How to make sure Pardot doesn’t break on 15th February 2021
On February 15th, Salesforce is discontinuing the use of Pardot only users and moving everyone to Salesforce Single Sign-on.
This means more than just which system and login credentials you use to get into Pardot. If you don’t know about the implications, read on and get a plan in place to make those changes sooner rather than later to minimise any problems that will occur.
What does this mean for you?
At the moment, you can either use Salesforce to log into Pardot or you can log into Pardot directly at pi.pardot.com.
If you are still going the pi.pardot.com route, you have these two choices. But the second choice is what will disappear and you will need to use your Salesforce login credentials to access Pardot.
The main reason for this is security.
As the relationship between Pardot and Salesforce gets tighter and tighter, this step enables admins to make use of Salesforce’s security measures which includes setting login hours, Pardot users adhering to company password policies etc.
Bear in mind, this doesn’t mean that the external application pi.pardot.com is being retired. It’s a different way of logging in and managing users.
What's the knock-on effect?
At the moment, there are two types of user…the Pardot-Only User and the Salesforce Connected User.
You can see which type of user they are by navigating to your list of users in Pardot and seeing if they are linked to a CRM username. If they are, they’re connected to Salesforce. If it’s blank, they are a Pardot only user.
But this change affects more than just how your users log in. Here are some of the key areas and what to do about it.
Pardot only users are free so for those people who don’t need a Salesforce license, this was ideal. But what about these users? What will happen to them and what if you don’t have enough Salesforce licenses? Salesforce are giving you 100 “identity” licenses to use in these scenarios. By assigning this identity license to the user, this will give the user access to only Pardot and nothing else in Salesforce but ensure they have Salesforce credentials to log in with. This doesn’t give the user access to the lightning app, just pi.pardot.com. It also ensures the admin can manage them the same way they do every other Salesforce user. These were given out in August '20 so they should be in your org already. If they aren’t, get onto your Salesforce AE to arrange these additional licenses.
Steps to take
Audit your current user base and give those Pardot only users a Salesforce login
Look into enabling Salesforce User Sync. This means all users and roles are mapped from Salesforce
For those users needing access to Pardot and only Pardot, assign them an identity license
Pardot Connector Version
Pardot uses a connector to Salesforce and the version of this connector is going to be important.
More and more features, not just SSO, require version 2 of the connector so if you’re on version 1, you should take the steps to upgrade.
This isn’t too tricky a task but there are some important things to have in the back of your mind before upgrading.
Steps To Take
Version 2 utilises the B2BMA connector user and not the old way of applying a permission set to an actual person as the connector user
Before changing this, ensure there are no processes or integrations that rely on the Connector User (v1) before you upgrade to version 2
This is the biggy. The not-so-best-issue until last! Currently, if you’re using third-party applications to integrate to Pardot via the API, you will need to integrate this via Salesforce and Connected Apps. This will break if you don’t do it! Each user in Pardot is given a specific API user key. This user key would be used to form the basis of that API integration. With the move to SSO, you will now be leveraging Salesforce Connected Apps and OAuth to authenticate to the Pardot API. This again gives admins more control over their API integrations. It’s not just a different way of integrating, it’s also a different method too. Instead of using a user key, OAuth will be the method of access and integration.
Steps to take
Audit your third-party integrations with Pardot.
If it was an external plugin, check with the developer to see if they have a plan. Pardot will be upgrading some plugins, such as WordPress, but don’t assume all developers have an answer.
Work with your admin or a developer to ensure you are creating connected apps for these integrations and the setup is correct
Use these Identity licenses for these integrations, making it easier to see which user license the integration is tied to. For example, if you’re using Zapier, call a user Zapier and assign it the identity license. This way, you have a login specific for each application. Easier to troubleshoot if there are any issues.
This can seem a bit daunting and hopefully I’ve given you some guidance on how to mitigate this change. You can find more information here from Salesforce.
Alternatively, if you do need help in mitigating this change then get in touch and we can help you navigate the challenges.