To power seamless automation and intelligent support experiences, Fin integrates deeply with your Salesforce instance. This integration requires specific object and field-level permissions.
This article will walk you through:
Why these permissions are important
Who needs them
How to implement them
A complete reference table of the required permissions
Why these permissions matter
Required for handoffs to salesforce (Human agent or Case)
Synchronising state with salesforce
Data needed to drive workflows e.g. Contact data
Who needs these permissions?
The OAuth Salesforce user – the one linked during integration setup
What permissions does the OAuth user require
Your Salesforce organisation should have API enabled - see Salesforce Error 'API not enabled for this Organization or Partner'
The user that connects to salesforce should not have API restrictions - see Restrict Access to APIs with Connected Apps
Connect to the Salesforce In-App Messaging API (MIAW)
For Fin to be able to hand-off live chats to your team in Salesforce, it needs a connection to the In–App Messaging API. This requires an embedded service deployment to be set up in Salesforce.
Instructions
Go to embedded service deployment in Salesforce.
Click New Deployment.
Click Messaging for In-App and Web.
Choose Custom Client.
Give it a name (e.g. “Fin”), select your Messaging Channel, then Save. If you don’t already have a Messaging Channel, you’ll need to create one.
Go into your new custom client, and click the publish button in the top right hand corner.
Select Code Snippet.
Copy the Developer name and URL into the form to connect.
How to set up the permissions
Navigate to Deploy>Fin Messenger>Install permissions in Salesforce.
The following steps will create an unmanaged package in salesforce with all of the permissions needed for Fin to run on the Cases channel. To do this:
Initiate installation of the permissions package.
In the section "What if existing component names conflict with ones in this package?", select "Do no install".
Select "Install for all users" – this means that the permission set can be assigned to any user if you choose.
Wait until it finishes - no errors should be shown
Assign the permission set
Now you’ve installed the permission set in Salesforce, you’ll need to assign it to the user who authorized the connection to Fin.
In Salesforce navigate to the user who authorized the connection to Fin
From their profile, scroll down to the Permission Set Assignments section and click Edit Assignments
Select Intercom Fin AI Permissions and apply the permission set
Required Salesforce permissions
Salesforce Object | Fields | Operations | Why It's Needed |
MessagingSession | Status, ConversationId | Read | Checking the status of the MessagingSession |
Conversation | Id, ConversationIdentifier | Read | To get the right messaging session |
CaseFeed | Id, Title, Body, Type, CreatedBy.*, CreatedDate, Visibility, ParentId, LastModifiedDate | Read | Required for adding a transcript with a case handoff |
FeedItem | Id, Body, ParentId, IsRichText, Type, Visibility, CreatedDate, CreatedById, LastEditById | Create | Adds conversation transcripts and AI summaries to cases |
Case | Id, Subject, Description, ContactId, OwnerId, SuppliedEmail, SuppliedName, Origin, SourceId, FinInvolved__c, FinResolutionState__c | Create, Read, Update | Core case creation, handoff, and field sync |
Contact | Id, Email, CreatedDate, FirstName, LastName | Create, Read | Needed when creating or associating contacts to cases |
User | Id, ContactId, FirstName, LastName, Email, UserType, IsActive | Read | Enables assigning cases to specific users |
Group | Id, Name, Type | Read | Grants visibility into Salesforce queues |
QueueSobject | QueueId, SobjectType | Read | Allows selection of queues for routing cases |
PermissionSet | Name | Read | Allows us to confirm if the permission package is installed |
PermissionSetAssignment | PermissionSetId, AssigneeId | Read | Allows us to confirm if the permission set is assigned to the right user. |