Skip to content
  • There are no suggestions because the search field is empty.

Permissions Needed to Integrate Salesforce

This article outlines the specific permissions (scopes) Accord requires to connect to Salesforce and what each does.

Key Takeaways 

Accord requires the following scopes

  • Access the identity URL service (id, profile, email, address, phone)
  • Manage user data via APIs (api)
  • Manage user data via Web browsers (web)
  • Perform requests at any time (refresh_token, offline_access)

Overview 

When authorizing Accord to connect with your Salesforce instance, you'll be presented with a list of permissions, also known as scopes

We have done our best to limit the amount of scopes and only require the bare minimum. Each scope is described below. 

Note: these scopes should be turned on by default for most Salesforce users.

Instance Wide Connection vs. Individual Connection 

Instance Wide Connection (Connection Owner)

When establishing the initial connection between Accord and Salesforce, you will set the Instance-wide connection, called the Connection Owner. This connection is set at the CRM Settings page – Settings > Workspace > CRM, and can be modified at any time. 

This is the main account Accord will use to sync data between Accord and Salesforce. We highly recommend using a Salesforce user that has the System Administrator role.  

Screenshot 2026-03-19 at 1.44.17 PM-1

UI to control the Instance-wide connection owner (CRM Settings page – Settings > Workspace > CRM)

Individual Connection

Each Accord user also has their own connection between Accord and Salesforce. This connection is per-user, and is set in the user profile setting page – Settings > Personal > Profile.  

Having a user enable these settings allows Accord to leverage this connection to make updates to Accord. For example, if a user modifies a Salesforce field that has been embedded into Accord, Accord will use this user's Salesforce account to make the connection. This allows you to preserve the permissions you have set for each of your Salesforce users and create an audit log of changes made.

Scopes

Access the identity URL service (id, profile, email, address, phone)

  • What it does: This scope grants Accord access to basic information about your Salesforce users, including their unique user ID, profile details, email address, etc.

Manage user data via APIs (api)

  • What it does: This core scope allows Accord to interact with Salesforce data programmatically using Salesforce APIs. 

Manage user data via Web browsers (web)

  • What it does: This scope enables Accord to interact with Salesforce data when a user is actively logged into a web browser. 

Perform requests at any time (refresh_token, offline_access)

  • What it does: A refresh token allows Accord to obtain new access tokens without requiring the user to explicitly re-auth the application each time the initial access token expires. 

Reference: For more detailed information about OAuth scopes in Salesforce, you can refer to the official Salesforce documentation