Question
I want to set up Zendesk for Salesforce integration, but I'm not able to use the default System Administrator profile. What permissions are required to link these successfully?
Answer
License type
The Salesforce user who connects the integration must have a SALESFORCE license. The connection cannot be made using a SALESFORCE INTEGRATION license at this time.
Administrative Permissions > API Enabled
If you don't see the above option within your profile, reach out to Salesforce Support or check that your SFDC plan includes access to the API. For more information, see the Salesforce community post: "Enable API" not available.
Administrative Permissions Modify Metadata Through Metadata API Functions
Standard Objects Permissions > Push Topics (full access)
Push Topics is required to use the Account, Contact, or Lead syncing portion of the Data Sync feature. Push topics relies on the SFDC Streaming API.
Standard Objects Permissions > Streaming Channels (full access)
This is required to renew the streaming connection for the Account, Contact, or Lead syncing. For more information, see the article: Configuring data sync from Salesforce to Zendesk.
Access to account, contact, lead, or opportunity objects
The default ticket-view settings will appear as the below fields.
Any user who wishes to use the Ticket View will need to have read-only access (at least) to the listed fields within their respective objects in Salesforce. See the requirements below for the default fields:
- Account object: Account Name field
- Contact object: Email field
- Opportunity object: Related account name field
- Lead object: Email field
Access to Case Objects
If you're not using the ticket-to-case sync, access to the Case object is required to connect the integration initially.
Access to relevant Case fields
Case feilds setting is only required if using the integration's ticket-to-case syncing feature. The relevant fields include all of the fields listed in the Standard field mapping section: Setting up Ticket Sync from Zendesk to Salesforce.
The quickest way to modify these fields within a profile is by navigating to Field-level security > Case > (view). Ensure that the profile in question has edit access to the aforementioned fields.
Access to the Connected app
The Allowed Profiles in the Connected App Manager is mentioned within the article, Setting up user access to Zendesk tickets in Salesforce. These settings need to be in place when the integration is connected in Admin Center, and will not retroactively apply if updated after the app is connected.
Available Push Topics
According to the Salesforce Streaming Limits article, plans are typically maxed out at 40, 50, or 100 push topics.
These could be consumed by other integrations or apps. To see how many currently exist, you can execute the following SOQL query using the Developer Console or Workbench.
SELECT count() from PushTopic
The Zendesk for Salesforce integration needs to create three of these push topics. One each for Accounts, Contacts, and Leads.
Visualforce Pages
The Lightning component should automatically inherit the permissions of the connected app. However, the Visualforce pages will only be authorized for the System Administrator profile until specified otherwise. To control the permissions of these Visualforce pages, go into Salesforce > Setup > Custom Code > Visualforce Pages.
From there, make sure the profile has access to the Visualforce page in question.