For simplicity, we recommend that the user connecting to Salesforce be given the following permissions:
API Enabled — Allows access to any Salesforce API.
Lead: View All, Modify All — Create, edit, and delete all lead data, regardless of sharing settings.
Contact: View All, Modify All — Create, edit, and delete all contact data, regardless of sharing settings.
Account: View All, Modify All — Create, edit, and delete all account data, regardless of sharing settings.
Opportunity: View All, Modify All — Create, edit, and delete all opportunity data, regardless of sharing settings. If not possible, Read access on all opportunity data is the minimum required to train models.
Campaign: Read all data. Used to feed into the models.
CampaignMember: Read all data. Used to feed into the models.
Task: Read all data. Used to feed into the models.
[Username/Password only] API Only User — Restricts the user to Salesforce API access only (no UI login).
[Username/Password only] Password Never Expires — Prevents the user's password from expiring.
To enable
Opportunity Field History: Requires Field History Tracking to be enabled on the Opportunity object in Salesforce Setup. Used to identify at-risk opportunities.
Note: the following are automatically accessible with Read on Lead / Contact
Lead History
Contact History
Opportunity History
If you prefer more fine-grained settings, You may restrict permissions to:
Required Salesforce permissions for the HG Insights User
API Enabled - Access any Salesforce.com API
Lead/Contact/Account/Opportunity: Read all data, modify the HG Insights fields.
Lead/Contact : Create (see: HG Insights’s contact discovery)
All other above fields: Read all data.
Namely: Opportunity History/Lead History/Contact History/Campaigns/CampaignMembers/Task
Opportunity Field History: Read all data (if you are expecting to identify at risk opportunities with HG Insights)
[Username/Password only] Api Only User - Access Salesforce.com only through a Salesforce.com API.
[Username/Password only] Password Never Expires - Prevent the user’s password from expiring.
Where do I check these permissions?
Salesforce supports two ways to assign permissions. Permission Sets are the current recommended approach and should be used for new setups. Profiles are still supported but are being deprecated in favor of Permission Sets.
Checking via Permission Sets (recommended)
Go to Setup → Permission Sets.
Open the Permission Set assigned to the HG Insights integration user.
Click System Permissions to verify API Enabled, API Only User, and Password Never Expires.
Click Object Settings to verify object-level permissions (Read, Create, View All, Modify All) per object.
Checking via Profiles (legacy)
Go to Setup → Users, then click the Profile of the integration user.
Scroll to the System Permissions section and confirm API Enabled (and API Only User / Password Never Expires if applicable).
Scroll to the Standard Object Permissions section to verify object-level settings.
To find out whether or not your user has those permissions,
This user is used for the following
read data from Salesforce (leads, contacts, accounts, opportunities, users and changes)
create data in Salesforce (leads, contacts) from HG Insights Sales Copilot (see Contact Discovery)
update information in Salesforce
FAQ
Can I restrict what fields you can access on Lead/Contact/Account?
Yes. If your Contact/Lead/Account contains HR data, or anything you would like to restrict access to, you can restrict access to only the "relevant" fields on those objects. In this scenario, please contact your Customer Success Manager to decide what fields to give access to.
Does HG Insights ever creates records in Salesforce?
Yes. HG Insights creates new leads or contacts when a Sales user clicks on "add to salesforce" button in HG Insights Sales Copilot. It can be done from the Users widget in Copilot when records are showing up from your other systems and are not yet in Salesforce or from the Contact Discovery widget in Copilot, allowing our users to find additional contacts in accounts they research. For more information, please go check our integrations with Apollo , ZoomInfo or Cognism
HG Insights needs the ability to write in the following Lead / Contact fields:
LastName
Title (if available)
Phone (if available)
LeadSource = HG Insights
AccountId (for Contact object)
Company (for Lead object)
Does HG Insights ever deletes records in Salesforce?
No, HG Insights does not delete recrods from your Salesforce instance
How do I make sure HG Insights’s updates run smoothly? Validation Rules, Triggers & Automations checks
Exclude the “MK Integration” profile from any validation rule that blocks record updates.
Review flows/process builders that fire on MK field changes—avoid infinite loops.
Monitor Apex & Bulk update errors in Setup → Integration Logs.