Granting Doowii Access to Salesforce

This guide explains how your Salesforce admin team can grant Doowii secure access to approved Salesforce data so Doowii can replicate it into Doowii’s Cloud environment for analytics.

Salesforce access is always granted from within your Salesforce org by creating and approving a Connected App. Doowii operates the integration in Google Cloud, but Salesforce authorization, scope, and permissions remain fully under your control.

Prerequisites

  • Salesforce System Administrator access

  • Ability to create:

    • Connected Apps

    • Users and Permission Sets

  • A designated Salesforce integration user

  • Your target Salesforce environment: Production (login.salesforce.com)

1. Overview of Doowii's Salesforce Integration

Doowii uses Salesforce APIs to read (and only when explicitly approved, write) data for analytics, reporting, and AI-assisted insights. This allows Doowii to:

  1. Replicate approved Salesforce data into Doowii’s analytics environment, such as data related to your Advancement Programs, Recruiting, Student & Career Services, Student Success & Support teams, and more.

  2. Support role-appropriate analytics for non-Salesforce users.

Salesforce controls:

  • Which data Doowii can access

  • Which users authorize access

  • Which objects, fields, and records are visible

Doowii supports the following Salesforce authentication methods:

  1. Authorization Code + Refresh Token (standard)

  2. JWT Bearer (by request)

Doowii cannot access data beyond what your Salesforce permissions allow.

2. Suggested OAuth Scopes & Permissions

Depending on your institution’s selected workflows, you may choose Read Only access or Read + Write access on the integration user. Salesforce OAuth scope details are available here.

Recommended OAuth Scopes (Authorization Code flow)

Scope

Purpose

api

Required. Allows access to Salesforce data via REST, Bulk, and SOAP APIs.

refresh_token (aka offline_access)

Required. Allows Doowii to refresh access tokens for scheduled syncs without user interaction.

Not recommended (unless otherwise agreed on)

  • UI-related scopes (web, visualforce, lightning)

  • Product-specific scopes (Data Cloud, Pardot, Analytics) unless explicitly needed

OAuth scopes control which API surfaces Doowii may call. Read vs. write access is controlled by Salesforce permissions, not OAuth scopes.

Access Permission Model

Salesforce data access is governed by the integration user:

  • Object permissions (Read / Create / Edit)

  • Field-level security (FLS)

  • Record-level sharing rules

Recommended default:

Start with read-only object access and expand only if required and agreed on.

3. Step-by-Step Setup Instructions

1

Step 1: Create a Salesforce Integration User

Create a dedicated user for Doowii (not a personal admin account).

  1. Check License Availability:

    • Navigate to Setup > Company Information.

    • Look for details about Salesforce Integration user licenses.

  2. Create the User:

    • Go to Setup > Users > Users and click New User.

    • User License: Select Salesforce Integration.

    • Profile: Select Salesforce API Only System Integrations.

    • Username: Choose username following this format: doowii.integration@[yourorg.edu]

Why this matters:

  • Clear audit trail

  • Least-privilege security

  • Stable long-term integration

2

Step 2: Create a Permission Set for Doowii

  1. Go to Setup → Permission Sets → New

    • Name: Doowii Integration User Access

  2. Grant:

    • Read access to approved objects (e.g., Account, Contact, Opportunity, custom objects)

    • Field-level visibility only for approved fields

    • Record visibility via your existing sharing rules

  3. Assign this permission set to the integration user.

  4. Note, you may also need to click Edit Assignments and enable the Salesforce API Integration license.

3

Step 3: Create an OAuth Client App in Salesforce

Salesforce recommends External Client Apps for new OAuth integrations. If your org still supports Connected Apps, you may use either option, as both are fully compatible with Doowii’s Salesforce integration.

Step 3A: External Client App (recommended)

  1. Navigate to Setup, enter App Manager, and select App Manager

  2. Click New External Client App

  3. Enter a name for the external Client App: Doowii Integration

  4. Set the Distribution State to Local

  5. Enable OAuth 2.0 Authorization Code flow

  6. Enter the Doowii callback URL (Provided by Doowii during onboarding)

  7. Select scopes (api, refresh_token)

  8. Save and request admin approval

Step 3B: Connected App (if already enabled)

  1. Navigate to Setup, enter App Manager, and select App Manager

  2. Click New Connected App

  3. Enable OAuth

  4. Enter the Doowii callback URL (Provided by Doowii during onboarding)

  5. Select scopes (api, refresh_token)

  6. Save and approve

Note, it may take up to 10 minutes for a new OAuth Client App to propagate through Salesforce's servers, and up to 15 minutes for changes to app and access settings to take effect.

4

Step 4: Approve and Install the Connected App

Salesforce requires explicit approval before an app can issue tokens.

  1. Navigate to Setup > Connected Apps OAuth Usage.

  2. Find [The New App] in the list

  3. In the Action column, click Install (if it says "Uninstall" it is already installed)

  4. Review the information and click Install

  5. Approve OAuth Policies by going to Setup > Manage Connected Apps > [The New App] > Edit Policies

  6. Select "Admin approved users are pre-authorized" in the Profiles or Permission Sets detail page

  7. Save

Recommended settings:

  • Permitted Users: Admin approved users are pre-authorized

  • Assign access via a Permission Sets

5

Step 5: Share Connection Details with Doowii

Share the application details with Doowii.

  • Salesforce login URL (this should be your Production URL)

  • Connected App Consumer Key

  • Connected App Consumer Secret

  • Integration User username

6

Step 6: Authorization & Validation

Once shared, Doowii will:

  1. Complete the OAuth authorization flow

  2. Exchange the authorization code for access + refresh tokens

  3. Validate object and field access

  4. Confirm record counts and ingestion readiness

4. Operational Expectations

Data Freshness & Refresh Cadence

Doowii supports multiple refresh patterns, depending on your needs. The standard refresh patter is nightly, unless otherwise agreed upon.

Pattern

Typical Use

Nightly sync

Standard reporting

Every 4–6 hours

Operational dashboards

Incremental updates

Near-real-time monitoring

Change Data Capture (optional, CDC must be enabled))

Event-driven freshness

Refresh strategy is configured after initial access is established.

Trusted Salesforce Connectors references

PreviousGranting Doowii Access to Google Classroom

Last updated

Was this helpful?