Security

The AlumnIQ Sync App has the following security configurations:

Permission Set Groups

• AlumnIQ Admin Provides comprehensive read and write access to all AlumnIQ custom objects. This permission set is designed for administrative users and should be assigned with caution to ensure proper access control.

• AlumnIQ User Provides read-only access to the AlumnIQ App and its records. This permission set is intended for users who need to view data without making any modifications.

Permission Sets

• AlumnIQ EMS Admin This permission set will generally not be directly assigned; use the AlumnIQ Admin group permission set instead. Provides comprehensive read and write access to all AlumnIQ custom objects. This permission set is designed for administrative users and should be assigned with caution to ensure proper access control.

• AlumnIQ EMS User This permission set will generally not be directly assigned; use the AlumnIQ User group permission set instead. Provides read-only access to the AlumnIQ App and its records. This permission set is intended for users who need to view data without making any modifications.

• AlumnIQ Sync Integration This permission set grants full read/write access to all AlumnIQ custom objects. It is intended to be assigned to a single user. Use caution when assigning this permission set as it is used by the external client app to authorize the users assgined to authenticate with your org.

External Client App

The AlumnIQ Sync App includes an external client application configured for OAuth authentication using a JWT (JSON Web Token) bearer flow. This setup enables secure authorization to the Salesforce org by allowing the external app to authenticate as a specific integration user. The JWT bearer flow ensures that no user credentials are directly shared, enhancing security while maintaining seamless integration. You should configure the OAuth Polices to be Admin approved users are pre-authorized and select ONLY the AlumnIQ Syn Integration permission set.