ComplyJet's Salesforce integration brings your CRM into your access governance program. ComplyJet imports your Salesforce accounts and continuously verifies that access is controlled, that departed employees lose access, and that every account belongs to one identified person, mapping each signal to 20+ security and privacy frameworks including SOC 2 and ISO 27001.
Salesforce holds customer data, so who can reach it matters to your auditor. ComplyJet turns Salesforce access into continuous, audit-ready evidence, so access reviews stop being a quarterly fire drill.
Compliance automation
How ComplyJet automates SOC 2 / ISO 27001 for Salesforce
Proving Salesforce access is controlled used to mean exporting the user list, cross-checking it against HR records by hand, and screenshotting it before each audit. Most teams repeat this every quarter, and the evidence is stale the moment it is captured.
1
Connect once
Authorize ComplyJet with a read-only Salesforce connection. No write access, takes under 10 minutes.
2
Import accounts continuously
ComplyJet imports your Salesforce accounts and keeps them in sync as people join and leave.
3
Collect evidence automatically
Every access-review check is timestamped and stored as audit evidence, with no screenshots and no manual cross-referencing.
4
Get alerted on drift
The moment an ex-employee keeps access or a shared login appears, ComplyJet flags it in real time so you can remediate before it becomes an audit finding.
The result: your SOC 2 and ISO 27001 access evidence is always current, your auditor gets a clean documented trail, and access reviews become a continuous background process instead of a scramble.
See the Salesforce integration live
30 minutes. We'll walk through how ComplyJet governs Salesforce access, collects evidence, and maps access checks to SOC 2 and ISO 27001.
Continuous checks
What automated tests does ComplyJet run on Salesforce?
ComplyJet continuously governs access to Salesforce, with every result stored as audit evidence. Click the area to see the checks.
Identity & Access
Account lifecycle, unique accounts
Access revoked on employee departure: Verifies no active Salesforce accounts remain mapped to former employees.
Shared account use detected and flagged: Ensures every Salesforce account is linked to exactly one individual, so access can be attributed and reviewed.
Setup
How to Integrate Salesforce with ComplyJet
Takes under 10 minutes. No code required, and ComplyJet never gets write access to your Salesforce data.
1
Log in to ComplyJet and go to Integrations
Find Salesforce in the integrations list and click Connect.
2
Authorize the connection
Grant ComplyJet read-only access to your account membership. No write access is requested.
3
Confirm the connection
ComplyJet validates the connection and begins importing your accounts.
4
ComplyJet begins syncing immediately
Your Salesforce accounts sync within minutes and access checks start running continuously.
Need help connecting multiple Salesforce accounts or workspaces? Reach out to our support team.
Framework coverage
What Controls Are Automated Across SOC 2 / ISO 27001
ComplyJet maps every Salesforce check to the relevant framework controls and maintains an always-current evidence record for your auditor.
SOC 2
Logical access, network security, monitoring, audit trail, availability
CC6.1
Logical access security: Salesforce access attributed to current employees and revoked on termination.
CC6.2
User registration and authorization: accounts provisioned to identified individuals and reviewed.
CC6.3
Access authorization: access rights governed and kept unique per individual.
ISO 27001
Access control, authentication, logging, network security, cryptography, backup
A.5.15
Access control: account uniqueness and access revocation on departure.
A.5.16
Identity management: every account linked to an identified individual.
A.5.18
Access rights: rights reviewed and attributed to current employees.
.svg){kind=logo}
