Creating a Dedicated Salesforce User
Overview
OverviewWhen connecting your Salesforce org to Flosum Cloud Apps, you need to provide a user account to establish and maintain the connection. It's recommended to create a dedicated Salesforce user account instead of using an employee's personal account. This prevents disruptions if, for example, an employee leaves and their personal account is deactivated.
This article offers general instructions for two methods to create a dedicated Salesforce user for use with Flosum Cloud Apps.
Recommended User Setup - Explains using the System Administrator profile.
Alternative: Permission Set Model - Explains creating a custom profile and permission set.
Flosum's Recommendation
Creating a single Integration User in Production with the Admin profile.
Create a single dedicated User in production with the System Administrator profile.
Use the same user when connecting Sandbox and Production orgs.
Take advantage of sandbox refresh inheritance. After a refresh, the Production dedicated user automatically exists in the refreshed sandbox.
Why this matters: This approach minimizes ongoing maintenance and eliminates permission gaps that may break deployments.
Recommended User Setup
Dedicated User Creation
In your Salesforce Production org, create a user named Flosum Integration.
Note: You can use any user name.
Assign the System Administrator profile.
Ensure the following permissions are enabled:
API Enabled
Query All Files
Approved Uninstalled Connected Apps
Use this user to connect all environments (production and sandboxes) to Flosum Cloud Apps.
Why the System Administrator Profile Is Preferred
Grants full access to metadata retrieval and deployment.
Reduces maintenance when Salesforce introduces new permissions.
Ensures deployments run in a fully authorized context.
Alternative: Permission Set Model
For customers with strict security policies that prohibit granting admin access, you can create a custom profile and permission set that provides all the permissions required by Flosum Cloud Apps.
This method requires more maintenance after Salesforce API releases because new permissions may need to be added.
Create Custom Profile and Permission Set
Create a custom profile with minimal base permissions.
Create a dedicated “Flosum Integration Permissions” permission set.
Add all required permissions to the permission set from the tables below.
Required Permissions Table
Assigned Apps
All Apps
Apex Class Access
All classes (including system classes)
Visualforce Page Access
All pages
Custom Setting Definitions
All custom settings
Custom Metadata Types
All custom metadata types
System Permissions
See the Required System Permissions Table below
Required System Permissions Table
API Enabled
Required for all API calls (metadata retrieval and deployment).
Author Apex
Required to retrieve and deploy Apex classes and triggers.
Create and Customize Dashboards
Needed for dashboard deployments.
Create and Customize List Views
Required for deploying list views across environments.
Create and Customize Reports
Needed to retrieve and deploy reports.
Create Dashboard Folders
Required for organizing dashboards into folders.
Create Folders for Lightning Email Templates
Required for managing Lightning email template folders.
Create Report Folders
Needed for report folder creation during deployments.
Customize Application
Grants the ability to modify application settings, picklists, and fields.
Edit HTML Templates
Required for modifying classic email templates.
Manage Connected Apps
Required to manage connected apps used for integrations.
Manage Custom Permissions
Enables deployment of custom permissions.
Manage Custom Report Types
Required to deploy custom report types.
Manage Dashboards in Public Folders
Grants control over public dashboards.
Manage Data Categories
Required to deploy data categories for knowledge articles.
Manage IP Addresses
Needed to retrieve and deploy org security settings.
Manage Login Access Policies
Required for deploying login access settings.
Manage Package Licenses
Required for retrieving managed package namespaces.
Manage Password Policies
Required to deploy org password policy settings.
Manage Profiles and Permission Sets
Required for profile and permission set deployments.
Manage Public Classic Email Templates
Needed to modify public email templates.
Manage Public Documents
Required to manage shared documents.
Manage Public Lightning Email Templates
Needed to modify shared Lightning email templates.
Manage Public List Views
Required to modify shared list views.
Manage Reporting Snapshots
Required to manage reporting snapshots.
Manage Reports in Public Folders
Needed for shared report management.
Manage Roles
Required to retrieve and deploy roles and hierarchy.
Manage Session Permission Set Activations
Needed for activating session-based permission sets.
Manage Sharing
Required to retrieve and deploy sharing rules.
Manage Synonyms
Required to manage synonyms for knowledge articles.
Manage Translation
Required to retrieve and deploy translations.
Modify Data Classification
Needed for field data classification and privacy settings.
Modify Metadata Through Metadata API Functions
Mandatory for all deployments.
View All Custom Settings
Required to view and deploy custom settings.
View All Data
Required for running test classes and deployments.
View All Users
Required for retrieving metadata with user ownership details.
View Roles and Role Hierarchy
Required to retrieve role hierarchy.
View Setup and Configuration
Required to view and deploy all metadata components.
Last updated
Was this helpful?