Here’s a summary of what you need to know and how to prepare for the changes, which take effect Feb. 15, 2021.
1. Make the Switch to Salesforce SSO (User Authentication Changes)
Starting Feb. 15, all “Pardot-Only” customers must log in to the product using Salesforce SSO. This change requires Pardot and Salesforce admins to work together to connect all Pardot users to a Salesforce user.
What this means for system access: If you’re logging in to Pardot Classic via pi.pardot.com, you must enable Salesforce SSO. Pardot-Only customers won’t be able to log in with Pardot credentials after Feb. 15 until they update their authentication method to SSO.
If you haven’t yet implemented Salesforce SSO for your Pardot-Only users, please act now! To make this a smooth transition, we’ve provisioned 100 Salesforce identity user licenses to all Pardot customers’ Salesforce orgs.
Check out this screenshot for a visual representation of which authentication option is being impacted:
How can you tell if your users will be impacted?
Pardot-Only users are seeing this warning message when they log in:
If you’ve seen these warning messages but haven’t yet made the switch, you can quickly search for answers in our Pardot User Migration FAQ.
The Pardot User Migration Admin Guide outlines the implementation steps to take.
Interested in more info? Here’s a list of go-to resources about User Authentication changes. Many of these resources are developed by Salesforce-certified partners who specialize in Pardot.
- Guidance on recommended features
- London Users Group – recorded talk
Pardot-Only Identity Users — User-Side Activation, Enabling SSO, Best Practices: from Adam Langley at Invado; once implemented, this is the authentication experience for users that log in and out of multiple accounts
Videos for Select Customer Use Cases
We’ve recorded a few short videos that cover various customer configurations. These short videos may apply to some of your specific configurations and are supplementary to the resources shared above.
Below is a short explanation of how each video aligns to the customer use case:
- Connector Creation: if connector is not yet configured
- Create Identity User: if logging in to Pardot Classic at pi.pardot.com or pi.demo.pardot.com
- Mapping Users: manually if not using User Sync
- Importing Users: bulk updates if not using User Sync
- User Sync V1 (configured prior to Summer ’20) – Profile mapping
- Salesforce User Sync (configured Summer ’20 through today) – Profile mapping
2. Audit and Update Your Integrations (API Integrations / Connectors)
Pardot customers using integrations will need to audit their Pardot-Only users and begin updating their connector authentication methods. Starting Spring ‘21, integrations with Pardot-Only users will continue to function with controlled enforcement.
Controlled enforcement will turn off API access for a specified number of hours, slowly increasing on a set schedule over the next four months until June 15, when Pardot-Only access will no longer be available. As a result, you may notice that your integrations aren’t updating at normal frequency.
See the full integration schedule by referencing the “Pardot API” section of the User Migration FAQ.
You can also check the status of your integrations by clicking on the following link to download to your computer: Which integrations will have Salesforce OAuth by February 15th? (also access by clicking on the image below)
API integration resources: Third-party vendors
Many third-party software companies manage their own integrations with our API. We recommend that you reach out to them directly for updates regarding when their new authentication methods will become available if they’re not listed above. As there’s more than one way to update authentication methods, these companies will need to provide you with specific instructions for how to authenticate with the new OAuth method.
If your software vendor is looking for resources on how to make this change, they can reference our public API documentation, including our post on Setting up Salesforce OAuth for Pardot API authentication.
API integration resources: Registered Independent Software Vendors (ISV) and consulting partners
Registered Salesforce ISV and consulting partners also can tap into our partner community for exclusive resources, including Pardot Developer Org environments. I highly recommend the ISV Partner Basics Trailhead trail for vendors considering becoming a registered ISV partner.
The Spot for Pardot published a great series on these API changes with step-by-step visual instructions. These methods can vary depending on your vendor’s specific implementation approach. In this instance, the deep-dives for Apex or Code demonstrate a proof-of-concept for the type of development services provided by Sercante Labs. Your vendor will still need to supply you with proper documentation for their Pardot integration once they’ve updated authentication methods.
- Part 1: Preparing for SSO – Adam Erstelle Product Development Lead at Sercante
- Part 2: WordPress Pardot Plugin Edition – compliments of Kelly Michael Skelton at Fiber Optic
- Connecting to Pardot API from APEX
- Connecting to Pardot API from Code
There are various approaches to maintaining your marketing automation system, including making the changes yourself. However, if you want hands-on help, there are many Salesforce partners that would be happy to help.
When searching the AppExchange for consulting partners specializing in Pardot and Salesforce, look specifically for practices that show Pardot Consultant and Salesforce Admin certifications from the “Expertise” tab of their listing.
We hope the information and resources in this post help you take the steps you need to prepare for the Pardot spring ‘21 release.