Search <book_title>...

Veritas Alta™ SaaS Protection Administrator's Guide

Last Published: 2025-04-03

Product(s): Veritas Alta SaaS Protection (1.0)

Introduction to Veritas Alta™ SaaS Protection
1. About Cohesity Alta SaaS Protection
2. Features of Cohesity Alta SaaS Protection
3. Architecture of Cohesity Alta SaaS Protection
4. Operational workflow
5. Extra Data Backup (EDB)
API permissions
1. API permissions for Microsoft 365 workloads
2. API permissions for Gmail and Google Drive
3. System and API permissions for Salesforce
4. API permissions for Entra ID
5. App permissions of Web App
Administrator portal (Web UI)
1. About the Administration portal
2. Configure the Administration portal
3. View upgrade history
Manage users and roles
1. Role-based access control
2. Permissions tab
What is a connector?
1. What is a connector?
2. Supported SaaS workloads and backup capabilities
3. Workflow to protect data using Cohesity Alta SaaS Protection
4. Know your subscription details
5. About transient errors
6. Overview of adding connectors
7. Configure General settings
8. Configure Capture scope
9. Configure User filter
10. Configure Group filter
11. Configure Folder filter
12. Configure credentials
  1. Assign Microsoft 365 apps registration
  2. Microsoft 365 apps registration status
  3. Manually approve Microsoft 365 apps registration
  4. Approve Microsoft 365 apps using the App Consent Grant utility
  5. Microsoft 365 apps recovery
13. Configure Custom backup policy and guidelines
14. Configure Delete policy for SharePoint Online and guidelines
15. Configure Stubbing policy
16. Guidelines to configure Stubbing policy for SharePoint Online
17. Schedule a backup
18. Configure email addresses to get notifications
19. Review configuration and edit/save/initiate backup
20. Connectors page
21. Connector status
22. Edit connector configuration
23. Delete connectors
Pre-requisites for Microsoft 365 connectors
1. Pre-requisites for Microsoft 365 connectors
Protect Microsoft 365 Multi-Geo tenant
1. Considerations for adding SharePoint/Teams Sites/OneDrive connectors for Microsoft 365 Multi-Geo tenant
Protect Exchange Online data
1. Add Exchange Online connectors
2. Configure capture scope for Exchange connectors
Protect SharePoint sites and data
1. Add SharePoint connectors
2. Supported and unsupported SharePoint Settings and Types for backup and restore
3. Supported Sites and List templates for backup and restore
4. Supported SharePoint permission objects for backup and restore
5. Configuring capture scope for SharePoint connectors
6. End-user SharePoint data access in Cohesity Alta SaaS Protection
7. Run Delete and Stubbing policies to the SharePoint Online environment
8. Limitations of SharePoint connector
Protect Teams sites
1. Add Teams site collections connectors
2. Configure capture scope for Team site collections connectors
3. Limitations of Teams site collections connector
Protect OneDrive data
1. Add OneDrive connectors
2. Configure capture scope for OneDrive connectors
Protect Teams chats
1. Add Teams chat connectors
2. Configure capture scope for Teams chat connectors
3. Limitations of Teams chat connector
Protect GoogleDrive data
1. Prerequisites to add Google Drive connectors
2. Add Google Drive connectors
3. Configure capture scope for Google Drive connectors
4. Limitations of Google Drive connector
Protect Gmail data
1. Prerequisites to add Gmail connectors
2. Add Gmail connectors
3. Configure capture scope for Gmail connectors
Protect Audit logs
1. Add Audit log connectors
2. Audit log connector limitations
Protect Salesforce data and metada
1. About Salesforce protection
2. Key considerations and prerequisites for adding Salesforce connectors
3. Add Salesforce connectors
4. Limitations of Salesforce connectors
5. Salesforce Objects not supported for backup
Protect Entra ID objects
1. Add Entra ID (Azure AD) connectors
2. Limitations for Entra ID connector
Protect Box data
1. Prerequisites for Box connectors configuration
2. Add Box connectors
3. Configure capture scope for Box connector
4. Limitations of Box connector
Protect Slack data
1. Add Slack connectors
Protect Email/Message data
1. Prerequisite for Email/message connector
2. Add Email/Messages file
Configure Retention policies
1. About WORM policies
2. Ingestion WORM policies page
3. Add/edit Ingestion WORM retention policies and guidelines
4. Add/edit At-Rest WORM retention policies
5. Add/edit Deletion policies
6. View deletion history
7. How to edit the policy evaluation interval?
8. How to add a Location filter?
9. How to add a filter?
Perform backups
1. Perform on-demand/ad-hoc backup
2. Backup dashboard
3. Video tutorial for connector troubleshooting
4. View backup events
  1. About Event suppression
  2. Create event suppression rules
5. Viewing backup tasks details
View and share backed-up data
1. Browse backed-up data
2. Share data
3. Remove data sharing
Analytics
1. About analytics
2. Gain insights into storage utilization
3. Gain insights into storage utilization for Entra ID and Salesforce connectors
4. Gain insights into blocked activities, most active users, and more
5. Gain insights into data volume (size and item count) on legal hold
6. Gain insights into data volume (size and item count) saved in different Enhanced cases
7. Gain insights into data volume (size and count) under different policies
8. Gain insights into data volume (size and item count) under different Tags
9. Gain insights into data volume (size and item count) under different Tags behaviors
10. Gain insights into storage savings after deduplication and compression
11. Gain insights into data ingestion trends
Perform restores using Administration portal
1. About restore
2. Prerequisites for restore
3. Restore Exchange Online mailboxes
4. Restore SharePoint/OneDrive/Teams Sites and data
  1. Restore of OneDrive, Microsoft 365 Group, and Microsoft Teams sites
  2. Limitations of SharePoint sites and data restore
5. Restore Teams chat messages and Teams channel conversations
  1. Limitations of Teams chat data restore
6. Restore O365 audit logs
7. Restore Box data
  1. Limitations of Box data restore
8. Restore Google Drive data
  1. About the overwrite restore behavior for Box/Google Drive data
9. Restore Gmail data
10. About Salesforce Data, Metadata, and CRM Content restore and Sandbox seeding
11. About Entra ID (Azure AD) objects and records restore
12. Restore Slack data
13. Restore data to File server
14. Set default restore point
15. Configure Restore all, Restore all versions, Point-in-time, and Specific range restore options
16. Configure email addresses for notifications
17. Downloading an item
Restore dashboard
1. About Restore dashboard
2. Restore job statuses
3. How to cancel a restore job?
4. View the restore events
Install services and utilities
1. About services and utilities
2. Pre-requisites to download and install services and utilities
3. Downloading services and utilities
4. Where to install the services and utilities
5. Installing or upgrading services and utilities
6. Configuring service accounts for services and utilities
7. About the Apps Consent Grant Utility
Discovery
1. About eDiscovery/searches
2. Add search templates
3. Add Discovery cases
4. Perform ad hoc search and add data to Discovery cases
5. View data in Discovery cases
6. Edit Discovery cases
7. DeleteDiscovery cases
8. Assign Discovery cases to users
Configure Tagging polices
1. About the Tagging policy
2. Add Tags
3. Add/edit Tagging policies
4. Adding regular expressions
  1. RegEx and query examples for PII detection
Configure Tiering policy
1. About the Tiering policy
2. Add/edit Tiering policies
Auditing
1. Auditing
Manage Stors (Storages)
1. Viewing Stors (Storages)
2. Requesting a new Stor
3. General tab
4. Version control settings
5. Metadata tab
6. Statistical policies tab
7. Location-Mapping tab
8. Backup tab
9. Custodian Groups tab
10. Advanced tab
11. Analytics tab

Add Salesforce connectors

You need to create a separate connector for each Salesforce organization you want to back up. Each connector backs up data, files, attachments, CRMs, and metadata. Cohesity Alta SaaS Protection uses two different storages: one for unstructured content like files, attachments, and metadata, and another for structured content like objects and records.

Before adding a connector, refer to the following topic for prerequisites and to understand the key considerations:

See Key considerations and prerequisites for adding Salesforce connectors.

To add a Salesforce connector to back up data and metadata

Access the Cohesity Alta SaaS Protection Administration portal.
The home page of the Administration portal is displayed.
On the Backup card, click Connectors.
Click New backup connector.
Click Salesforce.
On the General tab, do the following:
- In the Name field, enter a name for the connector.
  Note:
  The Type field displays the connector type.
- From the Stor for unstructured data (files, attachments and metadata) dropdown list, select the SalesforceFiles Stor provided by Cohesity as a prerequisite for connector creation.
  Note:
  The same Stor can be used for multiple connectors. If unavailable, contact Cohesity Support.
- From the Stor for structured data (objects and records) dropdown list, select the SalesforceFiles Stor provided by Cohesity as a prerequisite for connector creation.
  If the Stor is not available, contact Cohesity Support.
- The Machine field displays the Connector service to host this connector.
  You can change the selected one from the list if required.
- (Optional) Enable the Enable email notification option to receive backup job status email notifications.
- Click Next.
On the Capture scope tab, configure your backup scope.
By default, Salesforce connectors back up all Standard objects, Custom objects, files, attachments, CRMs, and metadata from the targeted Salesforce organization except for Feed, History, and Share objects, as these objects are not typically critical for business continuity.
However, you can enable backups for these objects based on your specific needs, considering the following:
- History objects:
  These objects cannot be restored. Select them for backup only if retaining historical information on record or field-level changes is necessary for auditing purposes.
- Share objects:
  Only manual Share objects can be restored. Other types of Share objects cannot be restored due to Salesforce API limitations.
  Note:
  During the Salesforce restore, Share tables are automatically created unless they contain manual Share rules.
- Feed objects:
  Feed objects are views into the FeedItem object. Cohesity Alta SaaS Protection backs up only the FeedItem object to avoid duplication. Due to Salesforce API limitations, only specific types of FeedItem records can be restored.
  Skipping these objects accelerates the backup process and reduces the storage required for Cohesity Alta SaaS Protection recovery points.
Refer to the following topic to know the backup limitations of Salesforce connectors.
See Limitations of Salesforce connectors.
While backing up a Salesforce organization, a field length mismatch may sometimes occur, resulting in a backup failure. Check the error logs to identify the fields that have returned more data than current field length. It is recommended to widen the field length of these fields in your Salesforce organization to prevent backup failures and ensure that all data is backed up. If widening the field length of these fields is not possible, enable the Allow backup of fewer characters if data returned by API is more than Field length checkbox to back up only the initial characters that fit within the current field length. Note that the remaining characters will not be backed up.
On the Credentials page, do the following:.
- From the Salesforce organization type dropdown list, select the required type: Production or Sandbox.
- In the Salesforce organization user name field, enter the name of the Veritas Backup Admin user you have created within the targeted Salesforce organization as pre-requisites.
- In the Salesforce organization instance URL field, enter the URL of the targeted Salesforce organization.
- In the Consumer key field, enter the key, which is generated while adding the Cohesity Alta SaaS Protection Connected app to the targeted Salesforce organization.
- Click Generate certificate.
  A success message is displayed.
  Note:
  Certificate is used for OAuth-based authentication.
- On the pop-up, click Keep to download the certificate.
- Save the certificate to the local computer.
- Click Next.
On the Scheduling tab, schedule backup jobs.
See Schedule a backup.
On the Email notifications tab, configure email addresses to receive notifications about backup activities.
See Configure email addresses to get notifications.
On the Review tab, save the settings and initiate the backup.
See Review configuration and edit/save/initiate backup.
Go to the targeted Salesforce organization, upload the generated certificate.
Setting up a Connected App in Salesforce for use by Cohesity Alta SaaS Protection
Uploading a certificate to the Salesforce organization establishes secure communication and authenticates the connection between the targeted Salesforce organization and Cohesity Alta SaaS Protection. The process uses certificate-based OAuth authentication, linking the certificate to the Connected App in Salesforce organization to securely access Salesforce data and metadata with user consent.
Key points to remember:
- Always upload the certificate after completing the connector creation process.
- A new certificate is created if you accidentally click the Generate Certificate option on the Credentials tab. In such cases, replace the existing certificate with the new one.
- If you edit the connector configuration, generate a new certificate and re-upload it.

For more information on other actions refer to the following topics:

See Perform on-demand/ad-hoc backup.

See Edit connector configuration.

See Delete connectors.

See Browse backed-up data.

See View backup events.