When you first integrate your Donorbox account with your Salesforce Org, it connects to your Salesforce using the OAuth protocol, which is an open standard for access delegation. For creating this delegated access tunnel, it uses the Salesforce credentials that you used to sign up for the Salesforce integration on Donorbox.
It's highly advisable that you connect to Salesforce using an account that has admin-level access in your Salesforce Org. This means that the particular user account has been assigned the following license and user profile in Salesforce:
- User License: Salesforce
- Profile: System Administrator
You can check these details from the user's section in Salesforce by going to that specific user record details page.
Connecting Donorbox with an admin-level Salesforce account is recommended because admin accounts will already have all the necessary permissions enabled. If it's not possible to connect using an admin-level user account, this guide will cover the minimum level of permissions that are required for the proper functioning of the Donorbox and Salesforce integration.
Connect Your Salesforce Account
- Connect your Salesforce account to Donorbox. Detailed instructions can be found here.
- Head over to Setup > Users > Select the user that was used for the Donorbox connection.
- You'll find Donorbox in the OAuth Connected Apps list. This ensures that your connect to Donorbox is established properly.
We'll now look at the basic rights, permissions, record-sharing rules, and record-type permissions that are required for the Donorbox integration to work.
There can be additional dependences specific to every Salesforce org, such as sharing rules, validation rules, duplication rules, escalation rules, triggers, and workflow rules. All these can cause potential issues with record creation and modification.
The Salesforce error loges page on Donorbox provides details for every error that occurs during a record sync.
Users
The user through which your Salesforce account is connected to Donorbox needs to have the "Create Campaign" permission, which can be granted by editing the user in your user setup in Salesforce. Go to Setup > Users and select the user that was used for the Donorbox connection, then click edit and make sure the "Marketing User" checkbox field is checked.
Profiles
Make sure your Salesforce profile has edit access to the fields for the Account, Opportunity, Contact, and Campaign objects. You can confirm this from the "Field-Level Security" section in your profile.
Clicking on the "View" link for these objects will take you to the Field-Level Security page, where you can set "Edit Access" and "Read Access" for each field of that particular object.
Note: Make sure that you have edit access to preferably all the fields and that you ensure this for all the highlighted objects.
In the Administrative Permissions section on your profile, ensure that the following permission checkboxes are checked:
- API Enabled
- Manage Data Integrations
- Modify All Data
- Modify Metadata Through Metadata API Functions
- Transfer Record
- View All Data
In the Standard Object Permissions section, make sure that you have the "Modify All" checkboxes selected for the Accounts, Campaigns, Contacts, and Opportunities objects. If IP restrictions are enabled in the "Login IP Ranges" section, make sure the IP ranges of the Donorbox.org platform are whitelisted.
Record Sharing
After setting Object and Field Level security, you'll need to configure access settings for the actual records themselves.
Record Level Security
Record Level Security allows you to give users access to some object records, but not others. A user or a queue owns every record. The owner has full access to the records that they own.
Record Level sharing is set up in a top-down hierarchy. There are Organization-Wide defaults, then Role Hierarchies, Sharing Rules, and finally Manual Sharing. A combination of these record-sharing settings calculates and defines the record-level access that your account will have. If it doesn't have the right record-level access, the Donorbox + Salesforce integration will not be able to access, create, and modify records in your Salesforce org.
Going down the hierarchy, you cannot restrict the record-level access - you can only give further record-accessing permissions. If you can define the most lenient record-sharing rules at the top level (Organization-Wide defaults), you don't need to worry about the sharing settings below it.
You can set up the Org-Wide Defaults from Setup under the Sharing settings menu item. If you can't assign the “Public Read/Write” default sharing settings for the Opportunities, Contacts, Accounts, and Campaigns objects under Org-Wide Defaults, then you can define sharing rules for each of these objects. This can also be done from the Sharing settings page and is defined just below the Org-Wide Defaults section.
Role Hierarchy
Like an organization chart, a role hierarchy represents a level of data access that a user or group of users needs. The role hierarchy ensures that users higher in the hierarchy always have access to the same data as people lower in the hierarchy, regardless of the organization-wide default settings.
Role hierarchies don’t have to exactly match your organization chart. Instead, each role in the hierarchy should represent a level of data access that a user or group of users needs.
You can access the role hierarchies page from the Setup directly. It can be found under the User heading in the menu and is named “Roles”.
Record Types
Salesforce NPSP has certain default record types for the Opportunity, Account, and Campaign objects. The connected Salesforce account needs to have access to these record types for donations to sync to Salesforce.
- For the Campaign object in Salesforce, Donorbox integration selects the “Default” record type when pushing campaigns from Donorbox to Salesforce.
- For the Account object in Salesforce, Donorbox integration defaults to the “Household Account” record type.
- For the Opportunity object, it uses the “Donation” record type.
The Salesforce user account that is connected to Donorbox needs to have access to at least these record types. You can ensure that the connected user account has access to the right record types through that user’s profile by following these steps:
- Head to the user’s profile page, which is accessible through Setup.
- Scroll down to the “Record Type Settings” section.
- Make sure that the record types mentioned above are selected in this profile for the Account, Campaign, and Opportunity objects.
Feel free to email support@donorbox.org if you have any questions.