Summary
Salesforce provide two methods to restrict access to the LearnUpon connected app: profiles, or permission sets.
If you have a good profile structure, profiles are a good option. You select existing profiles to restrict access.
If you don't use profiles in Salesforce, permission sets are easier to use than cloning profiles and moving users across.
The LearnUpon package provides a default permission set, named LearnUpon. To use this permission set, you need to:
- clone the permission set
- assign the LearnUpon connected app to it
Clone the LearnUpon permission set
- Navigate to Setup > Manage Users > Permission Sets.
- Find the LearnUpon permission set, and select Clone to open the Clone window.
- In Label, enter LearnUpon Complete, and in API Name enter LearnUpon_Complete.
- Save to finish cloning the permission set.
- Open your newly created permission set, select Assigned Connected Apps and select Edit from the dropdown list.
- In Installed Connected Apps, choose LearnUpon, select Add to move it to Enabled Connected Apps, and Save to finish.
Assign the cloned permission set to users
- Select Manage Assignments > Add Assignments.
- Choose the users who you are giving access, and select Assign.
- Save to finish.
Update the LearnUpon Connected app and provide access to users
LearnUpon offers two different options to control access to the LearnUpon Connected app: the cloned permission set, or using profiles.
Navigate to the LearnUpon Connected App and update the OAuth Policies
- In Salesforce navigate to Setup > Manage Apps > Connected Apps.
- Select LearnUpon to open the Connected App page.
- In Connected App page, select Edit Policies.
- In OAuth Policies section, change Permitted Users selection to Admin approved users are pre-authorized. An alert appears: select OK to confirm.
- Save to finish.
Option 1: Provide access using the cloned LearnUpon permission set
After you lock the access to the connected app through OAuth policies, two additional sections appear on the Connected App page: Profiles and Permission Sets.
The cloned LearnUpon permission set LearnUpon Complete is already selected. (If not, select Manage Permission Sets, select the cloned permission set, and Save.)
Ensure you assign this permission set to all of the relevant users: see Assign the cloned permission set to users.
Option 2: Providing access via profiles
As in option 1, after you lock the access to the connected app through OAuth policies, two additional sections appear on the Connected App page: Profiles and Permission Sets.
- Within Profiles, select Manage Profiles.
- Select the appropriate profiles to provide access to LearnUpon.
- Save to finish.
Cloning Salesforce profiles, vs creating new profiles, vs cloning the LearnUpon permission set
This decision depends on how your organization uses Salesforce features. Some organizations manage access through permission sets: it is a dynamic option, and users can hold multiple permission set assignments, which are easier to maintain.
Others prefer to maintain access via existing or cloned profiles.
It is your decision as the Salesforce admin: you manage access to LearnUpon using the same process.