Skip to content

Instantly share code, notes, and snippets.

@infocynic

infocynic/SalesforceIntegrationLicenseHOWTO.md

Last active May 15, 2024 14:36
Show Gist options
  • Save infocynic/c5eac556e0513aa94ea9e44ded0fdfeb to your computer and use it in GitHub Desktop.
Save infocynic/c5eac556e0513aa94ea9e44ded0fdfeb to your computer and use it in GitHub Desktop.
Download ZIP
How to use Salesforce Integration User Licenses
Raw
SalesforceIntegrationLicenseHOWTO.md

How to make an integration user using the new licenses that became available in April 2023:

If you want to just do it the "easy" way and have the minimum number of PSets, completely bespoke for this integration:

  1. Make a user with the Minimum Access - API Only Integration Profile.
  2. Create a new Permission set that has the "Salesforce API Integration" license. There is a very similarly named license that will not work. Be sure you are using this one. Add all the permissions you need in this pset.
  3. If you are working with packages like Salesforce CPQ, you may need to make additional PSets that have Permission Set Licenses. Those permission sets cannot apply App or System Permissions. **You cannot use any Permission Set that requires a different User License, such as "Salesforce."
  4. Assign this/these Pset(s) to the user
  5. Assign the Integration PSL to that user

If you want a more robust approach that leverages existing Permission Sets and combines everything into a single PSG:

  1. Make a user with the Integration Profile.
  2. Create a new Permission set that has the "Salesforce API Integration" license. You will need to assign any system/app permissions in this pset. There is a very similiarly named license that will not work. Be sure you are using this one. Add all the permissions you need in this pset.
  3. If you don't already have one, create a new empty Permission set that has the "Salesforce Integration" lilcense (note this is NOT the same one you just used, this is the OTHER one). Something like "LICENSE_SalesforceIntegration" and don't apply any permissions in this pset. You only need one of these per org; this should be an empty Pset that just wraps the license for assignment to a PSG.
  4. If you are working with packages like Salesforce CPQ, you may need to make additional PSets that have Permission Set Licenses. **You cannot use any Permission Set that requires a different User License, such as "Salesforce."
  5. Create a new PSG, I recommend something like "INT_NameOfIntegration" and assign all these PSets to it. (Note that you can't use the same API name for the PSG as any PSet.)
  6. Assign the PSG to the user
@allude
Copy link

allude commented May 25, 2023

Thank you for this information, but I never seen these abbreviations before and forces me to guess what you mean.
OLS: Object Level Security?
FLS: Field Level Security?
PSet: Permission Set
PSL: Permission Set License?
PSG: Permission Set Group?

@infocynic
Copy link
Author

yes those are all correct expansions of the acronyms

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment