Users in Salesforce are assigned profiles based on different levels of access to objects, data and administrative permissions within the system.
As we know, in Pardot we have Administrator, Marketing, Sales Manager and Sales default user roles, whereas in Salesforce, we have a few more default user profiles, including System Administrator, Marketing User etc. When creating a new user in Salesforce, the profile will depend solely on which User Licence is selected in the previous step.
Now, this can be confusing as you may be thinking that profiles and roles are the same. In the two orgs, these two are separate but act as the same functionality in their respective instance. They both allow/disallow users visibility over functions and features depending on which role (Pardot) or profile (Salesforce) they are given.
This is important as once Salesforce User Sync is enabled, you must map the users in Salesforce and Pardot so that they have the same permissions in both orgs. If incorrectly mapped, the user may have incorrect or restricted access in one of the orgs, resulting in frustration.
To learn more about creating a user in Salesforce, please refer to our blog: How to Set Up New Pardot Users: Pardot SSO, User Sync & Business Units.
Salesforce User Sync & Identity License Mapping:
Salesforce User Sync and the SSO update
The problem we face since the single-sign-on (SSO) update is that Pardot-only users have a specific role within Pardot, can this be amended for each user?
The answer is, we can create custom profiles specifically for Identity users in Salesforce.
Reason being, you can ensure they have the correct permissions for their role and align this with Pardot for best practice.
Example Salesforce Profiles we can create for Identity Licence Users are:
- Identity User - Marketing
- Maps to a Marketing Role in Pardot
- Identity User - Admin
- Maps to an Admin Role in Pardot
- Identity User - Sales
- Maps to a Sales Role in Pardot
- Identity User - CUSTOM USER ROLE
- For Pardot accounts with Custom User Roles, we can create more Identity user profiles to map to a Custom User Role
Setting up a custom profile
Note: Before we create a new customer profile, we need to ensure that the Enhanced Profile User Interface is Disabled. To check go to your User Management Settings in Setup.
1. Simply head to Salesforce Setup | Profiles
2. Choose the Identity User profile to clone (this already has the Identity User Licence)
3. Enter the name of the Profile e.g Identity User - Admin
4. Save
Repeat this for the other custom profiles.
These custom profiles are now available to select when creating a new user in Salesforce with the Identity Licence.
Enabling Salesforce User Sync
Note: Salesforce User Sync will be enabled by default if your Pardot account was created after the Summer 20 Release.
1. In Pardot select Admin (Pardot Settings in the Lightning app), and then User Management | Users.
2. Click Enable Salesforce User Sync button.
3. Follow the prompts.
4. Map Salesforce profiles to Pardot user roles. All assigned Salesforce users with the selected profiles are created as Pardot users with the assigned Pardot role.*
5. Confirm the settings.
6. When finished mapping profiles, click Enable Salesforce User Sync.
* With the newly created custom profiles, when we enable Salesforce User Sync we can choose the applicable profile for the corresponding Pardot role.
Mapping profile-to-role
Profiles will now only be used to map over user roles in Pardot. To map Salesforce profiles to Pardot roles:
1. Head to Connectors (Under Pardot Settings in Pardot Lightning and Administration in pi.Pardot) and click the cog on the Salesforce connector.
2. Click Edit Settings’.
3. Once there, you will need to click on the User Sync’ tab (as shown in the screenshot below).
By default, the custom profiles will automatically map to a Marketing Pardot role, to change this click on the checkbox to the left to select the profile you would like to change and then choose the desired role from the dropdown.
4. Save your changes.
So, next steps…
When Salesforce User Sync has been enabled, we are able to transfer user management to a singular instance - Salesforce. This simply means that when creating new users, this will be done in Salesforce, rather than either org, allowing for a simplified and streamlined approach for user management.
It is important to note that we recommend assigning users to Pardot prior to switching user management as Pardot users who are not assigned will be moved to the recycling bin when this is enabled.
For a full list of considerations, please visit the Salesforce help article linked here.
I hope this blog has highlighted some best practice methods useful for sorting your user management! If you have any questions about the process, feel free to get in touch with the team here at MarCloud Consulting.