Selecting an authentication method depends on your Salesforce environment's needs for access control, cost, and audit requirements. Below is a comparison of available methods to help you decide which suits your use case.
Per-workspace authentication
Authenticate the entire workspace using a single set of credentials. All users share access based on the workspace's credentials.
Implications
Audit/History impact: Actions in Salesforce are logged under the workspace connection user, which may not reflect individual activity.
Visibility and access control: Users inherit the permissions of the workspace connection. This may grant access to data outside their typical permissions.
Recommended use case
Suitable when uniform access for all users is sufficient and there are no stringent requirements for tracking specific user activities within Salesforce.
Watch an overview video on how to connect/disconnect:
Per-user authentication
Each user authenticates with their own Salesforce credentials, ensuring individualized access and activity tracking.
Implications
Audit/History impact: All actions are logged under the individual user's name, providing a precise audit trail.
Visibility and access control: Users can only access data within their Salesforce permissions.
Important: If the per-user connection is not authenticated, the workflow runner will default to using per-workspace authentication to retrieve and update data.
Recommended use case
It's ideal when it's crucial to maintain precise control over data access and ensure accountability for actions in Salesforce.
Watch an overview video:
Workato per-workspace authentication
Workato recipes use workspace authentication to interact with Salesforce using a shared set of credentials.
Implications
Audit/History impact: Actions appear under the workspace connection user.
Visibility and access control: Permissions of the workspace credentials apply to all actions.
Recommended use case
Used by Workato automations and recipes, specifically to get entity schema from Salesforce (template sidebar) and to search opportunities (workflow’s step “Pull data from integration”).
Watch an overview video:
API user (integration user) authentication
An API-only user provides dedicated credentials for integrations without requiring a full Salesforce license.
Implications
Audit/History impact: Integration activities are logged under the API user, distinguishing them from manual user actions.
Visibility and access control: Configurable permissions limit the scope of actions, enhancing security.
Recommended use case
It is best suited for scenarios where the integration must perform actions without direct human interaction, minimizing the use of full-access user licenses and maintaining a clear separation between automated and user-driven activities.