HomeBlogOur Salesforce Deployment Tools
Documentation
Use Metadata DeployerUse CPQ Deployer

Fixing Authorization Errors

Sometimes when connecting a salesforce organization for the first time, a couple of settings need to be tweaked such that Blue Canvas can function properly. Below you'll find a handful of things to check to get your branch up and running.

Connected Apps OAuth Settings

  1. From setup, enter "oauth" in the quick find box and then click "Connected Apps Oauth Usage"
  2. On the right, under "bluecanvas.io" click "Install". If it's already installed, click "Manage App Policies".
  3. Click "Edit Policies" and you should see a screen like this.



  • Ensure under "Permitted Users" you have "All users may self-authorize" selected.
  • Ensure under "IP Relaxation" you have "Relax IP Restrictions".
  • Then click "Save"

OAuth User-Agent Flows

  1. From setup, enter "oauth" in the quick find box and then click "OAuth and OpenID Connect Settings"
  2. Make sure "Allow OAuth User-Agent Flows" is "On"

Ensure Connected Profile Has Correct Permissions

  1. From the quick find box enter "profiles" and then click on "Profiles".
  2. Select the profile of the user you're trying to connect with. It's highly recommended you use a user with "System Administrator" privileges.
  3. Click "Edit".
  4. Ensure "Modify All Data" is checked
  5. Enusure "Modify Metadata Through Metadata API Functions" is checked
  6. Ensure "View Setup and Configuration" is checked
  7. Ensure "Customize Application" is checked

Even More Permissions

Checking the above permissions fixes the most common issues. If you're still experiencing authorization issues, please also check the following...

  1. Manage Profiles and Permission Sets
  2. View All Data
  3. View All Profiles
  4. View All Users
  5. Manage Connected Apps

Session Settings

  1. From the quick find box enter "Session Settings" and then click on "Session Settings"
  2. Ensure the "Timeout Value" is 2 hours or longer
  3. Ensure "Lock sessions to the IP address from which they originated" is unchecked
  4. Ensure "Lock sessions to the domain in which they were first used" is unchecked
  5. Ensure "Enforce login IP ranges on every request" is unchecked
  6. Finally, be sure to click "Save" at the very bottom of the page


Enable Einstein Bots

In some cases, users get the error message "INSUFFICIENT_ACCESS: EntityObject can not be initialized with null EntityInfo" in this case, after trying the steps above, you may need to enable Einstein Bots as described here: https://issues.salesforce.com/issue/a02Ka00000eNetu/


Identity Verification Settings

Without proper identity verification settings, you might encounter an error that looks like...

INSUFFICIENT_ACCESS: Requires Extra Verification

In order for Blue Canvas to sync properly, the following identity verification settings must be set to "None"

  • Reports and Dashboards
  • Manage Auth. Providers
  • Manage Data Export
  • Manage Permission Sets and Profiles
  • Manage Roles
  • Manage Sharing
  • Manage Users
  • View Health Check

Updated about 5 hours ago