Pardot Security FAQ

Owned by Robert Van Brunt
Last updated: Dec 08, 2023
3 min read

Prerequisites

  • An active Salesforce account with admin rights.

  • A Business Unit Id for Pardot.

  • ML Platform login credential and access to Setup → Manage Integrations menu.

Authentication

OAuth 2.0 protocol is used for authentication.
To authenticate your Salesforce account on ML platform, the following steps should be followed:

  • Navigate to ML Platform Manager → Setup → Manage Integrations

  • Navigate to Pardot → Click "Connect" button

  • Select integration environment you want to connect to, example: "Production"

  • Enter Salesforce username and password on the Login popup, then click the "LogIn" button.

  • Confirm privileges.

 

Scopes

  • Access the identity URL service (id): Allows access to the identity URL service. The identity URL is also a RESTful API to query for additional information about users, such as their username, email address, and org ID. 

  • Manage Pardot Services: Access to Pardot Rest API services and objects.

  • Manage user data via Web browsers (web): Allows use of the access_token on the web. This scope also includes visualforce, allowing access to customer-created Visualforce pages.

  • Manage user data via APIs (api): Allows access to the current, logged-in user’s account using APIs, such as REST API and Bulk API 2.0. This scope also includes chatter_api, which allows access to Connect REST API resources.

  • Perform requests at any time (refresh_token): Allows a refresh token to be returned when the requesting client is eligible to receive one. With a refresh token, the app can interact with the user’s data while the user is offline. 

Data Access

Below are details of Read operations against Pardot data. No personal identifiable information (PII) is pulled into Madison Logic. Even when pulling fields from the Prospect object, we pull the domain of the email and not the entire email.

Read

Our applications use Rest API v3, v4 for getting fields for the following objects:

  • Prospect

  • Prospect Account

  • Prospect List

  • The following fields are disallowed and never retrieved: 

'id', 'prospectAccountId', 'billing_address_one', 'billing_address_two', 'fax', 'name', 'number', 'phone', 'shipping_city', 'shipping_country', 'shipping_state', 'shipping_zip', 'sic',

 

 

 

Targeting dataflows (Read-Only)

Data Storage & Compliance

Madison Logic stores all Salesforce data within the Amazon Web Services us-east-1 region, located in Virginia, United States. Data is encrypted during transit using Transport Layer Security (TLS) version 1.2, and at rest using the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM) with 256-bit secret keys through AWS Key Management Service APIs.

Regarding compliance, security and quality controls in Amazon Web Services have been validated and certified by various compliance schemes such as AWS Service Organization Controls (SOC 1, SOC 2, and SOC 3) Reports, PCI DSS Level 1, ISO 27017, ISO 27018, and ISO 9001.

 

Disconnecting Integration

Simply click on the Disconnect button on the Manage Integrations page to remove the integration from Madison Logic.