Articles
Salesforce Compliance: Crafting a Data Recovery Plan to Safeguard Your...
Event
2024 Predictions from Salesforce Marketing Champions (Session 1)
Podcast
Lorem ispum dolor sit amet. Lorem ispum dolor sit amet. Lorem ispum dolor sit amet.
Articles
Salesforce Compliance: Crafting a Data Recovery Plan to Safeguard Your...
Event
2024 Predictions from Salesforce Marketing Champions (Session 1)
Podcast
Lorem ispum dolor sit amet. Lorem ispum dolor sit amet. Lorem ispum dolor sit amet.
Marketers

How to Set up Salesforce Identity Licenses for Pardot – Trick to Save Admin Headaches

By Tom Ryan

February 09, 2021

Pardot’s user authentication (Pardot-only logins) will be discontinued as part of the Spring ’21 release. All users logging into Pardot will be required to use Salesforce single sign-on (SSO).

To make the transition smoother, Salesforce provisioned 100 identity user licenses for customers to patch up the gaps where any Pardot users don’t have Salesforce licenses.

We’ve been helping our clients get prepared for the changes and found there’s a trick to how you can structure your Salesforce Identity Licenses to save confusion down the line.

  • Every user that needs to access Pardot must have a Salesforce license.
  • If a user does not have a Salesforce license, you will need to create a Salesforce user record with an ‘Identity’ user license type (selecting a profile is mandatory, which we will revisit later):

  • With Salesforce user sync, every Salesforce profile is mapped to a Pardot user role (eg. Administrator, Marketing Sales Manager, Sales). The Pardot user record inherits the user role defined for their Salesforce profile (eg. all ‘Standard users’ could be assigned the ‘Sales’ user role for Pardot).

By default, there is only one Salesforce profile for ‘Identity User’. As Salesforce profiles and Pardot user roles are mapped one-to-one, you can find yourself facing limitations. What if you had 10 users requiring identity user licenses, however, 4 need the user role ‘Marketing’ and the rest ‘Sales’. How can you tell Pardot user sync to treat these users differently?

This can be solved by cloning the ‘Identity User’ profile in Salesforce 4 times, naming them ‘Identity – Admin’, ‘Identity – Marketing’, ‘Identity – Sales Manager’, ‘Identity – Sales’.

When mapping profiles during Pardot user sync setup, with 4 separate Salesforce profiles, you can define which level of Pardot access each should have without risking any cross-over.

Overall, this is a great way to make your account permissions set up clearer so both your team, consultants, and your future self, will thank you.

The Author

Tom Ryan

Tom is a certified Pardot Consultant and the Founder of MarCloud Consulting

More like this:

Leave a Reply

Comments:

    BIDTravel
    June 03, 2021 3:06 pm
    Identity profile can be cloned, you can have sales users, admins... Then within the connector settings, specify the access for each profile. This is what I love of Salesforce, there is always a workaround for every need :)
    Reply
    Glenn Nyhan
    January 24, 2022 5:02 pm
    Hi Tom, I found this article to be very helpful but I'm still having an issue with getting the user connected in Pardot. Does the Identity user need the additional permissions to be assigned in Salesforce that an SSO user would normally need? Thanks for any help, Glenn
    Reply
    Terri
    June 27, 2022 2:22 pm
    I am wondering if you found an answer to the above question? I am currently having the same issue.
    Reply
    StuckWithPardot
    July 29, 2022 10:05 pm
    This only half works, After setting these up and then attaching them to Pardot users when the new users go to login to pardot this is the message "Your Salesforce login isn't connected to a Pardot user. Ask your Pardot admin for help." ... now what?
    Reply
    Latha R
    December 08, 2022 4:58 am
    It is still not working. Anyone found the solution. please advice
    Reply
    Brian C
    March 29, 2023 8:18 pm
    We use an app for Time & Expense logging that uses Salesforce Platform licenses (and needs access to Contact object). I've given the AE perm set and perm set license to the user, but it doesn't look like it's working (no option for AE app in LEX). Do I need to create a second login for this user with an Identity license? (That would seem excessive and would likely cause issues with SSO with Azure AD).
    Reply
    Brian C
    March 31, 2023 8:26 pm
    Not working completely. They can access the app, but the 6 dot loading symbol just keeps spinning with no explanation.
    Reply
    Julian J
    March 20, 2024 2:42 pm
    Identity (Pardot only) users not being able to create campaigns seems like a major oversite, unless I'm missing something
    Reply