AQUILA - Salesforce Integration via JWT Authentication

Overview

With the OAuth 2.0 JWT bearer token flow, the client posts a JWT to the Salesforce OAuth token endpoint. Salesforce processes the JWT, which includes a digital signature, and issues an access token based on prior approval of the app.

Check "View Event Log Files" Permission

Check Your Org's Event Monitoring License:
- Go to Setup > Quick Find > Installed Packages or Company Information (under Quick Find > Company Settings).

Look for Event Log File Browser or Event Monitoring and enable it if it shows an option to do so.

2. Enable Event Monitoring Features:

Setup > Quick Find > Event Monitoring Settings (or search "Event Log File Browser").
If the page loads: Check Enable Event Log File Browser > Save.

Clone and Modify the Profile

Log in to Salesforce Setup:
- Go to Setup (gear icon > Setup) as an admin.
Clone the Standard User Profile:
- Navigate to Setup > Quick Find > Profiles.
- Find Standard User > Click Clone next to it.
- Profile Information:
  - Profile Name: e.g., "Standard User - Log Integration".
  - Description: "Cloned for Elastic log integration with API and ELF access."
  - User License: Salesforce Integration
- Save. This creates a new custom profile based on Standard User.

3. Edit System Permissions in the Cloned Profile:

In Profiles, find your new cloned profile > Click Edit > Go to the System Permissions section (or use Quick Find for "System Permissions").
Enable the following checkboxes (these are the key changes from Standard User, which starts with them disabled for security):

Permission	Change from Standard User	Why Enable It?	How to Enable
API Enabled	Disabled → Enabled	Allows REST/SOAP API calls for fetching logs (e.g., EventLogFile queries). Essential for Elastic integration.	Check the box under System Permissions.
View Event Log Files	Disabled → Enabled	Grants read access to historical Event Log Files (ELF) like logins and Apex events. Core for log ingestion.	Check the box under System Permissions.
View All Data	Disabled → Enabled	Provides broader object read access if ELF queries fail due to restrictions.	Check the box under System Permissions.

Do NOT enable unrelated permissions like "Modify All Data" or "Delete All Data" to maintain least-privilege.
Save the profile.

4. Assign the Cloned Profile to Your Integration User:

Setup > Quick Find > Users > Select your integration user > Edit.
Profile: Select "Standard User - Log Integration".
Save.

5. Handle Event Monitoring Permissions (Not in Profile—Use Permission Set):

The "View Real-Time Event Monitoring Data" isn't a direct profile permission; it's tied to Event Manager.
Create a Permission Set:
- Go to Setup > Quick Find > Permission Sets > New.
- Label/Name: e.g., "Event Monitoring Access".
- License: "Salesforce Integration" (matches Standard User).
- Save > System Permissions tab > Enable View All Data, API Enabled and View Event Log Files.
- Event Log File Browser tab: Enable access to specific events.
Assign the Permission Set:
- Permission Set Assignments > New > Select your integration user > Assign.
Enable Events in Event Manager:
- Setup > Quick Find > Event Manager.
- For desired events (e.g., Login Event), click dropdown > Enable Storage. This requires the Event Log File Browser add-on license.
- This starts log retention (up to 1 year for ELF; real-time requires add-on license).