Search <book_title>...

Cohesity Alta SaaS Protection Administrator's Guide

Last Published: 2025-08-04

Product(s): Alta SaaS Protection (3.2.1)

Introduction to Cohesity Alta SaaS Protection
1. About Cohesity Alta SaaS Protection
2. Features of Cohesity Alta SaaS Protection
3. Architecture of Cohesity Alta SaaS Protection
4. Operational workflow
5. Extra Data Backup (EDB)
Cohesity Alta SaaS Protection Copilot (AI chatbot)
1. Cohesity Alta SaaS Protection Copilot (AI chatbot)
Cohesity Alta SaaS Protection Administrator portal (Web UI)
1. About Cohesity Alta SaaS Protection Administration portal
2. Configure Cohesity Alta SaaS Protection Administration portal
3. View upgrade history
Supported SaaS workloads
1. Supported SaaS workloads and backup capabilities
Workflow to protect data using Cohesity Alta SaaS Protection
1. Workflow to protect data using Cohesity Alta SaaS Protection
2. Know your subscription details
Manage users and roles
1. Role-based access control
2. Permissions tab
API permissions
1. API permissions for Microsoft 365 workloads
2. API permissions for Gmail and Google Drive
3. System and API permissions for Salesforce
4. API permissions for Entra ID
5. App permissions of Web App
What is a connector?
1. What is a connector?
2. About transient errors
3. Overview of adding connectors
4. Configure General settings
5. Configure Capture scope
6. Configure User filter
7. Configure Group filter
8. Configure Folder filter
9. Configure credentials
  1. Assign Microsoft 365 apps registration
  2. Microsoft 365 apps registration status
  3. Manually approve Microsoft 365 apps registration
  4. Approve Microsoft 365 apps using the App Consent Grant utility
  5. Microsoft 365 apps recovery
10. Configure Custom backup policy and guidelines
11. Configure Delete policy for SharePoint Online and guidelines
12. Configure Stubbing policy
13. Guidelines to configure Stubbing policy for SharePoint Online
14. Schedule a backup
15. Configure email addresses to get notifications
16. Review configuration and edit/save/initiate backup
17. Connectors page
18. Connector status
19. Edit connector configuration
20. Delete connectors
Pre-requisites to setup protection for M365
1. Pre-requisites to setup protection for M365
Protect Microsoft 365 Multi-Geo tenant
1. Considerations for adding SharePoint/Teams Sites/OneDrive connectors for Microsoft 365 Multi-Geo tenant
Protect Exchange Online data
1. Setting up Exchange Online data protection with Cohesity Alta SaaS Protection
  1. Configure capture scope for Exchange connectors
Protect SharePoint sites and data
1. Setting up SharePoint Online protection with Cohesity Alta SaaS Protection
  1. Configure capture scope for SharePoint connectors
  2. Configure additional backup options for SharePoint/Teams site/ OneDrive connectors
2. Backup and restore support for SharePoint Online
3. End-user SharePoint data access in Cohesity Alta SaaS Protection
4. Run the Delete and Stubbing policies to the SharePoint Online environment
5. Backup limitations for SharePoint Online
Protect Teams sites
1. Setting up Teams Site protection with Cohesity Alta SaaS Protection
  1. Configure capture scope for Team site collections connectors
2. Backup limitations for Teams site collections
Protect OneDrive data
1. Setting up OneDrive protection with Cohesity Alta SaaS Protection
  1. Configure capture scope for OneDrive connectors
Protect Teams chats
1. Setting up Teams chat protection with Cohesity Alta SaaS Protection
  1. Configure capture scope for Teams chat connectors
2. Backup limitations for Teams chat
Protect GoogleDrive data
1. Prerequisites to setup Google Drive protection with Cohesity Alta SaaS Protection
2. Setting up Google Drive protection with Cohesity Alta SaaS Protection
  1. Configure Capture scope Google Drive connectors
3. Backup limitations for Google Drive
4. FAQs
Protect Gmail data
1. Prerequisites to setup Gmail protection with Cohesity Alta SaaS Protection
2. Setting up Gmail protection with Cohesity Alta SaaS Protection
  1. Configure capture scope for Gmail connectors
Protect Audit logs
1. Add Audit log connectors
2. Audit log connector limitations
Protect Salesforce data and metada
1. About Salesforce protection
2. Key considerations and prerequisites for adding Salesforce connectors
3. Add Salesforce connectors
4. Limitations of Salesforce connectors
5. Salesforce Objects not supported for backup
Protect Entra ID objects
1. Setting up Entra ID protection with Cohesity Alta SaaS Protection
2. Backup and restore limitations for Entra ID
Protect Box data
1. Prerequisites for Box connectors configuration
2. Setting up Box protection with Cohesity Alta SaaS Protection
  1. Configure capture scope for Box connector
3. Backup limitations for Box data
Protect Slack data
1. Add Slack connectors
Protect Email/Message data
1. Prerequisite for Email/message connector
2. Add Email/Messages file
Configure Retention policies
1. About WORM policies
2. Ingestion WORM policies page
3. Add/edit Ingestion WORM retention policies and guidelines
4. Add/edit At-Rest WORM retention policies
5. Add/edit Deletion policies
6. View deletion history
7. How to edit the policy evaluation interval?
8. How to add a Location filter?
9. How to add a filter?
Perform backups
1. Perform on-demand/ad-hoc backup
2. Backup dashboard
3. Video tutorial for connector troubleshooting
4. View backup events
  1. About Event suppression
  2. Create event suppression rules
5. Viewing backup tasks details
View and share backed-up data
1. Browse backed-up data
2. Share data
3. Remove data sharing
Analytics
1. About analytics
2. Analytics page and refresh behavior
3. Aggregation buckets
4. Gain insights into storage utilization
5. Gain insights into storage utilization for Entra ID and Salesforce connectors
6. Gain insights into blocked activities, most active users, and more
7. Gain insights into data volume (size and item count) on legal hold
8. Gain insights into data volume (size and item count) saved in different Enhanced cases
9. Gain insights into data volume (size and count) under different policies
10. Gain insights into data volume (size and item count) under different Tags
11. Gain insights into data volume (size and item count) under different Tags behaviors
12. Gain insights into storage savings after deduplication and compression
13. Gain insights into data ingestion trends
Perform restores using Administration portal
1. About restore
2. Prerequisites for restore
3. Restore Exchange Online mailboxes
4. Restore SharePoint/OneDrive/Teams Sites and data
  1. Restore of OneDrive, Microsoft 365 Group, and Microsoft Teams sites
  2. Restore limitations for SharePoint Online
5. Restore Teams chat messages and Teams channel conversations
  1. Restore limitations for Teams chat
6. Restore O365 audit logs
7. Restore Box data
  1. Restore limitations for Box
8. Restore Google Drive data
  1. Overwrite restore behavior for Box/Google Drive data
9. Restore Gmail data
10. About Salesforce Data, Metadata, and CRM Content restore and Sandbox seeding
11. About Entra ID (Azure AD) objects and records restore
12. Restore Slack data
13. Restore data to File server
14. Set default restore point
15. Configure Restore all, Restore all versions, Point-in-time, and Specific range restore options
16. Configure email addresses for notifications
17. Downloading an item
Restore dashboard
1. About Restore dashboard
2. Restore job statuses
3. How to cancel a restore job?
4. View the restore events
Install services and utilities
1. About services and utilities
2. Pre-requisites to download and install services and utilities
3. Downloading services and utilities
4. Where to install the services and utilities
5. Installing or upgrading services and utilities
6. Configuring service accounts for services and utilities
7. About the Apps Consent Grant Utility
Discovery
1. About eDiscovery/searches
2. Add search templates
3. Add Discovery cases
4. Perform ad hoc search and add data to Discovery cases
5. View data in Discovery cases
6. Edit Discovery cases
7. DeleteDiscovery cases
8. Assign Discovery cases to users
Configure Tagging polices
1. About the Tagging policy
2. Add Tags
3. Add/edit Tagging policies
4. Adding regular expressions
  1. RegEx and query examples for PII detection
Configure Tiering policy
1. About the Tiering policy
2. Add/edit Tiering policies
Auditing
1. Auditing
Manage Stors (Storages)
1. Viewing Stors (Storages)
2. Requesting a new Stor
3. General tab
4. Version control settings
5. Metadata tab
6. Statistical policies tab
7. Location-Mapping tab
8. Backup tab
9. Custodian Groups tab
10. Advanced tab
11. Analytics tab

Key considerations and prerequisites for adding Salesforce connectors

::Key considerations for adding Salesforce connectors

Consider the following points before adding Salesforce connectors to ensure a seamless setup:

Implement all the prerequisites
Ensure you have the following information ready:
- User name: The name of the Veritas Backup Admin user you have created within the targeted Salesforce organization.
- Instance URL: The instance URL of the targeted Salesforce organization.
- Consumer Key: The Consumer Key is generated when you add a Connected App to the targeted Salesforce organization.
  For more information, visit the knowledge base article Obtain user details, consumer key, and URL.
Consider the default connector configuration
By default, Salesforce connectors back up all objects except for Feed, History, and Share, as these objects are not typically critical for business continuity. However, you can enable backups for these objects based on your specific needs, considering the following:
- History objects:
  These objects cannot be restored. Select them for backup only if retaining historical information on record or field-level changes is necessary for auditing purposes.
- Share objects:
  Only manual Share objects can be restored. Other types of Share objects cannot be restored due to Salesforce API limitations.
  Note:
  During the Salesforce restore, Share tables are automatically created unless they contain manual Share rules.
- Feed objects:
  Feed objects are views into the FeedItem object. Cohesity Alta SaaS Protection backs up only the FeedItem object to avoid duplication. Due to Salesforce API limitations, only specific types of FeedItem records can be restored.
Skipping these objects accelerates the backup process and reduces the storage required for Cohesity Alta SaaS Protection recovery points.

::Prerequisites for adding Salesforce connectors

Following are the prerequisites to add Salesforce connectors:

Table:

Prerequisite	Description
Connector per organization	You need to create a separate connector for each Salesforce organization you want to back up.
Structured Stor, SalesforceFiles Stor, Connector service, and Export service	Cohesity handles this prerequisite for your tenant as part of the provisioning process. Cohesity provides structured Stors, SalesforceFiles Stor, and one or more VMs (with preinstalled Connector and Export services) within your Cohesity Alta SaaS Protection tenant. Depending on the Salesforce organization, one or more Connector VMs and SalesforceFiles Stors may be provisioned. Cohesity provisions one structured Stor per targeted Salesforce organization; the SalesforceFiles Stor is shared across Salesforce connectors. If a connector using a structured Stor is deleted, you can create a new connector using the same structured Stor. Ensure that the URL and type (Production or Sandbox) of the Salesforce organization match those of the original structured Stor. . Note: The Connector and Export service are hosted on a single VM, which can support multiple connectors depending on the size of the Salesforce organization and its data. The Connector/Export service VM may host multiple connectors based on the size of the Salesforce organization we need to protect. For larger Salesforce organizations (with more data), the connector may be hosted independently on a separate Connector/Export service VM. Note: When these Stors are configured together for a connector, retain versions of backup data and metadata to protect the Salesforce organization.
Profile (Veritas Backup Admin), user (Veritas Backup Admin), and Connected App setup within the Salesforce organization	You are required to create a user, a profile, and a Connected app in each Salesforce organization that is to be backed up. For procedure, refer to the following knowledge base article: Adding a user, profile, and Connected App within the Salesforce organization. For backing up unstructured data objects, the Veritas Backup Admin must have the Query All Files permission. Note: A Connected App is a mechanism that securely links external applications to Salesforce, enabling controlled access to Salesforce data and metadata through OAuth authentication, with customizable permissions and settings.
Sharing of public library	To protect the public libraries in the target organization, they must be shared with Veritas Backup Admin with Library Administrator access permission.
Auto-number field	If you want to restore Auto-number field with the same value as it was backed up. Salesforce's standard Auto-number fields (for example, Case Number) come with an additional restriction - their field type cannot be modified. Uploading data to a standard Auto-number field requires that the standard field be replaced with a copy used in place of the standard field. To set up a copy of the standard/custom field: Create a new custom field to hold the Auto-number data. Use the following trigger to populate the new custom field: trigger PopulateCustomAutonumberForCase on Case (after insert, after update) { List<Case> casesToUpdate = new List<Case>(); for (Case c : Trigger.new) { // Handle after insert and after update // Check if the custom autonumber field is null if (String.isBlank(c.CustomAutonumber__c)) { // Collect the IDs of cases that need updating casesToUpdate.add(c); } } if (!casesToUpdate.isEmpty()) { List<Case> casesToEdit = [SELECT Id, CustomAutoNumber__c, CaseNumber FROM Case WHERE Id IN :casesToUpdate]; for (Case c : casesToEdit) { // Populate the custom field with the standard case number field c.CustomAutonumber__c = c.CaseNumber; } update casesToEdit; } } For objects that already have an auto-number field in your Salesforce organization, you must first add the custom field manually.
Marketing User permission	If you want to restore the Campaign object, the Veritas Backup Admin user must have the Marketing User permission.