From 28 Aug, Salesforce is rolling out a change where integration users can't connect uninstalled apps (like Donna) unless they have the new Approve Uninstalled Connected Apps permission.
System Admins get this permission automatically
Integration users don't, so it will need to be added via a permission set
The roll-out is gradual, so some organizations won't see the change or the permission right away. Read more
We recommend using a dedicated Integration User to ensure clean separation of access and easier monitoring.
Create two new users in your Salesforce org:
For API access
For frontend (UI) access
If licenses are limited, the frontend user can be temporary—used only for setup and onboarding, then deactivated afterward.
Assign a custom permission set that includes access to both standard and custom objects needed for the sync (see below).
Ensure the user has API Enabled and Modify All Data if needed for full access to the integration scope.
Donna's integration syncs a mix of default and custom Salesforce objects. At a minimum, the following standard objects should be accessible via the permission set:
Core Objects:
Account, Contact, Lead, Opportunity, UserActivity & Communication:
EmailMessage, EmailMessageRelation, Event, EventRelation, Task, TaskRelation, NoteOpportunity Details:
OpportunityContactRole, OpportunityStagePlease ensure read access is granted to all of the above, and write access where appropriate (based on business needs).
You can enable the connection as follows:
Use a Salesforce Connected App with OAuth 2.0 enabled.
Initiate the connection manually via this Donna integration page:
Donna uses the standard OAuth 2.0 flow to authenticate with Salesforce.
Once configuration is complete:
Test the setup in your sandbox environment.
When confirmed working, allocate time and resources to move the setup to production.
If a temporary frontend user was used, you may deactivate it after onboarding is finalized.