Configure Salesforce Permissions for OnRamp Project Automation

Last updated: February 9, 2026

(Yes, This Is the Important Part — We’ll Keep It Painless)

For OnRamp to automatically create projects from Salesforce, it needs the right level of access.

This guide walks Salesforce admins through setting up a dedicated integration user with the permissions OnRamp needs to:

  • Connect securely to Salesforce via OAuth

  • Read the objects and fields used in automation

  • Publish OnRamp Project Automation workflows (Salesforce Flow + Outbound Message)

Once this is in place, workflow publishing becomes smooth and predictable — which is exactly what we want.

Before You Start

You’ll need:

  • A dedicated Salesforce integration user (strongly recommended)

  • Admin access in Salesforce to create and assign Permission Sets

  • The Salesforce integration enabled in OnRamp

A Quick (But Important) Callout

The integration user must:

  • Have a Full Salesforce license
    (Not Platform or Community)

  • Be able to complete an interactive login during OAuth authorization

If either of these isn’t true, the connection will fail — usually in confusing ways.

Step 1: Create (or Identify) the OnRamp Integration User

In Salesforce:

  • Create or select a dedicated user
    (Example: onramp.integration@yourcompany.com)

  • Assign a Full Salesforce license

  • Confirm the user isn’t restricted in a way that blocks OAuth login

Best practice:
Use a system-owned integration user — not a personal admin account — to avoid broken connections later.

Step 2: Create a Permission Set for OnRamp

Next, create a dedicated Permission Set (example: OnRamp Integration) and assign it to the integration user.

All required permissions should live here — not spread across profiles.

This makes auditing, troubleshooting, and future updates much easier.

Step 3: Configure Connection Permissions (OAuth)

These permissions allow OnRamp to authenticate with Salesforce and maintain a secure connection.

System Permissions

Enable the following:

  • API Enabled

  • Manage Connected Apps

  • Approve Uninstalled Connected Apps
    (Sometimes labeled: Approve access to connected apps that aren’t installed)

Without these, OAuth authentication will fail.

Step 4: Configure Permissions to Publish OnRamp Workflows

Publishing a Project Automation workflow means OnRamp creates supporting automation inside Salesforce (Flows + Outbound Messages).

To allow this, enable the permissions below.

Flow & Automation Permissions

  • Manage Flows

  • Run Flows

  • Enable System Mode Flow Activation

Setup & Metadata Permissions

  • View Setup and Configuration

  • Modify Metadata Through Metadata API Functions
    (May appear as ModifyMetadataThroughMetadataAPI)

Outbound Message Permissions

  • Send Outbound Messages

App Permissions

  • Customize Application

If any of these are missing, workflow publishing will fail — even if the connection itself succeeds.

Step 5: Configure Object & Field Access (Read-Only)

OnRamp needs read access to the Salesforce objects and fields used in your workflow:

  • Trigger conditions

  • Merge fields

  • Customer context

Grant Read Access To:

  • The primary object you’re automating from
    (Example: a custom Salesforce “Project” object)

  • Common related objects used in merge fields:

    • Account (minimum field: Name)

    • Contact (minimum fields: FirstName, LastName, Email)

If merge-field auto-mapping fails, double-check that the integration user has Read access to:

  • The lookup field

  • The related object’s fields

Step 6: Connect Salesforce in OnRamp

Now you’re ready to connect.

In OnRamp:

  1. Go to Settings → Integrations → Salesforce

  2. Click Connect (or Reconfigure Integration)

  3. Complete OAuth login as the Salesforce integration user

If permissions are set correctly, the connection will complete cleanly.

Step 7: Publish Your OnRamp Project Automation Workflow

Finally:

  1. Build your Project Automation workflow in OnRamp

  2. Click Publish

If publishing fails, verify the integration user includes all of the following:

  • Manage Flows

  • Run Flows

  • Enable System Mode Flow Activation

  • View Setup and Configuration

  • Customize Application

  • Modify Metadata Through Metadata API Functions

  • Send Outbound Messages

Most publishing errors trace back to a missing permission in this list.

Quick Checklist (Bookmark This)

Connection & Integration Access

  • API Enabled

  • Manage Connected Apps

  • Approve Uninstalled Connected Apps

Workflow Publishing

  • Manage Flows

  • Run Flows

  • Enable System Mode Flow Activation

  • View Setup and Configuration

  • Customize Application

  • Modify Metadata Through Metadata API Functions

  • Send Outbound Messages

Data Access

  • Read access to primary Project object

  • Read access to Account fields used

  • Read access to Contact fields used

Once this is complete, you’re officially ready for the good part:

Fully automated onboarding projects — launched directly from Salesforce. 🚀