Today’s Salesforce instance is far more likely to function as part of an entire Salesforce ecosystem rather than a stand alone customer relationship management system or even a simple connected CRM. The various clouds available from Salesforce, applications available from the App Exchange, and third party products, Third party products can communicate with Salesforce through connectors, through additional third party integration products like Zapier, Workato, or Jitterbit, or through Salesforce’s CRM Analytics tool which provides code-free connectivity with data from sources outside of Salesforce.
The connections between Salesforce and other products all have to be managed by your Salesforce Administrator and they all have to have a method to communicate with your Salesforce org typically through an API – an application programming interface that allows two software components to communicate with each other using a set of definitions and protocols.
Salesforce Service Accounts, the dedicated integration user and license, allows the Salesforce administrator to ensure a secure, stable, auditable connection between Salesforce and all the other great tools that make your Salesforce ecosystem amazing and useful to your organization. The dedicated Salesforce integration user allows you to assign a Salesforce license with a custom profile, permission, set and connection to all of your third party integrations.
Salesforce service accounts can even handle all your custom API work while handling thousands or even tens of thousands of records every day.
Today some third party integrations require a Salesforce service account to manage the integration, rather than just suggesting it.
Why would a Salesforce admin want a dedicated Salesforce integration user? Don’t just take Summit’s word for it. Let’s look at how the Salesforce service account will provide your organization with security, stability, and superior reporting capabilities.
Why is your Salesforce service account more secure? Oftentimes when a Salesforce administrator integrates a single third party product with Salesforce he or she will use his own license. Sure it is an easy solution however it does give all those third party applications full access to do anything in the Salesforce ecosystem that the administrator can do. Ideally your dedicated integration user is cloned from a standard user profile without permission to do things like create or delete users, delete records, reset user passwords, log in as any licensed user, or create new permission sets and assign them to users.
Plus each time the administrator updates his password, the password for every integration has to be updated as well.
Why is your Salesforce service account more stable? Having a dedicated integration user set up to handle third party APIs is simpler and saves time. For instance, if you have to freeze and deactivate multiple users of third party APIs it can be very time consuming. If an employee who has a license that is also being used for a third party integration leaves the company or even just changes their password it can create a myriad of problems as systems no longer communicate with each other breaking tasks and automations. Even if you catch the integration running over a license before you deactivate it you still have to migrate the integration over to another license to avoid any issues.
Why is your Salesforce service account better able to provide reporting? The dedicated integration user improves data integrity and simplifies reporting. With a dedicated integration user you can easily filter out activities that run across the integration user account eliminating countless additional hours of filtering and analysis to figure out how and why a record was created in your Salesforce org. Additionally you can bucket record creation and updates from third party integrations using the Salesforce service account as well. Imagine the sales manager wants to know how many leads or activities were created by sales people without adding in the activities generated from a marketing automation platform or a third party system.
It can be easy to skip setting up a Salesforce service account when initially setting up your Salesforce org to “save a license” but as you integrate more and more third party applications you will regret doing so.
Your dedicated Salesforce integration user can be a powerful tool in administering your org and a useful tool in keeping your Salesforce data secure, stable, and easy to report against.
Summit will assist clients in setting up Salesforce service accounts when configuring a new Salesforce instance or customizing an existing one so you can enjoy this powerful feature.
As a bonus here are some recommended best practices from Salesforce for your service account.
- Creating separate user accounts for each service or integration will help you avoid hourly limits like login requests or the need to reset multiple integration passwords on a regular basis.
- Likewise, create separate Connected Apps for each service or integration.
- Have a separate profile in Salesforce for each service or integration.
- Give only the minimum required permissions to each profile.
- Always avoid giving Manage Users permission to any Salesforce service account.
- Add the profile to the Connected App so that no other profile user can use the same connected app.
- Add IP addresses to the profile to white-list.
- Change the passwords of the Salesforce service account periodically or follow your company’s security policies for passwords.
- Use API Only permissions in the profiles.
When in doubt about how best to utilize Salesforce service accounts you can always turn toSummit as your trusted Salesforce partner for advice on any integrations, customizations, or managed service contracts.