Behind the scenes when you first integrate your Donorbox account with your Salesforce Org, it connects to your Salesforce Org using the OAuth protocol which is an open standard for access delegation. For creating this delegated access tunnel, it uses the Salesforce credentials with which you signup for the Salesforce integration on the Donorbox platform. Hence keeping this in mind, it is highly advisable that you connect to Salesforce using an account that has admin level access in your Salesforce Org. This essentially means that the particular user account has been assigned the following license and user profile in Salesforce:
User License: Salesforce
Profile: System Administrator
You can easily check these details from the users section in your Salesforce setup by going to that specific user records detail page. The reason we advise using an admin level user for connecting to Donorbox is because it has all the required permissions enabled by default. Permissions that are required for the application sync to work problem free. We understand that there are cases where it is not possible for you to connect using an admin level user account. Hence in this knowledge article, we are going to cover the minimum level of permissions that are required for the proper functioning of Donorbox-Salesforce integration.
Once you have connected your Salesforce account to Donorbox. You can go to Setup > Users > Select user that was used for Donorbox connection. If you scroll down, you’ll find Donorbox in the OAuath Connected Apps related list and this ensures that your connection to Donorbox is established properly.
We’ll now look at the basic rights, permissions, record sharing rules and record type permissions that are required for the Donorbox integration to work. There can be additional dependencies specific to every Salesforce Org like sharing rules, validation rules, duplication rules, escalation rules, triggers and workflow rules. All these can cause potential issues with record creation and modification. Our Error logs page on Donorbox provides considerable details for every error that occurs during the record sync. Even if you are not able to understand the error logs, you can always reach out to us at gro.x1566162876obron1566162876od@tr1566162876oppus1566162876
First and foremost you need to ensure that your profile has edit access to the fields for the Account, Opportunity, Contact and Campaign objects. You can check this from the “Field-Level Security” related list section in your profile.
Once you click the “View” link for these objects, it will take you to the field level security page where you will have the option to set the “Edit Access” and “Read Access” for each field of that particular object. Please make sure that you have edit access to preferably all the fields. Please ensure this for all the highlighted objects.
In the Administrative permissions section on your profile (which is below the field level security section), ensure that the following permission check boxes are checked:
- API Enabled
- Manage Data Integrations
- Modify All Data
- Modify Metadata Through Metadata API Functions
- Transfer Record
- View All Data
Below administrative permissions is the Standard Object Permissions section. In this section please ensure that you have the “Modify All” check-boxes selected for the Accounts, Campaigns, Contacts and the Opportunities objects.
Also if you have enabled IP restrictions through the “Login IP Ranges” section, please ensure that you have whitelisted the IP ranges of the Donorbox.org platform.
After setting object and field-level security, you need to configure access settings for the actual records themselves. Record-level security lets you give users access to some object records, but not others. Every record is owned by a user or a queue. The owner has full access to the records that they own.
Record level sharing is setup in a top-down hierarchy where we have Org-wide defaults followed by Role hierarchies followed by sharing rules and finally by manual sharing. A combination of all these record sharing settings is what actually calculates and defines the record level access that your account will have. This is important because Donorbox integration will fail to access, create and modify records in your Salesforce Org if it does not have the right record level access. Now the interesting thing to note here is that as you go down the hierarchy, you cannot restrict the record level access but can only give further record accessing permissions so if you can define the most lenient record-sharing rules at the top level i.e. at the Org-wide defaults then you don’t need to worry about the sharing settings below it. The below illustration would give you an idea of this.
You can setup the Org-wide defaults from setup under the Sharing settings menu item. If you cannot assign the “Public Read/Write” default sharing settings for the Opportunities, Contacts, Accounts and Campaigns object under Org-wide defaults then you can define sharing rules for each of these objects which can also be done from the Sharing settings page and are defined just below the Org-wide defaults section.
Once you’ve specified organization-wide sharing settings and sharing rules, another way you can give wider access to records is with a role hierarchy. Similar to an organization chart, a role hierarchy represents a level of data access that a user or group of users needs. The role hierarchy ensures that users higher in the hierarchy always have access to the same data as people lower in their hierarchy, regardless of the organization-wide default settings. Role hierarchies don’t have to match your organization chart exactly. Instead, each role in the hierarchy should represent a level of data access that a user or group of users needs. You can access the role hierarchies page from the setup directly. It can be found under the User heading in the menu and is named “Roles”.
Another important component of our integration is tied to having access to the right record types. Salesforce NPSP package has certain default record types for the Opportunity, Account and Campaign objects. Our integration requires the connected Salesforce account to have access to these record types otherwise Donorbox is unable to push the donations to your Salesforce Org.
For Campaign object in Salesforce, Donorbox integration selects the “Default” record type when pushing campaigns from Donorbox platform to the Salesforce Org. Similarly for Account object in Salesforce, Donorbox integration defaults to the “Household Account” record type and for the Opportunity object, it uses the “Donation” record type. The Salesforce user account that is connected to Donorbox needs to have access to atleast these record types.
The easiest way to ensure that the user account that is connected to Donorbox has access to the right record types is through the profile of that user. Once you are in the relevant user profile page which is accessible through setup, you can scroll down to the “Record Type Settings” section. You just need to ensure that the above highlighted record types for the Account, Campaign and Opportunity objects are selected for this profile.
This sums up all the standard security and permission requirements that are essential for the Salesforce-Donorbox integration. We do have a very elaborate integration guide which explains how you can connect your Salesforce Org to Donorbox. Do take a look at it and if you have any questions, please feel free to reach out to us at gro.x1566162876obron1566162876od@tr1566162876oppus1566162876