I want to set up Zendesk for Salesforce integration, but I'm not able to use the default System Administrator profile. What permissions are required to link these successfully?
There are several permissions that are required depending on which integration features you want to use. See the permission options below.
Administrative Permissions > API Enabled
If you don't see the above option within your profile, reach out to Salesforce Support or check that your SFDC plan includes access to the API. For more information, see the Salesforce community post: "Enable API" not available.
Administrative Permissions Modify Metadata Through Metadata API Functions
Standard Objects Permissions > Push Topics (full access)
Push Topics is required to use the Account, Contact, or Lead syncing portion of the Data Sync feature. Push topics relies on the SFDC Streaming API.
Standard Objects Permissions > Streaming Channels (full access)
This is required to renew the streaming connection for the Account, Contact, or Lead syncing. For more information, see the article: Configuring data sync from Salesforce to Zendesk.
Access to account, contact, lead, or opportunity objects
The default ticket-view settings will appear as the below fields.
If the settings haven't been adjusted, the SFDC profile of the connecting user will need to have at least read-only access to those fields within their respective objects. See the requirements below.
- Account object: Account Name field
- Contact object: Email field
- Opportunity object: Related account name field
- Lead object: Email field
Access to Case Objects
If you're not using the ticket-to-case sync, access to the Case object is required to connect the integration initially.
Access to relevant Case fields
Case feilds setting is only required if using the integration's ticket-to-case syncing feature. The relevant fields include all of the fields listed in the Standard field mapping section: Setting up Ticket Sync from Zendesk to Salesforce.
The quickest way to modify these fields within a profile is by navigating to Field-level security > Case > (view). Ensure that the profile in question has edit access to the aforementioned fields.
Access to the Connected app
The Allowed Profiles in the Connected App Manager is mentioned within the article, Setting up user access to Zendesk tickets in Salesforce. These settings need to be in place when the integration is connected in Admin Center, and will not retroactively apply if updated after the app is connected.
Available Push Topics
According to the Salesforce Streaming Limits article, plans are typically maxed out at 40, 50, or 100 push topics.
SELECT count() from PushTopic
The Zendesk for Salesforce integration needs to create three of these push topics. One each for Accounts, Contacts, and Leads.
The Lightning component should automatically inherit the permissions of the connected app. However, the Visualforce pages will only be authorized for the System Administrator profile until specified otherwise. To control the permissions of these Visualforce pages, go into Salesforce > Setup > Custom Code > Visualforce Pages.
From there, make sure the profile has access to the Visualforce page in question.