Universal Containers has two integrations to Salesforce; which approach ensures compliance with the principle of least privilege?

The choice that best adheres to the principle of least privilege is to use a single "Integration User" with profile settings restricted accordingly. This approach allows for a single account to manage access to Salesforce, simplifying maintenance and reducing the potential attack surface. By restricting the profile settings, the integration user can be configured to only have the permissions necessary for its specific tasks and integrations, minimizing the risk of unauthorized access or inadvertent changes to data.

Implementing a single integration user with specific, restricted capabilities ensures that this account does not have more access than what is necessary to perform its functions. This is key in protecting sensitive data and maintaining compliance with security best practices. This approach aligns with the principle of least privilege by limiting the permissions to only those that are essential for operations, thus enhancing overall security.

The other approaches either increase the risk of broader access or complicate the management of credentials without providing tailored access. By not adhering to the principle of least privilege, they could create vulnerabilities in the system that could be exploited.