Salesforce Integration Setup

​

Checklist Before Clicking “Connect”

1. Create a dedicated integration user
   • A dedicated user isolates integration activity for security, auditability, and easier troubleshooting.
   • Salesforce Setup → Users → New User
   • License: Salesforce Integration (user license; preferred for API-only integrations because it’s designed for system access and is more cost-effective; fallback: Salesforce user license).
   • Profile: Minimum Access – API Only Integrations (or the legacy Salesforce API Only System Integrations)
   • Set the password via the welcome email and optionally lock down login IP ranges / password expiry.
2. Assign a Core8 permission set
   • Setup → Permission Sets → New → Core8 Integration
   • System permissions: leave View All Data / Modify All Data unchecked.
   • Object permissions: grant Modify All on Accounts, Contacts, Opportunities, OpportunityLineItems, Product2, and PricebookEntries. Grant Read and View All on Pricebook2 and Users. (Modify All implies full CRUD + sharing bypass, which Core8 needs to manage records across teams regardless of ownership.)
   • Field-level security: mark all fields the integration reads as Visible and the ones it writes as Editable (bulk-select if unsure).
   • Assign the permission set to the integration user. If the org exposes the Salesforce API Integration (permission set license), assign that as well.
3. Restrict the Core8 Connected App (highly recommended, especially for production)
   • Setup → App Manager → locate the Core8 connected app (typically named “Core8 Integration” or similar; it appears automatically after your first OAuth connect attempt—no manual creation needed).
   • Edit Policies: set “Permitted Users” to Admin approved users are pre-authorized (prevents unauthorized approvals), add the integration user’s profile or permission set under “Manage Profiles”/“Assigned Connected Apps”, and choose an IP/refresh-token policy that matches your security posture.

​

Connecting Core8 to Salesforce

1. Log into the appropriate Salesforce domain in your browser (https://login.salesforce.com for production, https://test.salesforce.com for sandbox). Make sure you are in the correct org—using an incognito/private window can help avoid authorizing the wrong environment.
2. In the Core8 console, go to Configuration → Integrations and open the Salesforce card.
3. Click Connect to Salesforce, approve the OAuth prompt, and wait for the integration page to reload. You should see a Connected badge along with environment details.

​

Troubleshooting Tips

• invalid_client or “app must be installed into org”: Confirm the org is authorizing the correct Connected App (matching the consumer key/secret in Core8) and that you’re using the correct login domain.
• INSUFFICIENT_ACCESS on Accounts/Opportunities/etc.: Revisit the permission set—object and field permissions must be enabled for the integration user.
• Unable to add products to opportunities: Ensure Product2, PricebookEntry, and Pricebook2 permissions are set and the Standard Price Book is active.
• Only partial user list: Make sure the permission set grants View All on the User object.
• Sandbox login failing: Start the flow from https://test.salesforce.com or choose the “Sandbox” option in the Core8 UI if available.
• IP restriction errors (e.g., OAUTH_APP_ACCESS_DENIED, invalid_grant): If you enforce login IP ranges on the integration user or connected app, whitelist Core8’s outbound IPs via Salesforce Network Access (user login IP ranges) or the Connected App’s IP Relaxation settings in the app’s policies (contact Core8 support for the current list until the network requirements doc is published).
• Intermittent sync failures or throttling: Check your Salesforce org’s API usage (Setup → Company Information → API Requests, Last 24 Hours) and adjust polling volume or limits if needed.