Before logging in into Donna and connecting Salesforce, we strongly recommend to create a dedicated Salesforce integration user and using this integration user to set up the integration, rather than using your own personal Salesforce (admin) user account.
On this page, we describe how to create an integration user. Consider these instructions as a recommendation, rather than a strict guideline. Follow your own company policies while creating this user.
Login to Salesforce and go to Setup, Administration, Users and click on New User to create a new user.
Assign the user a Salesforce Integration user license
Assign the user the Minimum Access - API Only Integrations profile
Assign the user a role that grants it access to the same data as the sales users who will be using Donna. In a role hierarchy, the integration user should be assigned a hierarchical role at least one level above the sales users. The role grants the integration user access to objects of the users directly below. The exact role that needs to be assigned, will depend on your specific role setup.
Assign the Salesforce API Integration permission set license. This license is required to grant the integration user specific object permissions.
In Salesforce, go to Administration, Permission Sets and click on New to create a new permission set
Enter a label, API name and do not assign a license (Note: A license cannot be unassigned once the permission set is created. If you assign a license while creating the permission set and you want to unassign the license later, you will have to create a new permission set.)
Assign the following system permissions to the permission set:
Required system permissions:
API Enabled
Approve Uninstalled Connected Apps
Access Activities
Optional system permissions (depending on the use case)
Edit Events
Edit Tasks
Assign the following object permissions to the permission set. Consider these listed permissions to be an example. Exact permissions depend on the use cases covered with Donna.
Accounts
Object permissions: Read, View All Records, Create, Edit
Field permissions: Any relevant fields for Donna including any relevant custom fields
Contacts
Object permissions: Read, View All Records, Create, Edit
Field permissions: Any relevant fields for Donna including any relevant custom fields
Opportunities
Object permissions: Read, View All Records, Create, Edit
Field permissions: Any relevant fields for Donna including any relevant custom fields
Events
Field permissions: Any relevant fields for Donna including any relevant custom fields
Tasks
Field permissions: Any relevant fields for Donna including any relevant custom fields
Email Messages
Field permissions: Any relevant fields for Donna including any relevant custom fields
In Salesforce, go to Setup, Administration, Users and click on the integration user. Click on Edit Assignments next to Permission Set Assignments to assign the created permission set.
This step is optional but considered a good security practice.
In Salesforce, go to Setup, Administration, Profiles and click on New Profile to create a new profile. Select the Minimum Access - API Only Integrations as the existing profile, provide a profile name and click on Save.
Within the profile, scroll down to Login IP Ranges and add these Donna IP ranges:
Start IP Address | End IP Address |
3.74.202.72 | 3.74.202.72 |
81.246.36.34 | 81.246.36.34 |
Go to Administration, Users and click on the integration user. Edit the integration user and assign the newly created profile.
Watch the video or follow instructions below.
Open a web browser (We recommend to open an incognito window where you are not logged in into Salesforce. This allows you to login with the integration user later on), and go to https://app.askdonna.com
Login with Google, Microsoft or magic sign in link (If you did not yet receive an invite to Donna, please request an invitation from a colleague who did).
Once logged in, click on Settings and then Integrations. You require an admin or owner role in Donna to see the Settings and Integrations pages.
On the Integrations page, click on Connect with Salesforce. You will be directed to the Salesforce login page. Login with the integration user (not with your own personal user!) and click on Allow. After clicking Allow, you will be directed back to Donna.
That's it! The integration is now set up!
This step is optional but considered a good security practice.
In Salesforce, go to Setup, Platform Tools, Apps, Connected Apps, Connected Apps OAuth Usage and find the Donna connected app. Next, click on Install, then confirm the installation by clicking on Install again.
Once installed, you can edit policies by clicking on Edit Policies. Configure the connected app in accordance with your company policies.
Confirm the IP Relaxation option is set to Enforce IP restrictions. This will ensure the Login IP Ranges configured before will work as expected.
Optionally set the Permitted Users option to Admin approved users are pre-authorized and confirm. This will temporarily block all users (including the integration user) from using the app until we assign a profile and/or a permission set to the connected app. Click Save to save the updated policies.
To allow only the integration user to use the Donna connected app, click on Manage Profiles, select the profile created earlier and click Save. Next, click on Manage Permission Sets, select the permission set created earlier and click Save. Now only users who have assigned the profile or permission set will be able to use the connected app. In this case, this is only the integration user.
