Contents:
- Overview
- Authorizing Tokens for LeanData
- Switching Primary and Secondary User Tokens
- Token User Permissions
- Common Token Errors
Overview
For customers operating under LeanData Standard Configuration mode, LeanData requires one or more active Salesforce Users to authorize a token for each of its products to properly sync settings, provide monitoring, and perform actions in Salesforce on your behalf. If all the token Users are deactivated, your LeanData products may stop working as intended.
Please Note: The User(s) who authorize tokens do not need to be the same as the LeanData Integration User. If you would like to designate a User as the LeanData Integration User, please see the article: How Do I Change the LeanData Integration User?
Authorizing Tokens for LeanData
Please Note: If your LeanData interface looks different from the below instructions, you may be on an older version of LeanData. Please contact LeanData for authorization instructions for your specific version.
-
Have your intended User log in to Salesforce. This User must log in directly in order to Authorize a token. You cannot use the Log In as Another User feature in Salesforce to authorize a token.
- when considering which User should authorize tokens, please consider the Token User Permissions.
- From within the LeanData Application, navigate to Admin > Settings > Authorization tab. You can also click the Token Authorization button from the LeanData Dashboard page.
- Click the green Authorize Salesforce Token button to authorize the currently logged in User as the primary User Token.
- Follow the Salesforce prompts to allow access by clicking Allow. You should be taken to a page confirming a successful connection.
- Repeat this authorization process for each User you would like to be a Primary or Secondary User Token for any of your LeanData products.
Switching Primary and Secondary User Tokens
By default, the first User who authorizes a token with be the default Primary User Token for all your LeanData products. In order to switch the User Token, you will have to log in as your desired User and follow the Authorizing Tokens for LeanData instructions above. Once additional User Tokens are authorized, you can select different User Tokens for different LeanData Products, as well as designate Secondary User Tokens that LeanData can use if the Primary Tokens are ever de-authorized.
- From within the LeanData Application, navigate to Admin > Settings > Authorization tab. You can also click the Manage Authorized Tokens button from the LeanData Dashboard page.
- At the bottom of the authorization page, you will see the different products where LeanData requires a User Token. If you would like to change the Primary or Secondary User Token for any LeanData products, use the dropdown to select the authorized User Token you would like for each LeanData product. Only User Tokens that have previously been authorized will appear in these dropdowns. You cannot select the same User as both the Primary and Secondary User Token.
- The Same as Routing option will utilize the same Token that you have selected for the Routing product.
- If you have User with an invalid token selected for any of these, you will see an error message that the User is invalid. Please authorize a valid User Token.
- Click Save Changes when you are finished assigning Primary and Secondary User Tokens for each LeanData Product.
Please note: you will only see products for which you have a current LeanData subscription.
Token User Permissions
Each LeanData product requires a different set of minimum permissions for its Token Users. Please see below for the minimum permissions needed for the Token User for each LeanData product.
- Red = Required
- Green = Nice to Have
Routing Administrative Permissions
|
API Enabled |
Ensures that your LeanData team has the ability to sync LeanData-related settings to your org and has visibility for troubleshooting. |
|
Assign Permission Sets |
Required to assign LeanData permissions to Users |
|
Manage Custom Permissions |
Custom permissions let you define access checks that can be assigned to Users via permission sets or profiles. Allows for more robust troubleshooting for LeanData regarding other custom processes & apps that may require custom permissions. |
|
Manage Custom Report Types |
Allows customizing, editing, and deleting custom reports. |
|
Manage Package Licenses |
You can assign each license to a User within your organization |
|
Manage Users |
Needed to have LeanData as an option for remote access. |
|
Modify MetaData Through Metadata API functions |
(Dependency for API Enabled, not a token related thing but LD Admin does need this permission to add RSS) |
|
View All Data |
Managing all data in an organization; for example, data cleansing, deduplication, mass deletion, mass transferring, and managing record approvals. Nice to have for debugging purposes, if needed. The following permissions are dependencies for View All Data: Object Permission:
System Permissions
|
|
Accounts (read, create, edit, view all) |
Needed to access this object (read, create, edit, and view all Account records). |
|
Leads (read, edit, delete, view all) |
Needed to access this object (read, edit, delete, and view all Lead records). |
|
Contacts (read, create, edit, view all) |
Needed to access this object (read, create, edit, and delete Contact records). |
|
Opportunities (read, create, edit, view all) |
Needed to access this object (read, create, edit, and delete Opportunity records). |
|
Case (read, edit, delete, view all) |
Needed to access this object (read, edit, delete, view all Case records). |
|
Task (read, create, edit, view all) |
Needed to access this object (read, create, edit, delete, and view all Task records). |
|
Event (read, view all) |
Needed to access this object (read and view all Event records). |
|
Campaign Member (read, view all) |
Needed to access this object (read and view all Campaign Member records). |
|
Campaign (read, view all) |
Needed to access this object (read and view all Campaign records). |
|
View All Users |
Needed to be able to reference & view a list of Users for our various User dropdown menus (record assignments, configurations, etc.) |
|
Customize Application |
Enables certain native SFDC capabilities. Nice to have for debugging purposes. |
|
View Setup and Configuration |
Needed to access Async Apex Jobs and for proper User Provisioning. |
General User Permissions
| Convert Leads |
Needed to be able to convert leads in LeanData Routing |
| Create and Customize Reports |
Allows for Creating Native SFDC reports |
| Manage Leads |
Required in order to change/update lead ownership & lead field values. |
| Report Builder |
Enables Salesforce’s drag and drop report creation interface. |
| Run Reports |
Basic permission to run reports and receive the full report data. |
LeanData Permission Sets
|
LeanData Custom Objects Full Access |
LeanData Permission Set for access to LeanData Custom Objects |
BookIt Token Permission Requirements
| LeanData Custom Objects Full Access | LeanData Permission Set for access to LeanData Custom Objects |
| Lead |
|
| Account |
|
| Opportunity |
|
| Contact |
|
| Events |
|
| Other Related Objects & Variables |
|
NotifyPlus Token Permission Requirements
| API Enabled | Required for all LeanData API operations |
| LeanData Custom Objects Full Access | Needed to Read/Write to LeanData Objects like CCIO, Time to Action Tracker, and API Metric Objects |
| Primary Object (Record that enters NotifyPlus Node) |
Read/Write for all fields related to the graph
|
| Target Record (Record that is updated) | Read/Write all fields referenced in the node form for that object type. |
| Other Related Records |
To assign records to any lookup fields, we will need to be able to read at least the name and ID of those records. |
Common Token Errors
The following are some of the more common errors you may encounter when authorizing User Tokens.
| Remote Site Exception | Your Salesforce Org does not have a LeanData Remote Site installed. Follow the instructions in the Adding the LeanData Remote Site Settings Guide. |
| Inactive User | One or more of your designated User Tokens belongs to an inactive User in Salesforce. Reactivate the User, select a different User, or authorize a new active User Token. |
| Authorization failed | Authorization failed for a unspecified reason. Retry at a later time. |
| OAUTH_APP_BLOCKED | Your Salesforce organization may be blocking the LeanData OAuth Connected App. Navigate to Salesforce Setup > Connected Apps and ensure the LeanDataOL Connected App is not blocked. |
| OAUTH_APP_ACCESS_DENIED |
Your Salesforce organization's Connected Apps OAuth policies do not permit this user to authorize.
|
For additional assistance with any of the above errors or any other Token errors, please reach out to LeanData support.