User Permissions to Send for Signature

Dropbox Sign for Salesforce provides two permission sets that can be found in Setup > Manage Users > Permission Sets. They are titled “Dropbox Sign_User” and “Dropbox Sign_Admin”. These permission sets can be cloned to make custom versions to fit whatever use cases you may have.


Permission Set Provisioning

Creating a Dropbox Sign account for your Salesforce users allows for Dropbox Sign setting defaults to be applied to all users sending from Salesforce.


Dropbox Sign User provides the ability to

  • Create templates
  • Edit templates
  • Send with Template
  • Send one off document
  • Read and Create Dropbox Sign Logs

Dropbox Sign Admin provides the ability to

  • Connect to Dropbox Sign with any Salesforce profile
  • Delete Templates
  • Delete Signature request records
  • Delete Logs
  • All functions of Dropbox Sign User


REQUIRED SETTINGS for 3.77.3 and earlier

If you are on version 3.77.3 or earlier and using a Salesforce non-system administrator profile the following items must be enabled for the connected user. We recommend cloning our Dropbox Sign Admin permission set.

System Preferences Section

  • Apex REST Services
  • API Enabled
  • Customize Application (this will auto check a few additional boxes)

Apex Class Access Section

  • HelloSign.HSignSetSettingsApi



If you are connecting with a Salesforce non-system administrator profile the following access is required.

  • User must have Read Access on all the objects on which Dropbox Sign looks up to. This includes our out-of-the-box objects (account, opportunity, contact, lead), as well as any custom supported objects.
  • If you have a private sharing model you must have View All on the objects on which Dropbox Sign is being used.
  • If Dropbox Sign writeback fields are being used the connected user must have edit on the object on which Dropbox Sign is being used as well as edit access to the fields being updated.
  • If there are any Salesforce processes that run in relation to the objects on which you are using Dropbox Sign the connected user must include Modify All on those objects.



With our Dropbox Sign for Salesforce CPQ package you must clone our admin permission set and give View All on the Salesforce Documents object.



Dropbox Sign's admin and user permission sets are typically sufficient for most organizations. If your connected user should only have API access follow these steps. This will prevent the connected user from logging into Salesforce via the UI.

  • Select to create a new Salesforce user with the Dropbox Sign Admin permission set.
  • Make sure the email associated with this user is one you can access, and you will be able to log in directly to Salesforce as this user.

SUCCESS: Integration User selected with Dropbox Sign Admin permission set

  • Setup > Users > Permission Sets
  • Clone the Dropbox Sign Admin permission set
  • Name the new permission set something like Dropbox Sign (API Only)
  • Click System Permissions in the new cloned permission set
  • Click edit
  • Check API Only User
  • Save

SUCCESS: Dropbox Sign (API Only) permission set created

  • Login as the integration user
  • Connect to Dropbox Sign
  • Logout of Salesforce

SUCCESS: Dropbox Sign is connected to Salesforce via the integration user

  • Log into Salesforce as a user with the System Admin profile
  • Remove the integration users Dropbox Sign Admin permission set and replace with the Dropbox Sign (API Only) permission set.

SUCCESS: Dropbox Sign will remain connected to Salesforce. The integration user will be unable to log into Salesforce via the UI.

What’s Next

You're all ready to send signature requests!
But, there's a lot more you can do to configure HelloSign for Salesforce for your specific use case. Below is a list of popular configurations.