.png){kind=logo}
Salesforce User Configuration for Integration
Step-by-step guide for configuring a Salesforce user with minimum access to allow integration. This configuration is designed to provide a secure, role-specific user profile that has the necessary permissions to ensure smooth integration without the need for full admin access.
Overview
- Profile to Use: Start by cloning the "Minimum Access - Salesforce" profile under Salesforce User License.
- Purpose: This user will serve as a bridge for integration between our web solution and Salesforce, specifically accessing REST services, authenticating with the connected app, and interacting with certain Salesforce objects. The configuration ensures minimal yet sufficient permissions are granted, allowing our solution to function properly.
Steps to Configure the User
- Clone the Profile
- Begin by cloning the standard Salesforce profile named "Minimum Access - Salesforce."
- This profile provides a baseline set of permissions with very limited access, serving as a safe starting point.
- Update System Permissions
- Navigate to System Permissions in the new user profile and include the following settings:
- API Enabled: Access any Salesforce.com API.
- Apex REST Services: Allow access to custom REST services.
- API Only User: Access Salesforce.com only through a Salesforce.com API.
- Edit Tasks(*Optional): Allow the user to edit tasks.
- Edit Events: Provide permissions to edit events.
- Send Email(*Optional): Allow the user to send emails.
- Navigate to System Permissions in the new user profile and include the following settings:
- Object Settings
- Go to Object Settings in the new user profile and grant permissions to specific objects as follows:
- Contacts: Provide "Read", "View All", and read access to all fields.
- Accounts: Provide "Read", "View All", and read access to all fields.
- Opportunities: Provide "Read", "View All", and read access to all fields.
- These permissions ensure that all fields are accessible for mapping purposes, avoiding the need for frequent profile updates if field mappings change.
- Go to Object Settings in the new user profile and grant permissions to specific objects as follows:
- Review and Save the Configuration
- Once all permissions are configured, save the changes and assign the newly cloned and modified profile to the integration user.
- Assign Permission Set
- Once the new profile is assigned to the integration user, assign All Nexus permission sets to the integration user.
Key Notes
- This configuration avoids the need for admin-level access, thereby enhancing security while maintaining necessary functionality.
- The user will only have access to relevant Salesforce REST services, API operations, authentication for the connected app, and object data related to Contacts, Accounts, Opportunities, Tasks, and Events.
- Ensure that View All and Read permissions are provided to avoid issues with data mapping when changes are made to object fields in the future.
Link to Salesforce article
To use the Salesforce Integration User License with the "Nexus User Permission" set, specific permissions cannot be assigned due to inherent limitations in the Salesforce Integration License.
- App Permissions Not Allowed: The Salesforce Integration User License restricts the assignment of app permissions, which are required for our integration user to interact with the web solution and connected app.
- Access Activities Permission Limitation: The integration user license does not allow certain permissions, such as Access Activities, which are necessary for this integration to function properly. This restriction prevents the user from accessing tasks, events, calendar, and email-related activities, which are critical for the integration.