Required Permissions

The administrator must have the appropriate rights on the Salesforce Account to support user provisioning.

The System Administrator Profile can configure and customize the application. It contains the following permissions:

  • System administrator profile permissions

  • Has access to all functionality that does not require an additional license

  • Can create, edit, and delete custom profiles

  • Can reset the password of multiple user accounts

  • Can add multiple user accounts

  • Has access to all user accounts and profile permissions

  • Enable and disable user accounts

Profile Access to User Accounts

A user profile determines what a user can do in the system. By default, the System Administrator Profile can do the most; the Read Only Profile can do the least. For most users, the Standard User Profile is a good choice. It lets people create and edit most records, as well as access and run reports.

System Administrators can configure Users, Roles, and Profiles from the Setup area. To access these settings when signed in to Salesforce, select your name, and then select Setup from the drop-down menu. The Users, Roles, and Profiles settings are all available under Manage Users in the Administration Setup menu.

For more information on configuring a custom user profile to enable the connector to connect to the Salesforce managed system and manage the data within, refer to Required Access for Custom User Profiles.

User Licenses Create Access

Most of your users will need a standard Salesforce user license. This license gives the user full access to Salesforce’s CRM features and applications, including Chatter. Other user license options limit user access.

Requested Scopes for Activity Insights

Activity Insights requests the following scopes from Salesforce:

Scope

Description

For Grant Type: Password

Manage user data via APIs (api)

Allows access to the current logged-in user’s account using APIs such as REST API and Bulk API 2.0. This scope also includes chatter_api, which allows access to connect REST API resources.

For Grant Type: JWT and Refresh Token

Manage user data via APIs (api)

Allows access to the current logged-in user’s account using APIs such as REST API and Bulk API 2.0. This scope also includes chatter_api, which allows access to connect REST API resources.

Perform requests at any time (refresh_token, offline_access)

Allows a refresh token to be returned when the requesting client is eligible to receive one. With a refresh token, the app can interact with the user’s data while the user is offline. This token is synonymous with requesting offline_access.