needs and adapt to the unique ways you use these systems.
Our Enterprise Connector framework enables a comprehensive view across all your information, regardless of what application it originated from. By providing a consistent way to manage all of your data regardless of the source, our connectors enhance your ability to make informed decisions and drive business success.
Given the customizability of these connectors, we will undertake a standardised and repeatable process of understanding how the system fits into your existing business processes, including how it integrates with existing structures or taxonomies applied to your data. This will enable us to determine if design or build work is required to tailor our features so that the connector aligns perfectly with your use cases.
Authentication and Security
In order for RecordPoint to automatically manage all records in the source system, it requires access to identify and categorise records (i.e. read content) and dispose of expired records (i.e. delete the content). In most systems, delete access permissions are only granted in conjunction with create/write access, however RecordPoint never creates or updates content. There are multiple options that can be used to reduce the scope and permissions:
- Permissions can be restricted to specific areas (e.g. specific sites/drives/channels/groups) that need to be managed, rather than all content in the source system.
- The customer is in full control of the permissions and can update/revoke permissions at any time. This also allows the customer to limit permissions to read-only and only grant delete access when performing disposals (periodic disposal management).
- Alternatively, the customer can choose to limit permissions to read-only at all times, and perform disposals manually (manual disposal management).
- Content reading can be disabled, making the RecordPoint platform manage records only at the metadata-level. This disables any content from being read from source systems, but also prevents content-based functionality such as duplicate detection, privacy analysis and content-based classification from being available.
At all times, the customer is in full control of the permissions granted to the connector and can restrict or revoke access.
API Scopes and Access Rights
To manage the data stored in Salesforce, RecordPoint requires the ability to read the relevant data and delete the data at disposal time.
The permissions required vary from content source depending on the requirements of the customer. As part of scoping for a connector configuration, the following entities will be defined for the content source:
- Aggregation - encapsulates the business context for records we are managing through RecordPoint
- Records - an actual entity or piece of information that holds business value
- Binaries - one or more pieces of unstructured information that are associated with a Record
To manage each of the objects corresponding to aggregations, records and binaries (required when the content protection or content sampling capabilities of RecordPoint are utilised) in the content source the following APIs for each object will be required as a minimum.
- Delta change API - How RecordPoint detects changes for a given entity. This method is for ingesting ongoing changes into RecordPoint.
- Full Details Batch API - How RecordPoint fetches a list of entities in batches (pages) with all of the entity metadata, for ingestion during onboarding.
- Deletion/Disposal API - How RecordPoint deletes an entity from the source system. This is only required when RecordPoint is utilised for automated disposals.
Salesforce Connector
For integration with Salesforce, the connector authenticates via a service account and requires the following permissions to be granted:
Scope |
Description |
Query All Files |
Used to scan the list of files |
Read Objects |
Used to get the details for object |
Delete Objects |
(Disposal Only) Used to delete objects |
Create, Read, Edit, Delete, View All and Modify All |
When using an Object Permission based approach. |
Has API Enabled |
Allows the Salesforce APIs to be called |
Salesforce Connector Architecture and Integration
The following diagram shows the architecture for the Salesforce connector and the integration points with the Salesforce API:
RecordPoint uses a dedicated Microsoft Entra ID application registration for the Salesforce connector which enables authentication with the RecordPoint platform. To integrate with Salesforce, the connector uses the native web APIs of Salesforce and authenticates using OAuth2.0 with tokens stored in an encrypted customer-specific key vault. It connects to the RecordPoint platform using its RESTful Connector API. All communication is via HTTPS with TLS1.2+ encryption in transit.
Content Management Options
Content and Metadata Options
There are three options for the management binaries (i.e. file contents) in the RecordPoint platform:
- Binary Protection enabled (default): A copy of the file contents is stored on the RecordPoint platform for the lifetime of the record. Intelligent Classification, duplicate detection, signal analysis and content search are possible. This option requires permissions within the source system for the connector to read the contents of the data.
- Content Sampling enabled: A copy of the file is processed by the RecordPoint SaaS platform to allow Intelligent Classification, duplicate detection and signal analysis to be performed but is not kept once processing is complete. See Content Sampling documentation for more details on how data is processed and when it is stored. This option requires permissions within the source system for the connector to read the contents of the data.
- Metadata Only: No file contents are transmitted to the RecordPoint SaaS platform. Intelligent Classification, duplicate detection and signal analysis is not available. Only metadata is transmitted and stored, and therefore only metadata-based classification is available. This option does not require content-reading permissions in the source system.
Value-Add Storage Options
Each of the options above can be configured per-connector if desired. If options (1) or (2) are selected, there are three options for the binary storage:
- RecordPoint-managed storage (default): Files are stored in an isolated customer-specific Azure Blob Storage account within RecordPoint's infrastructure and are encrypted at rest with auto-generated customer-specific keys stored in an isolated customer-specific Azure Key Vault managed by RecordPoint.
- RecordPoint-managed storage with BYO keys: Files are stored in an isolated customer-specific Azure Blob Storage account within RecordPoint's infrastructure but are encrypted at rest with customer-managed encryption keys.
- Remote Storage: Files are stored in an Azure Blob Storage account managed and owned by the customer and hosted in your Azure infrastructure. At-rest encryption keys are managed by the customer.
Disposal Management Options
RecordPoint supports several options for disposal management within the source system, based on the permissions able to be granted to the connector. These include:
- Automatic Disposals (default): The RecordPoint platform allows authorised users to initiate a disposal as required, including seeking approval via the automated disposal workflows. Once approved, the data is securely disposed in the source system using the connector. This requires the delete permissions to be granted to the connector.
- Periodic Disposals: When disposals are planned to be initiated, the customer can enable the delete permissions for the connector from within the source system. An authorised user can initiate a disposal from within the RecordPoint platform and, once approved, the connector will securely dispose of the records from within the source system. Once the disposal is complete, the customer can revoke the delete permissions assigned to the connector in the source system.
- Manual Disposals: Records eligible for disposal can be reported on and reviewed by an authorised user from the RecordPoint platform. The records can then be manually removed from the source system outside of the RecordPoint platform. This option requires only read access permissions for the connector in the source system.
Notice of Changes
Enterprise Connectors are, by nature, designed for highly customizable systems. As such, the information in this document, such as the permissions required, may be subject to change depending on the individual requirements of your organization.