# Legacy Integration Guide

## How it works

The connection is established through a secure, one-time authorization process using Salesforce's standard OAuth 2.0 protocol. The setup involves these key steps:

1. **Create an Integration User**: You will need to provision a dedicated integration user in Salesforce for Kernel.
2. **Assign permission set**: Assign a permission set that provides Kernel with the outlined[Salesforce integration](/integrations/salesforce-integration.md#data-permissions). Kernel's Solutions Engineering will guide you on what is the minimal scope required that allows full functionality.
3. **Authorize Access**: Using this user, Kernel will authorize Kernel's Connected App. This provides Kernel with a secure token to access Salesforce.

<figure><img src="/files/bgD7pG93XQViaLKlpSqD" alt=""><figcaption></figcaption></figure>

### Data fields

Depending on your configuration, Kernel either (a) provides a flat file that specifies new custom fields you will need to create in your Salesforce Account object, or (b) an unlocked package your Salesforce admin can easily inspect and install.

Kernel will only write data into these specific fields, ensuring your existing data is not altered.

### Data permissions

To perform its analysis, Kernel requires read access to data in several standard objects. Write access is limited only to the custom fields created for Kernel.

| Object            | Read                     | View-All                 | Edit              |
| ----------------- | ------------------------ | ------------------------ | ----------------- |
| Account           | ✓ (All or select fields) | ✓ (All or select fields) | ✓ (Kernel fields) |
| Lead\*            | ✓ (All or select fields) | ✓ (All or select fields) | ✓ (Kernel fields) |
| Contact           | ✓ (All or select fields) | ✓ (All or select fields) | <p><br></p>       |
| Opportunity       | ✓ (All or select fields) | ✓ (All or select fields) | <p><br></p>       |
| **Task/Activity** | ✓ (All or select fields) | ✓ (All or select fields) | <p><br></p>       |
| SystemUser        | ✓ (Limited fields)       |                          |                   |

{% hint style="danger" %}
The integration user is not used to merge accounts. Merging accounts required Modify All access to Accounts and all associated objects. Users authorize access in Kernel's UI to complete merging actions.
{% endhint %}

## FAQ

### API Usage and Efficiency

Kernel is designed to be efficient with your Salesforce API quota. We use the Bulk API to update records in large batches, which significantly reduces the number of API calls required.

When writing data, Kernel uses the Bulk API ([link](https://developer.salesforce.com/docs/atlas.en-us.api_asynch.meta/api_asynch/asynch_api_intro.htm)) to minimize API quota consumption by updating up to 500 records at a time. For an organization with 100,000 accounts, this typically equates to only 200 API calls.

### How does Kernel authenticate?

Kernel connects through a Salesforce Connected App using the standard OAuth 2.0 Authorization-Code + Refresh Token flow. After a one‑time user authorization via the provisioned integration user, Kernel receives a long‑lived refresh token and exchanges it for short‑lived access tokens (≤15 min)

### Does Kernel need a separate UI (browser) user?

No.

### How do I revoke Kernel’s access?

To revoke Kernel’s access, you can deactivate the Kernel integration user.

### Is data encrypted in transit and at rest?

Yes. OAuth uses TLS 1.2+ for transport. Kernel stores any necessary credentials in a secrets manager.

### How do we avoid row locks?

To avoid row locks, we recommend designating specific windows of time for updating accounts in your CRM, such as nights or weekends.

\
\ <br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.kernel.ai/integrations/salesforce-integration/legacy-integration-guide.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.