AlumnIQ Admin Documentation
  • README
  • Common Features
    • Identity
    • Xid
    • Google Analytics Tracking
  • Content Management
    • Editing Pages
  • Profiles and Directory
    • Public Resources
      • Account Creation
      • Updating a Profile
      • Using the Directory
    • Administrative Resources
      • Profile Customization
      • Maintenance
      • Capturing Changes
      • Directory Permissions and Inclusion
  • Events Module
    • Event Setup
      • Event Skinning
    • Activity Setup
    • Fees
    • Webinars
    • Products
    • Fair Market Value (FMV)
    • Location Management
    • Access Control
    • Remote Check In [V5]
    • Wingman
    • Customer Service
    • Printing Name Tags
    • Express Registration
    • Reporting
    • Including Warehouse Data
    • Post-Event Survey
    • Post-Event Tasks
      • Matching
  • Image Library
    • Recent Uploads
    • Edit Image
    • Search Images
    • Uploads
  • Email and Lists
    • List Management
    • Delivery Workflow
    • Unsubscribes
    • Exclusions
    • Automated Messages
    • Bounce Handling
    • Spam Complaints
    • Resubscribes
  • Membership
    • Customer Service
  • Volunteer
    • Data Feeds
  • Online Giving
    • Giving Form
    • Global Configuration
    • Donor Cover
    • Setup Paths & Pitches
    • Sending targeted emails
    • Ask Arrays
    • Customer Service & Reporting
    • Tax Receipts
    • Suspended Pledges
    • Payment Processing
    • Give Now
    • Refunds
  • Crowdfunding
    • Introduction
    • Media Recommendations
    • Scheduled Page Updates
    • Challenges
  • Salesforce
    • Installation
    • Integration
    • Security
  • Security
    • Salesforce
    • Shared User Accounts
    • API Keys
    • S3 Keys
  • Data Sync
    • API Basics
    • Sending us your data
    • Getting data out of AlumnIQ (API)
    • API: Financial Data
    • Object Model/ER Diagrams
    • Salesforce
  • Integration Recipes
    • Everyday Events
    • Warehouse Loads
    • Salesforce
  • Compliance
  • Customer Guides
    • Auburn Specific Instructions
    • WWU Specific Instructions
  • Signature Events Service
    • Onboarding and Setup Timeline
    • Integration
    • Payments and Gateways
    • Warehouse Structure and Projection
    • Graphic Specs
    • Giving
    • Where to update what
    • Planning to Attend
    • Bio Update
    • General Configuration
    • Who's Coming List(s)
    • Package Controls
    • Access Controls
    • Strings
    • Health+Safety/Vaccination Attestation
    • Table/Seat Assignment
    • Getting events from contributors across campus
    • Virtual Events and Webinars
    • Staff Assistant
    • Common Scenarios
    • General Registration Management
    • Text and Email Messaging
    • The Pass
    • Watches
    • Housing
    • Post-Event Survey
    • Name Tags and Printing
    • Options for Check In
    • Batch Printing
    • Offloading Clicker Data
    • Event Attendance with Gatekeeper
    • iqKey for fast Gatekeeper access
    • Email Senders
    • Newsletter Archive
Powered by GitBook
On this page
  • Permission Set Groups
  • Permission Sets
  • External Client App
  1. Salesforce

Security

PreviousIntegrationNextSecurity

Last updated 23 days ago

This functionality will be available for customer use in July 2025

The AlumnIQ Sync App has the following security configurations:

Permission Set Groups

  • AlumnIQ Admin Provides comprehensive read and write access to all AlumnIQ custom objects. This permission set is designed for administrative users and should be assigned with caution to ensure proper access control.

  • AlumnIQ User Provides read-only access to the AlumnIQ App and its records. This permission set is intended for users who need to view data without making any modifications.

Permission Sets

  • AlumnIQ EMS Admin This permission set will generally not be directly assigned; use the permission set instead. Provides comprehensive read and write access to all AlumnIQ custom objects. This permission set is designed for administrative users and should be assigned with caution to ensure proper access control.

  • AlumnIQ EMS User This permission set will generally not be directly assigned; use the permission set instead. Provides read-only access to the AlumnIQ App and its records. This permission set is intended for users who need to view data without making any modifications.

  • AlumnIQ Sync Integration This permission set grants full read/write access to all AlumnIQ custom objects. It is intended to be assigned to a single user. Use caution when assigning this permission set as it is used by the external client app to authorize the users assgined to authenticate with your org.

External Client App

The AlumnIQ Sync App includes an external client application configured for OAuth authentication using a JWT (JSON Web Token) bearer flow. This setup enables secure authorization to the Salesforce org by allowing the external app to authenticate as a specific integration user. The JWT bearer flow ensures that no user credentials are directly shared, enhancing security while maintaining seamless integration. You should configure the OAuth Polices to be Admin approved users are pre-authorized and select ONLY the AlumnIQ Syn Integration permission set.

AlumnIQ Admin group
AlumnIQ User group