How can we help?

Salesforce Integration Permissions | SFDC Integration License Requirements

Jenna
Jenna
  • Updated

Purpose

This article will detail the Salesforce permission set needed to allow the Salesforce Integration User License with API access to connect to the Allbound Salesforce Integration. Please make sure to review the About The Salesforce Integration User article before going through this article. This applies to any user license that will be tied to the Allbound integration whether its a full license or an API only license type, which is recommended.

 

Permission Set Requirements

In the setup section of Salesforce under Permission Sets, you can select the permission set you wish to dedicate to your API Only User for the Allbound Integration, but we do recommend creating a new one. From the permission set menu, you will first set your Object Permissions to read, create, edit, and view all for Accounts, Contacts, Leads, and Opportunities, as well any field permissions for the fields which will be mapped via the integration. Those are the minimum access requirements for a Salesforce license to connect to the Allbound integration.

(If you're integrating a custom object with Allbound the same object permissions must be applied to read, create, edit, and view all, as well any field permissions for the fields which will be mapped via the integration.)

  • Next, in the selected permission set that you will dedicate to the API Only User for the Allbound Integration, you will scroll down to System Permissions, as shown in the screenshot below.
      • Next, click Edit. Then, scroll down to check the box for "View Setup and Configuration" which allows the user access to the App (this is needed to authorize the source account as the user with this permission set). When you select "View Setup and Configuration" it will automatically force a selection for "View Roles and Role Hierarchy". You must have both selected, as shown in the screenshot below. 
        • Why this is required? The "View Setup and Configuration" permission must be permanently enabled for the integration license, because that is the permission set in place by Salesforce that allows the user to authorize the application. If the permission is removed, it will unauthorize and disconnect the integration. This is a Salesforce permission requirement, not an Allbound permission requirement. Its how 3rd party integrations need to initially authenticate and remain authenticated.
        • Salesforce integrated application requirements: Configure User Provisioning for Connected Apps
      • Next, click Save. Another Permission Confirmation Screen will appear where you will click "Save" again
  • After saving your changes, you will select "Manage Assignments" at the top of the permission set page, as shown in the screenshot below. 
    • Select the user to Assign the permission set, as shown in the screenshot below. 
      • It is recommended to set this assignment to "Never Expires" to avoid integration disruptions in the future. 

Did you receive an error when attempting to assign the permission set? 

Resolving Error The User License Doesn’t Allow the Permission:
When assigning permission set to integration user in Salesforce having the free “Salesforce Integration” license, you may get the error “The user license doesn’t allow the permission” or “User license doesn’t allow app permissions”. Like the one shown below:

The user license doesn't allow the permission

To resovle this error assign the integration user “Salesforce API Integration” permission set license first.

On the user record, click on “Edit Assignments” under “Permission Set License Assignments”.

Permission Set License Assignment

Select the “Salesforce API Integration” and click save.

Salesforce API Integration Permission Set License

And now you should be able to assign the permission set without any problem.

 

Authorize The Allbound Salesforce Integration With Your Dedicated Integration User

Finally, it is recommended to open an incognito browser window. In one tab of the incognito window you will login to Allbound as normal and navigate to the Integration Manager > Source Accounts > Edit Salesforce Source Account

  • Next, you will open another tab in your incognito window and login to Salesforce as the API Only Salesforce Integration User that you wish to dedicate to the Allbound integration. 
    • Note: If you are using Salesforce "Switch to" or "Login As" the API only user, this will NOT work. You must login with the credentials of the API Only user for the OAuth 2.0 Flow to process the authentication properly. 
      • If your Salesforce is setup with SSO and you do not wish to add your integration user to your SSO login access, you can add /?login=true at the end of your Salesforce instance URL. 
  • Once Logged in as the API Only User, you will tab back to the Allbound Source Account tab and Authorize Salesforce from the incognito window. Here is a demo screen recording of what this should look like: Click Here To Watch. Instead of the banner reflecting "Connected to Allbound, Inc System" you will see your own Org name, meaning you are indeed connected via the API user.
  • Finally, you can close your incognito window as no further action is needed from your end once the connection is successful. 

 

Was this article helpful?

1 out of 1 found this helpful

Have more questions? Submit a request