Creating a scoped-down Salesforce account

The Conveyor Salesforce integration uses OAuth to grant authorization for Conveyor's Salesforce Connected App. We then use that authorization to fetch your Salesforce data.

Whichever account you use to authenticate, Conveyor will get the permissions on that account when fetching your Salesforce data. That means if, for example, you authenticate using your Salesforce admin's account, Conveyor will likely get permissions to fetch more Salesforce data than we need. If that does not pose an issue for your organization, then authenticating Conveyor using your Salesforce admin's account is the quickest way to complete setup.

However, if scoping down to the minimum permissions is important to your organization, we recommend creating a new user that has only the minimum permissions Conveyor needs to make this integration work.

Creating a scoped-down Salesforce user to integrate with Conveyor

In order to create a user with the minimum permissions required for the Conveyor integration to work, you need to:

  1. Create a new Salesforce profile;
  2. Grant access to Conveyor's required objects;
  3. Check the Field-Level Security for each of Conveyor's required fields; and,
  4. Create a new user with the new profile assigned.

Note: Examples here will be given in the Salesforce Classic experience, and not the Lightning Experience.

Create a new Salesforce profile

  1. Go to "Setup"
  2. In the left panel's quick search input, type "Profiles"
  3. Click on the search result "Profiles" under "Manage Users"
  1. On the "Profiles" page, click the button "New Profile"
  2. Choose an existing profile to clone from. If you pick a profile that already has very minimal permissions, it will be easier to modify it to what Conveyor needs (e.g. Salesforce has a default profile called "Minimum Access - Salesforce" on the "Salesforce" user license)
  3. Enter a "Profile Name" - something like "Conveyor Integration" would suffice

Grant access to Conveyor's required objects

  1. After you have cloned a profile, you need to click "Edit"
  2. You need to uncheck everything except the following:
  • "API Enabled" under "Administrative Permissions"
  • "Accounts", "Contacts", and "Opportunities" under "Standard Object Permissions" (check only "View All", which will automatically also check "Read")
  1. Set whatever your organization's policies dictate for "Session Settings" and "Password Policies"
  2. Click "Save"

Check the Field-Level Security for each of Conveyor's required fields

Unfortunately, just granting View All / Read access to the object might not cover everything. We need to check that the specific fields Conveyor needs are allowed. To do this, we need to check the profile's Field-Level Security.

  1. From your new "Conveyor Integration" profile's view page, scroll down to the section called "Field-Level Security"
  1. For each of "Account", "Contact", and "Opportunity" objects, do the following:
  • Click "View" beside the object name
  • Click "Edit" at the top
  • Ensure each of the below fields are checked for "Read Access" (you can uncheck all other fields)
  • Click "Save"

Object

Fields

Account

Account Name, Annual Revenue, Website

Contact

Account Name (Lookup), Email

Opportunity

Account Name (Lookup), Amount, Close Date, Is Won (if you have it), Opportunity Name, Stage

Create a new user

  1. In the left panel's quick search input, type "Users"
  2. Click on the search result "Users" under "Manage Users"
  3. Click "New User"
  1. Enter the details you would like for the service account user
  2. Make sure that the "Profile" is set to the one you created for Conveyor. Note that the "User License" determines which profiles can be selected. Check the profile you created to see which user license it falls under.
  3. Click "Save"

That's it! You now have a user with the minimum permissions that Conveyor needs, and no more.

Next step

Return to the Salesforce documentation to finish setting up your Salesforce account.


Did this page help you?