How To Mass-Activate Salesforce Access for Multiple Users¶
For users of the Email Sidebar on:
3 min read
Important
Mass authorization of Salesforce users with a Salesforce service account is compatible only with RG Sync Engine. It is not yet available for RG Sidebar mass authorization.
The RG Sync Engine supports bulk user authorization in Salesforce. When combined with mass delegated or application-only email access authorization, this setup eliminates the need for end-user actions. Additionally, using this method prevents authorization prompts for end users when access tokens expire.
To quickly establish a Salesforce connection for all RG users in your organization, use the CRM section under the profile’s Connectivity subtab in the RGES Admin panel. A prerequisite for this feature is creating either a Salesforce service account with full data visibility.
Requirements for service account permissions
System permissions for profile
| Permission | Description | Notes |
|---|---|---|
| Access Activities | Access tasks, events, calendar, and email. | |
| Access Libraries | Access Libraries. | Required for Content Documents. |
| Apex REST Services | Allow access to Apex REST services. | |
| API Enabled | Access any Salesforce.com API. | |
| Edit Events | Create, edit, and delete events. | |
| Edit Read Only Fields | Edit fields that are read-only due to page layouts or field-level security. | |
| Edit Tasks | Create, edit, and delete tasks. | Required if emails are shared via Tasks. |
| Modify All Data | Create, edit, and delete all organizational data, regardless of sharing settings. | |
| View All Data | View all organizational data, regardless of sharing settings. |
Object settings for profile
| Object | Permissions | Notes |
|---|---|---|
| Accounts | Read, Create, View All. | |
| Contacts | Read, Create, Edit, Delete, View All, Modify All. | |
| Documents | Read, Create, Edit, View All, Modify All. | Required for Content Documents. |
| Opportunities | Read, View All. | |
| Leads | Read, Create, Edit, View All, Modify All. |
Authorization using a service account with granted data visibility¶
Follow the instructions below to mass-authorize Salesforce access for the end users via the CRM section.
- Create a Salesforce user account with granted data visibility for all data in the organization that will be accessed and managed by RGES users in your company. If you intend to mass-authorize RGES end users’ access to a Salesforce Sandbox environment, create a corresponding service user account in this environment.
Important
To use this feature, set up a dedicated Salesforce service-only account. Please do not use an active RGES user account or provision the service account in the RG Email Sidebar, as it is only intended for Salesforce access authorization.
- Open RG Admin panel > Profiles tab > Connectivity subtab.
- In the CRM section, click Log in with Salesforce.
Note
Presently, only the Salesforce OAuth authorization option is available; it implies that the pre-set service Salesforce account’s refresh token will be used to authorize access for a specified group of RGES end users.
- Log in to the dedicated service account using the standard Salesforce OAuth window that opens in your browser.
- If authorization was successful, you will see that the Salesforce service account status changed to Connected.
Re-establishing connection after refresh token expiration¶
If the service account’s refresh token expires, suspending RG Syncfor the entitled end users, the local RG admin will see the status change to Disconnected in the CRM widget on the Connectivity tab.
Tip
Users’ sync status/Salesforce connection can also be monitored via the Users subtab of the Admin panel’s Profiles tab. Specifically, the Synchronization status of the users whose synchronization changes to the Disabled status; if clicking on such a user brings up a notification “invalid_grant: expired access/refresh token,” that means the user’s access token requires refreshing.
To get a new refresh token and reestablish Salesforce connection:
-
Open the Connectivity subtab of the Profile tab in the RG admin panel.
-
In the CRM widget, click Refresh.
- After refreshing, log in to the dedicated service account using the standard Salesforce OAuth window that opens in your browser.
Now, the RG users’ Salesforce connection will be recovered.
