Checklist before installing a Salesforce integration

We recommend verifying the following requirements before installing the Salesforce integration:

1. Verify your Salesforce edition supports API access

Salesforce editions offer different levels of API access, which can affect Salesforce integrations in Ampersand. Before setting up your Salesforce integrations, you must confirm whether your specific Salesforce edition includes API access. Some editions include full API access by default, while others may offer limited access or require additional purchases. To evaluate if your Salesforce edition supports the necessary API access for this integration, please refer to Salesforce’s official documentation on API access by edition. If your Salesforce edition does not include the required API access, contact your Salesforce account representative to upgrade your edition.

2. Configure token policy settings

Salesforce access tokens expire after a certain period. To ensure your integration continues working without interruption, you need to set your refresh token policy to Refresh token is valid until revoked. Here’s how to configure this setting in Salesforce:
  1. Log in to Salesforce.
  2. Go to Setup.
  3. In the Quick Find box, search for Connected Apps.
  4. Click on Manage Connected Apps.
  5. Find and click on the name of the application you are integrating with.
  6. Scroll down to the OAuth Policies section.
  7. Look for Refresh Token Policy.
  8. Under IP Relaxation, select Relax IP restrictions.
  9. Make sure the refresh token policy is set to Refresh token is valid until revoked.
Refresh Token Settings
  1. Click Save.

3. Check API access control settings

Salesforce allows administrators to restrict which applications can access Salesforce data through APIs. You need to ensure that API access isn’t limited to only specific connected apps. To verify your API access control settings:
  1. Log in to Salesforce.
  2. Go to Setup.
  3. In the Quick Find box, search for Connected Apps OAuth Usage.
  4. Under the list of connected apps, find your app and click Manage App Policies.
  5. In the OAuth Policies section, ensure the Permitted Users status is one of:
  • Admin approved users are pre-authorized - only selected users can access.
  • All users may self-authorize - all users can access the app.
Permitted Users If you need to modify these settings:
  1. Click on Install next to your connected app.
  2. In the OAuth Usage and Policies section, set the appropriate permissions level.
  3. Click Save.

4. Ensure sufficient permissions for installing user

The user that installs the Salesforce integration should either be:
  • a System Administrator
  • or a user that has been assigned a User Profile with sufficient permissions, it is best to create a new custom User Profile for this purpose.

Create a custom User Profile

To create a new User Profile:
  1. Log in to Salesforce.
  2. Go to Setup.
  3. In the Quick Find box, search for “Profiles”.
  4. Click on the New button.
  5. Choose an existing profile to clone, we recommend Standard User. Please ensure that you clone a User Profile with the Salesforce User License. The Salesforce Platform User License is insufficient.
Create User Profile

View and edit permissions for a User Profile

Follow the steps above to go to the Profiles page, and then:
  1. Select the User Profile you’d like to view and edit.
  2. Click Edit at the top of the page. Edit User Profile
  3. Ensure the checkboxes for the necessary permissions below are checked.
  4. Click Save at the top or bottom of the page.
Ensure that the following permissions are checked in the User Profile:
  1. API Enabled
  2. One of the following:
  • Approve Uninstalled Connected Apps
  • Use Any API Client
    • Choose this if API Access Control is enabled. This can be enabled by contacting Salesforce Customer Support.
  1. If your integration is using Subscribe actions:
  • View Setup and Configuration
  • View Roles and Role Hierarchy
  • Manage Custom Permissions
  • Customize Application
  • Modify Metadata Through Metadata API Functions
  • Allows Users to Modify Named Credentials and External Credentials

Object permissions for a User Profile

You need to ensure that the User Profile has the correct permissions for all the objects that the integration needs to have access to (e.g. Account, Lead). To view the object permissions that a particular User Profile has:
  1. Search for Object Manager.
  2. Select the object of interest.
  3. Go to the Fields & Relationships tab.
  4. Check field-level access for the relevant profiles. Please refer to Salesforce documentation Fields Access
If the integration reads data from Salesforce, you need to have the following permissions:
  • View All Records
  • View All Fields
If the integration writes data to Salesforce, you need to have the following permissions:
  • Modify All Records