Permission Set Provisioning
Creating a HelloSign account for your Salesforce users allows for HelloSign setting defaults to be applied to all users sending from Salesforce.
HelloSign User provides the ability to
- Create templates
- Edit templates
- Send with Template
- Send one off document
- Read and Create HelloSign Logs
HelloSign Admin provides the ability to
- Connect to HelloSign with any Salesforce profile
- Delete Templates
- Delete Signature request records
- Delete Logs
- All functions of HelloSign User
REQUIRED SETTINGS for 3.77.3 and earlier
If you are on version 3.77.3 or earlier and using a Salesforce non-system administrator profile the following items must be enabled for the connected user. We recommend cloning our HelloSign Admin permission set.
System Preferences Section
- Apex REST Services
- API Enabled
- Customize Application (this will auto check a few additional boxes)
Apex Class Access Section
REQUIRED ACCESS for Profiles
If you are connecting with a Salesforce non-system administrator profile the following access is required.
- User must have read access on all the objects on which HelloSign looks up to. This includes our out-of-the-box objects (account, opportunity, contact, lead), as well as any custom supported objects.
- If you have a private sharing model you must have View All on the objects on which HelloSign is being used.
- If HelloSign writeback fields are being used the connected user must have edit on the object on which HelloSign is being used as well as edit access to the fields being updated.
- If there are any Salesforce processes that run in relation to the objects on which you are using HelloSign the connected user must include Modify All on those objects.
CALLOUT for CPQ
With our HelloSign for Salesforce CPQ package you must clone our admin permission set and give View All on the Salesforce Documents object.
API Only Integration (READ CAREFULLY — THE BELOW IS NOT APPLICABLE FOR MOST USE CASES)
HelloSign's admin and user permission sets are typically sufficient for most organizations. If your connected user should only have API access follow these steps. This will prevent the connected user from logging into Salesforce via the UI.
- Select of create a new Salesforce user with the HelloSign Admin permission set.
- Make sure the email associated with this user is one you can access and you will be able to login directly to Salesforce as this user.
SUCCESS: Integration User selected with HelloSign Admin permission set
- Setup > Users > Permission Sets
- Clone the HelloSign Admin permission set
- Name the new permission set something like HelloSign (API Only)
- Click System Permissions in the new cloned permission set
- Click edit
- Check API Only User
SUCCESS: HelloSign (API Only) permission set created
- Login as the integration user
- Connect to HelloSign
- Logout of Salesforce
SUCCESS: HelloSign is connected to Salesforce via the integration user
- Log into Salesforce as a user with the System Admin profile
- Remove the integration users HelloSign Admin permission set and replace with the HelloSign (API Only) permission set.
SUCCESS: HelloSign will remain connected to Salesforce. The integration user will be unable to log into Salesforce via the UI.
Updated about 1 year ago
You're all ready to send signature requests!
But, there's a lot more you can do to configure HelloSign for Salesforce for your specific use case. Below is a list of popular configurations.