In June, Salesforce announced that the way users work with the Pardot API will be changing and that on Feb 21, the existing auth for Pardot that is api key, user key will be completely deprecated for security reasons. All Pardot users then onwards, will need to use Salesforce SSO (single sign-on).
In conjunction to this, some services have started releasing their updates. Some updates are going to be made for the Users and Integrations that are in place with existing authentication mechanisms. Owing to the above change, organizations leveraging only Pardot will be getting some/free Identity User licenses that will allow them to use Salesforce SSO but for only accessing Pardot. More details on this has been shared in the Pardot User Migration Knowledge Article as well as in help documentation.
This article covers:
- How Pardot admins need to adjust to this change from an application level
- How you can authenticate to Pardot using Salesforce SSO
- Changes' impact in SAP Open Connectors.
Note that once SSO is enabled there is no rolling back to Pardot login and User Key API authentication.
Mapping Pardot user and Salesforce user
This article assumes you have a Pardot integration user who leverages Pardot APIs currently via SAP Open Connectors. This integration will continue to function until Feb 15th, 2021. However, if the CRM Username is assigned and Salesforce SSO is enabled, the SAP Open Connectors integration will stop working.
Enabling SSO with Pardot
In order to use SSO with Pardot, the Salesforce Organizations must be enabled with Pardot Business Units. To determine whether or not you need to enable Pardot Business Units, sign in to Salesforce, go to Setup and navigate to Pardot. If you cannot see Pardot set up, you probably don't have Business Units enabled.
Follow the steps in this article to enable Pardot Business Units. After enabling the units, follow these steps:
- Sign in to Salesforce and navigate to Setup > Users >New User
- Create a new Identity User
- Verify the account from the email sent by Salesforce and set your password.
- You will now be directed to the Salesforce App Launcher.
You have successfully created a Salesforce Identity User and now need to link an existing Pardot user to this Salesforce Identity user. Sign in to Pardot as an admin. If you do not have an admin account or if you want to create one new user for Integration, the below steps can be still followed:
Navigate to Pardot Settings.
- Click Users.
- Select the user you want to add and then click the Add User button.
In this example, the user Samrat SSO-Off can access Pardot without SSO until February 15, 2021.
- Select your user and click Edit. Find the CRM Username field and click on the sync button.
You will now see the new Salesforce new user that you just created and can link to the signed-in Pardot user.
- If you want to create a new integration-specific user to Pardot, you can do that now click adding a new user.
- Scroll down to follow the same step as mentioned earlier; Select your CRM Username. In our example, it is firstname.lastname@example.org. Select the role and save the user.
- The page shown below appears.
- You should receive an email from Salesforce for activation of the new account. Follow the instructions provided in the email. SSO is still disabled and has the CRM Username linked to it, so that once the SSO is enabled, the user can log in via Salesforce.
- Now activate the new user account.
- Once you activate the new account and set your password, the Salesforce Identity User (email@example.com in our example) and Pardot User ( firstname.lastname@example.org in our example) get mapped to each other.
- Verify that its working properly by navigating to https://pi.demo.pardot.com/user/login and signing in using SSO.
- Navigate to Settings > My profile. Copy the value in the API User Key field.
- Sign in to SAP Open Connectors, authenticate an instance of the Pardot connector using your new SSO credentials and Allow access when prompted.
Generating OAuth Creds
You can now create a connected application in Salesforce and generate an OAuth key and secret. Follow these steps:
- From within Salesforce, click the New Connected App button.
- In the app's window, enter the required fields, including the following:
• Select the Enable OAuth Settings box
• In the Callback URL field, enter https://auth.cloudelements.io/oauth
• In the Available OAuth Scopes menu, select Access Pardot services (pardot_api) and add it to the Selected OAuth Scopes menu
- Create the application, then copy the generated OAuth key and secret.
Changes in SAP Open Connectors
SAP Open Connectors has already made the necessary changes in our Pardot to accommodate the API Key deprecation. Any connector instances using the API key will continue to function until Pardot deprecates it; As per Salesforce, the currently planned deprecation date is February 15, 2021. At that point, SAP Open Connectors will also deprecate the API key authentication.