InformationTitleLeanData Admin - Token Authorization GuideURL NameLeanDataAdminTokenAuthorizationGuide6901f51972c07Step-by-StepContents: OverviewAuthorizing Tokens for LeanDataSwitching Primary and Secondary User TokensToken User PermissionsCommon Token Errors Overview For customers operating under LeanData Standard Configuration mode, LeanData requires one or more active Salesforce Users to authorize a token for each of its products to properly sync settings, provide monitoring, and perform actions in Salesforce on your behalf. If all the token Users are deactivated, your LeanData products may stop working as intended. Please Note: The User(s) who authorize tokens do not need to be the same as the LeanData Integration User. If you would like to designate a User as the LeanData Integration User, please see the article: How Do I Change the LeanData Integration User? Authorizing Tokens for LeanData Please Note: If your LeanData interface looks different from the below instructions, you may be on an older version of LeanData. Please contact LeanData for authorization instructions for your specific version. Have your intended User log in to Salesforce. This User must log in directly in order to Authorize a token. You cannot use the Log In as Another User feature in Salesforce to authorize a token. when considering which User should authorize tokens, please consider the Token User Permissions. From within the LeanData Application, navigate to Admin > Settings > Authorization tab. You can also click the Token Authorization button from the LeanData Dashboard page. Click the Authorize Salesforce Token button to authorize the currently logged in User as the primary User Token. Follow the Salesforce prompts to allow access by clicking Allow. You should be taken to a page confirming a successful connection. Repeat this authorization process for each User you would like to be a Primary or Secondary User Token for any of your LeanData products. Switching Primary and Secondary User Tokens By default, the first User who authorizes a token with be the default Primary User Token for all your LeanData products. In order to switch the User Token, you will have to log in as your desired User and follow the Authorizing Tokens for LeanData instructions above. Once additional User Tokens are authorized, you can select different User Tokens for different LeanData Products, as well as designate Secondary User Tokens that LeanData can use if the Primary Tokens are ever de-authorized. From within the LeanData Application, navigate to Admin > Settings > Authorization tab. You can also click the Manage Authorized Tokens button from the LeanData Dashboard page. At the bottom of the authorization page, you will see the different products where LeanData requires a User Token. If you would like to change the Primary or Secondary User Token for any LeanData products, use the dropdown to select the authorized User Token you would like for each LeanData product. Only User Tokens that have previously been authorized will appear in these dropdowns. You cannot select the same User as both the Primary and Secondary User Token. The Same as Routing option will utilize the same Token that you have selected for the Routing product.If you have User with an invalid token selected for any of these, you will see an error message that the User is invalid. Please authorize a valid User Token.Click Save Changes when you are finished assigning Primary and Secondary User Tokens for each LeanData Product. Please note: you will only see products for which you have a current LeanData subscription. Token User Permissions Each LeanData product requires a different set of minimum permissions for its Token Users. Please see below for the minimum permissions needed for the Token User for each LeanData product. Red = RequiredGreen = Nice to Have Routing Administrative Permissions API Enabled Ensures that your LeanData team has the ability to sync LeanData-related settings to your org and has visibility for troubleshooting. Assign Permission Sets Required to assign LeanData permissions to Users Manage Custom Permissions Custom permissions let you define access checks that can be assigned to Users via permission sets or profiles. Allows for more robust troubleshooting for LeanData regarding other custom processes & apps that may require custom permissions. Manage Custom Report Types Allows customizing, editing, and deleting custom reports. Manage Package Licenses You can assign each license to a User within your organization Manage Users Needed to have LeanData as an option for remote access. Modify MetaData Through Metadata API functions (Dependency for API Enabled, not a token related thing but LD Admin does need this permission to add RSS) View All Data Managing all data in an organization; for example, data cleansing, deduplication, mass deletion, mass transferring, and managing record approvals. Nice to have for debugging purposes, if needed. The following permissions are dependencies for View All Data: Object Permission: Read and View All on all standard and custom objects System Permissions View Setup and ConfigurationView Event Log Files, View Dashboards in Public FoldersView Reports in Public FoldersView Login Forensics EventsView Real-Time Event Monitoring Data Accounts (read, create, edit, view all) Needed to access this object (read, create, edit, and view all Account records). Leads (read, edit, delete, view all) Needed to access this object (read, edit, delete, and view all Lead records). Contacts (read, create, edit, view all) Needed to access this object (read, create, edit, and delete Contact records). Opportunities (read, create, edit, view all) Needed to access this object (read, create, edit, and delete Opportunity records). Case (read, edit, delete, view all) Needed to access this object (read, edit, delete, view all Case records). Task (read, create, edit, view all) Needed to access this object (read, create, edit, delete, and view all Task records). Event (read, view all) Needed to access this object (read and view all Event records). Campaign Member (read, view all) Needed to access this object (read and view all Campaign Member records). Campaign (read, view all) Needed to access this object (read and view all Campaign records). View All Users Needed to be able to reference & view a list of Users for our various User dropdown menus (record assignments, configurations, etc.) Customize Application Enables certain native SFDC capabilities. Nice to have for debugging purposes. View Setup and Configuration Needed to access Async Apex Jobs and for proper User Provisioning. General User Permissions Convert Leads Needed to be able to convert leads in LeanData Routing Create and Customize Reports Allows for Creating Native SFDC reports Manage Leads Required in order to change/update lead ownership & lead field values. Report Builder Enables Salesforce’s drag and drop report creation interface. Run Reports Basic permission to run reports and receive the full report data. LeanData Permission Sets LeanData Custom Objects Full Access LeanData Permission Set for access to LeanData Custom Objects BookIt Token Permission Requirements LeanData Custom Objects Full AccessLeanData Permission Set for access to LeanData Custom ObjectsLead Read access for all fields used in the graphsWrite permission will be required for the Owner assignment field, and meeting status field. (BookIt for Forms / Handoff)Create permission will be required for certain lead fields with Links. Account Read for all fields used in the graphsRead for AccountTeamMember, if using Account Teams. Opportunity Read for all fields used in the graphs Contact Read for all fields used in the graphsWrite permission will be required for the Owner assignment field, and meeting status field. (BookIt for Forms / Handoff) Events Read/Write/Edit will be required for all fields used within event creation (BookIt for Forms, Links, Handoff, rescheduling event date/time fields, cancel event stamp) Other Related Objects & Variables Read permission will be required for any object/field referenced via lookups in any node (such as set variable, lookups off regular objects in schedule nodes, send notification, territory field mapping variables, event creation variable values RHS, Group booking variable references)Read permission will be required for any object referenced in smart rep Get Record nodes, smart rep general object decision nodes. NotifyPlus Token Permission Requirements API EnabledRequired for all LeanData API operationsLeanData Custom Objects Full AccessNeeded to Read/Write to LeanData Objects like CCIO, Time to Action Tracker, and API Metric ObjectsPrimary Object (Record that enters NotifyPlus Node) Read/Write for all fields related to the graph Target Record (Record that is updated)Read/Write all fields referenced in the node form for that object type.Other Related Records To assign records to any lookup fields, we will need to be able to read at least the name and ID of those records. Common Token Errors The following are some of the more common errors you may encounter when authorizing User Tokens. Remote Site ExceptionYour Salesforce Org does not have a LeanData Remote Site installed. Follow the instructions in the Adding the LeanData Remote Site Settings Guide.Inactive UserOne or more of your designated User Tokens belongs to an inactive User in Salesforce. Reactivate the User, select a different User, or authorize a new active User Token.Authorization failedAuthorization failed for a unspecified reason. Retry at a later time.OAUTH_APP_BLOCKEDYour Salesforce organization may be blocking the LeanData OAuth Connected App. Navigate to Salesforce Setup > Connected Apps and ensure the LeanDataOL Connected App is not blocked.OAUTH_APP_ACCESS_DENIED Your Salesforce organization's Connected Apps OAuth policies do not permit this user to authorize. From Salesforce Setup > Profiles, select the profile for the User attempting to authorize.Click Assigned Connect AppsClick the Edit button under the Assigned Connected Apps section.Move LeanDataOL into the Enabled Connected App section.Click Save. app+must+be+installed+into+org Please follow the instructions in the Install Trusted Connected Apps section in the Prepare for Connected App Usage Restrictions Change Salesforce article. For additional assistance with any of the above errors or any other Token errors, please reach out to LeanData support.
