Overview
This article describes what is required in your Salesforce org to connect it to Opensense. The permissions and configuration your org needs depend on which features of the integration you are using. Your Opensense implementation team will handle the configuration once your requirements are confirmed.
Salesforce integration is available on select Opensense plans. Contact your account manager to confirm your plan includes CRM connectivity.
Before you start
You'll need:
A Salesforce admin account
Your Salesforce Instance URL (for example, https://yourcompany.my.salesforce.com)
The admin email address associated with your Salesforce account
API access enabled on your Salesforce org
Your Instance URL can be found in Salesforce under your profile menu. In Lightning Experience, click your avatar and select View Profile. Use the *.salesforce.com version of the URL, not *.lightning.force.com.
What you can use this integration for
The Opensense Salesforce integration supports three independent use cases. You can use one, two, or all three depending on your organization's needs.
Recipient-based banner targeting
Opensense queries your Salesforce CRM data to determine which banner campaign content to serve on outbound emails. Banners can be targeted based on the recipient's contact, account, lead, or opportunity attributes. This is the most common use case for the Salesforce integration.
Salesforce email signatures
For teams sending email directly from Salesforce, Opensense can apply centrally managed signatures to those emails. Opensense pushes a Plain Text Block (PTP) to each user's native Salesforce email signature field, then processes outbound emails through its relay to apply the full signature before delivery.
User directory sync
Opensense can pull your Salesforce user records as the source of truth for sender signature fields -- name, title, phone, department, and similar data. This is useful for organizations that manage employee data primarily in Salesforce rather than in a directory like Microsoft 365 or Google Workspace.
Required for all customers: AppExchange installation
Regardless of which features you are using, the Opensense managed package must be installed in your Salesforce org from the AppExchange. Your implementation team will provide the listing link. Once installed, the connected app must be configured so that all user profiles have access.
The integration natively will be installed in your production Salesforce org.
If a sandbox configuration is required, ensure that information is provided to Opensense during implementation.
After installation, your Salesforce admin will need access to the following setup areas to complete configuration:
Connected Apps / Manage Connected Apps -- to authorize the Opensense app and assign profiles
Permissions by use case
The object and field permissions required depend on which features of the integration your organization is using. Review the sections that apply to you.
Recipient-based banner targeting
Opensense needs read access on the Salesforce objects it will query for targeting. At minimum, the integration requires read access on the objects your banner campaigns will target:
Contact -- contact-level recipient targeting
Lead -- lead-level recipient targeting
Account -- account-level ABM targeting
Opportunity -- deal stage targeting
This access is read-only. Opensense does not create, update, or delete CRM records.
For guidance on finding the specific Salesforce field API names to use for targeting, see Query Salesforce Data for Personalized Email Signatures with Opensense.
Salesforce email signatures
For organizations applying Opensense signatures to emails sent from Salesforce, two additional configuration areas are required in Salesforce Setup:
Email Delivery Settings -- to configure email relay routing through Opensense
Deliverability settings -- to update email delivery configuration to allow relay processing
Opensense also requires read and edit access on the User object, specifically write permission on the native Email Signature field. This is how Opensense pushes the Plain Text Block to each user's Salesforce signature, ensuring only the Opensense-managed signature is in use.
Write access on the User Email Signature field is the only place in the Opensense integration where data is written to your Salesforce org. All other access is read-only.
User directory sync
Opensense requires read access on the User object and field-level read access on the following fields to sync sender data:
First Name, Last Name, Email
Title, Department, Company Name
Phone, Mobile Phone
This access is read-only. By default, Opensense syncs active users only. Your Opensense admin can enable inactive user sync in domain settings if needed.
Field-level security applies across all objects. If the admin account used for the integration does not have visibility on a specific field, Opensense will return a blank value for that field even if object-level read access is granted.