It's almost two years now since Salesforce gave us all a gift by allowing five free API-access only integration users (and more cheap), which contains costs and improves security and audit-ability. But there are plenty of vendors out there that haven't gotten around to updating their packages to explicitly support this. Give Lively, one of my top recommendations to clients, is one of those vendors.
But supported or not, you definitely can use free integration users for Give Lively and save some money. You just have to figure it out for yourself. (Or just follow the instructions I'm going to give below.)
Meet Give Lively
Give Lively is a donation processing platform that's free. (Like a beer, not like a puppy!) That means you can set up your account and start taking donations without any contract cost. Give Lively charges processing fees that vary depending on the transaction type. (Those fees are imposed by the transaction processing networks.) But Give Lively itself is funded by philanthropy and does not charge any fees of its own, nor do they charge for integration to Salesforce.
Donors have the opportunity to cover the transaction fees, transparently offered as an option on the Give Lively form. And forms can also ask donors to give an additional gift to Give Lively at the time of donation. As I recall, these are also options you can turn off for your forms.
And, perhaps most importantly for you, it's very easy to set up a new Give Lively account and get it connected so that donation data flows to your Salesforce instance. But their documentation indicates that "The Give Lively integration does not currently support the new Salesforce Integration user license type. At this time we recommend utilizing a standard Salesforce user license."
Let's Try It Anyway
At some point I either hadn't read that, or it wasn't in the documentation yet, or I just decided to ignore it. I think probably I was excited to save a client a paid license and just went about trying it out before Give Lively had even assimilated that Salesforce had released the free users. So I don't think there was documentation saying it couldn't be done, I just had to figure out what to do.
There are plenty of examples of apps out there that insist that to work with their tool you need a system administrator profile. Some dip their toe in good security practice and say you don't need a sysadmin profile but that you need permissions to view any object or field and change any setting in the app. While I'll concede this might be required for certain bits of functionality in some apps, it has to be rare. Saying "you need to be a sysadmin" is just being lazy. If you tell people they can only use your app as a sysadmin then you don't have to put as much thought into what missing permissions could get in the way.
Give Lively's integration is a good example of this. At its heart, if you think about it, the Give Lively integration just needs to be able to insert an opportunity, contact, and/or campaign. That's eminently possible for non-admin users. (Please assure me that your fundraising users are not on a sysadmin profile!)
When you log into the back end of Give Lively and work with the Salesforce integration setup, you can see that they've built a tool that will automatically apply permission sets to the sync user. The ability to actually do that requires an admin-type permission. But first of all, that tool is kinda' optional. We could manually grant permission sets. And anyway, you can grant the permissions that tool needs without granting all the other permissions of sysadmin. So at some point Give Lively saying they don't support free integration users is just them being unwilling to work on updating their package. I get it—we're all busy and bandwidth and funds are limited—but if you don't want to change the package, you could still change the documentation.
I know there are other integrations out there that require a sysadmin profile because the integration actually checks that the profile of the integration user is System Administrator. (I'm looking side-eye at you, Classy.) That's truly lazy, as I'm sure the user could work with individually granted permissions. But they've hard-coded a profile name and they're not bothering to fix that. I would say that's unconscionable, particularly from a company that is charging a hefty fee to use their platform and an additional fee for the Salesforce integration. (Again, looking hard at you, Classy.)
Spoiler Alert: Not Even That Hard
So if we ignore Give Lively saying we can't use a free API integration user we just have to figure out the right permissions to grant that user and this is going to work. Fortunately the Give Lively app isn't hard coded to look for a full Salesforce license. (I'm pretty sure you could not have Give Lively log in as a Platform User license because those can't be granted access to Campaigns.)
Step 1: Build a Custom Permission Set
The Give Lively package installation (which I'm already assuming you've installed) comes with a couple of permission sets for granting users access to the fields from Give Lively. One is called "Give Lively Integration User" and is meant to be granted to an integration user. But since that one is limited to the license type Salesforce (a full license) instead of having nothing in that field, it won't be available to a free API user.
So we're going to have to make our own permission set. At the top of Give Lively's documentation they list the permissions you need to include in this set.
Make your new permission set. My name and description are only suggestions:
Name: Give Lively Integration Perms
Description: Additional permissions required for the GL integration user according to documentation at https://www.givelively.org/resources/salesforce-integration-set-up Allows GL to use a free integration user profile despite what their documentation says.
And include the following things within this permission set:
Permission Set Overview> Object Settings> Contacts
Grant access to any record types used in your org.
View All and Modify All
Edit access to the field give_lively__User_ID__c
Permission Set Overview> Object Settings> Campaigns
Grant access to any record types used in your org.
View All and Modify All
Edit access on all of the fields from the Give Lively package. I count six fields:
give_lively__Event_End_Date_Time__c
give_lively__Event_Start_Date_Time__c
give_lively__Campaign_Id__c
give_lively__Campaign_URL__c
give_lively__Event_Id__c
give_lively__Text_Code__c
Permission Set Overview> Object Settings> Opportunities
Grant access to any record types used in your org.
View All and Modify All
Edit access on all of the fields from the Give Lively package. I count 17 fields:
give_lively__Anonymous_to_Public__c
give_lively__Campaign_Id__c
give_lively__Client_Application_Name__c
give_lively__Donation_Id__c
give_lively__Event_Id__c
give_lively__Subscription_Id__c
give_lively__Net_Amount__c
give_lively__Page_Slug__c
give_lively__Page_Type__c
give_lively__Page_Url__c
give_lively__Payment_Platform_Transaction_Fee__c
give_lively__Referrer_Url__c
give_lively__Text_Code_Used__c
give_lively__Transaction_Fee_Covered_By_Donor__c
give_lively__Utm_Source__c
give_lively__Widget_Type__c
give_lively__Widget_Url__c
Permission Set Overview> Object Settings> Accounts
View All and Modify All
Permission Set Overview>System Permissions
View All Data
Modify All Data
API Enabled
Assign Permission Sets
Download AppExchange Packages
Manage Profiles and Permission Sets
Password Never Expires
Note: On the objects View All and Modify All may be overkill. And View All Data and Modify All data overall may also be overkill. I have not experimented. But based on Give Lively's instructions, I granted those to see if I could get it to work. (Since they kinda' expect that you'll use a full system administrator, I figured this wasn't much different.)
Step 2: Create the User, First as a Full User
Next you are going to create a user for your Give Lively to log in as, something like
First Name: Give Lively
Last Name: Integration
Set the email to somewhere you are going to be able to get the password creation message, though possibly not your email directly, it can be a group mailbox.
Give the user a full Salesforce license and, for the sake of simplicity right now, a System Administrator profile. [This is not required. You could create this user directly as an API Only if you wanted. I tend to create integrations as user as a full user first. By creating a full user it's nice and easy to ensure that I am able to log in as that user and that it has the permissions I expect. Then I change the user license, profile, and permission sets after I've got it set.]
Make sure you set Marketing User = TRUE.
Step 3: Set Up the New User Password
Get the password creation email and log in as Give Lively Integration. Make sure you know the password. (Consider saving it in a password manager or secure place your colleagues could access it, if needed in the future.)
Step 4: Log Out of Salesforce
Now make sure that you are fully logged out of Salesforce. If you are still logged in with a cookie, then the next step when you work in the back end of Give Lively may immediately log in as real you, not Give Lively Integration.
Step 5: Connect Give Lively To Salesforce
Log in to your Give Lively account and get to the place for setting up the integration. [According to this page, "click the 'Get Integrated' button and proceed through prompts."] When you log in, use the Give Lively Integration User—make sure not to log in as Real You!
When the login is successful you'll see buttons for applying the Give Lively permission sets to the user. Go ahead and do this. You'll also see a Sync Now button. Might as well test that!
In the Advanced Settings tab you can make choices about how you want Give Lively to deal with the data that goes to Salesforce. In particular, this is where you set the record type of opportunities it will create (you don't want it to just use the default record type for the profile it's logged in to—that might not be the right one) and the campaign (if any) that it will put those opportunities on.
Step 6: See The Data Flow to Salesforce
I now put a real donation into Give Lively to make sure that the data is flowing. If you're still testing Give Lively in your sandbox, they give you a fake credit card number you can use. But when testing the final setup I just make a donation of a few bucks to my client. Then I know it's really working in a real setting.
Log back into Salesforce as Real You. Then look for the contact that the donation was made under. You should see the opportunity in their related list. Check that everything looks right. In particular, check that the opportunity was created by the Give Lively Integration user.
Depending on your Give Lively settings, it might take a few minutes for the opportunity to sync. You can also speed things up with the Sync Now button in Give Lively.
Step 7: Modify the Salesforce User
If you've never created an API-only integration user before, you can use my instructions. But assuming you're in a position to set up one of those users, we're going to just modify the user we created in step 2. Edit the user:
Switch the User License to Salesforce Integration. When you make this switch you'll get a pop-up warning you that any assigned permission sets or permission set groups will be unassigned. That's OK. We're going to set things back right in a moment.
Set the profile to Minimum Access - API Only Integrations. [You could use Salesforce API Only Integrations if it shows up in your org. I don't think there's a functional difference.]
Make sure you leave Marketing User checked.
Now we've got a user that has access to basically nothing. So we have to assign permissions.
Grant this user the Permission Set License Salesforce API Integration. (This is a step you always need to do for an API integration license user, it's not specific to Give Lively.)
Now assign permission sets that grant access to the objects and fields the user will need. In this case, what really matters is your permission set Give Lively Integration Perms that was created in Step 1. But for convenience you can grant the other standard permission sets for users in your org. And for safety's sake, I've been granting Give Lively Additional Permissions that is installed by GiveLively. (Though I found out the hard way that this alone isn't enough for the integration to work, which is why we built our custom one.)
Step 8: Test Again in the Back End of Give Lively
Now that you've modified the user, I recommend going into the back end of Give Lively and confirming that it still validates. Note that the Apply Permission Sets button will not work for the integration user. This is OK, just ignore the red error.
Step 9: Send a Donation Through
I don't consider it fully reliable until I've put a real donation through using a real credit card. Within the sync timing, it should show up in Salesforce. Yay!
That's All!
By following this relatively simple set of instructions you've just integrated Give Lively to Salesforce using a free API Only integration user instead of a full user license. Give yourself a gold star! 🌟 You've just saved your organization $500/year!