Install Platform Governance for Salesforce
Platform Governance for Salesforce is installed with package installation file sent to you by our customer success team. To install:
- Click the install URL. If installing in the sandbox, replace the initial portion of the URL with http://test.salesforce.com
- Select Install for Admins Only
- Click Install
The installation runs in the background. An email notification is sent to you when the installation is complete.
Configure Authentication
After installing the package, you need to configure authentication credentials. Platform Governance for Salesforce supports two authentication methods:
Recommended: Named Credential Authentication (OAuth)
This is the recommended approach for all organizations, and is required when High Assurance is enabled on user profiles.
Named Credentials provide:
- High Assurance compatibility - Required when Salesforce profiles have High Assurance enabled
- Independent authentication - Does not rely on specific user credentials, improving security and reliability
- Automatic token refresh - No session expiration issues
- Enhanced security - Limited OAuth scopes instead of full user permissions
For detailed step-by-step instructions on configuring Named Credentials with External Client App and OAuth, see Named Credential Setup.
Legacy: Session ID Authentication
The traditional method uses direct user credentials (username, password, and security token) to authenticate API calls. This method does not require a Connected App, but has significant limitations:
- Does not work with High Assurance - Fails when High Assurance is enabled on user profiles
- User-dependent - Relies on specific user credentials; if using this method, we recommend creating a dedicated Integration User for this purpose
If your Salesforce organization has High Assurance enabled on user profiles, you must use the Named Credential authentication method. Session ID authentication will not work with High Assurance. While High Assurance is often associated with MFA requirements, it is the High Assurance setting itself that makes Named Credentials mandatory.
Legacy Session ID Setup
This method uses direct user credentials without requiring a Connected App setup.
Requirements:
- Salesforce username (we recommend using a dedicated Integration User)
- Salesforce password
- Salesforce security token (obtained from user settings)
Configuration: The credentials are entered directly in the Platform Governance application during the Getting Started Wizard. No Connected App or OAuth configuration is needed.
Best Practice: When using Session ID authentication, create a dedicated Integration User specifically for Platform Governance. This approach provides better control and reduces dependencies on individual user accounts.
Limitations:
- Cannot be used if High Assurance is enabled on user profiles
- Depends on specific user credentials, creating maintenance overhead
- Not suitable for organizations with High Assurance requirements
Assign Permission Set to Users
After configuring authentication, you must assign the required Permission Set to users who will access Platform Governance for Salesforce.
Assign Netwrix Grant Permissions
- Navigate to Setup > Users > Permission Sets
- Search for and click Netwrix Grant Permissions
- Click Manage Assignments
- Click Add Assignments
- Select the users who need access to Platform Governance for Salesforce
- Click Assign
- Click Done
The Netwrix Grant Permissions permission set is required for all users who will access the Netwrix Lightning application. Without this permission set, users will not be able to use Platform Governance for Salesforce.
Verify Permission Assignment
To verify that the permission set has been assigned correctly:
- Navigate to Setup > Users > Users
- Click a user who should have access
- Scroll to the Permission Set Assignments section
- Verify that Netwrix Grant Permissions appears in the list
Access the Netwrix Lightning Application
After configuring authentication (either Named Credentials or Session ID), access the Platform Governance application:
- Open the Salesforce App Launcher (grid icon in the top navigation)
- Search for and select Netwrix Lightning
- A window will appear displaying the License Agreement and EULA. Review the contents carefully and then select Accept.
You are now ready to begin using Platform Governance for Salesforce.
Next Steps
After completing the installation and authentication setup:
-
Configure Authentication:
- Recommended: Named Credential Setup - Required for High Assurance profiles, recommended for all organizations
- Legacy: Session ID setup - Only for organizations without High Assurance
-
Initial Configuration: