Connecting Act-On with Salesforce when you have MFA enabled

  • Updated

To combat security threats, Salesforce now requires accounts to set up Multi-Factor Authentication (MFA). Previously called two-factor authentication (2FA), MFA is a more secure form of authenticating users. To establish a working connection between Act-On and your Salesforce CRM API, you may need to create an integration-only user login with the appropriate permissions.

What does this mean for your Act-On and Salesforce CRM Connector?

If you are enabling Multi-factor authentication for your Salesforce account, you must connect to Act-On with a user that does not have the setting Multi-Factor Authentication for API Logins enabled. If you are not enabling this setting for your account then you likely do not need to take further action.

However, if your organization needs to turn on Multi-Factor Authentication for API Logins for all users, this will cause problems connecting to Act-On. To re-connect, you should create an integration-only user if you have not already done so. This user should also be assigned to a permission set that contains the minimum required permissions to connect with Act-On. This user can also be classified as an API-only user in Salesforce to meet your security policies.


Salesforce Administrators can follow these steps to ensure your connection between Act-On and Salesforce CRM continues to work after you enable MFA for your account.

Create an Integration User and Permission Set in Salesforce

If you have not already done so, in Salesforce, create an integration-only user and an integration-only permission set, and then apply the permission set to the user. To do this, follow the steps in the section Create a Separate Admin User Account in Salesforce.

Additional Permissions

  • Oauth for the Act-On Lightning Support App is required for the System Administrator and any Act-On users. Instructions for this are here.
  • Enable Read access on any custom objects that you would like Act-On to have access to.
    • Act-On can integrate with custom objects that are related to Leads and Contacts. Please contact your Customer Success Manager for more information.
  • Edit Record Type Settings to select only the record types you want Act-On to have access to. This is configured at the object level (eg Leads, Contacts, Accounts).
  • Drill down on objects in field-level security settings and block unneeded fields that are not required for marketing purposes.

More about Data Fields in Act-On

  • Pay attention to your organization's data policy for the use and transfer of data such as non-public personal information and data protected by regulation (eg HIPAA).
    • See also our Acceptable Use Policy regarding inappropriate data types to store in your Act-On account.
  • Be mindful that synchronizing too many fields may negatively impact performance. Generally, fewer than 100 fields are necessary to sync between Salesforce and Act-On across all objects.

Next Steps: Connect Your New Integration-Only User to Act-On

Next, you can connect to Act-On using our regular instructions. You will need to create a security token for the integration user.

Was this article helpful?

Have more questions? Submit a request