User licensing is the first layer of your sharing architecture along with the org edition, but the org edition does not have a huge focus in the CTA scenario. User licensing enables specific core platform baseline features for your users. Every user has exactly one user license. Add-on licensing types such as permission set licenses and feature licenses can also be leveraged but they depend on core functionality being available through user licensing for the user.
There are various types of User Licenses offered by Salesforce and are classified into the following types. Please refer to more details on the user licenses in the Salesforce help documentation links below:
For the CTA it is important to keep the user licensing classification simple. We will be looking and Internal and External User Licenses based on features and object access below.
Internal User Licenses
Internal User login through login.salesforce.com or My Domain login URL to access salesforce through the lightning experience or Salesforce classic. Internal users can also access Experience Cloud sites through their salesforce login.
Employees and non-employees who require access to a company's internal systems need internal licenses. This includes not only full-time employees but also external professionals such as consultants, accountants, and lawyers who work for other companies but need access to the company’s information. The key point is that these users, whether employees or external professionals are granted similar access rights and privileges, reflecting the company's approach to treating them as internal members with broad data and permission access.
The below table gives a good overview of internal licenses by functionality and generalized use cases. This table is a good starter for matching the right license type to internal user personas.
Salesforce - Sales Cloud | Salesforce - Service Cloud | Platform | |
Purpose | Sales Cloud is used to operationalize the Sales process in an organization with entities such as leads, contacts, accounts, opportunities and quotes. | Service cloud operationalizes the customer support process with cases, call center, knowledge and entitlements etc. | For users that just need access to custom apps. Do not get access to key entities such as Opportunities, Entitlements, Quotes etc. |
Accounts/Contacts | Yes | Yes | Yes |
Opportunities/Forecasting/Quotes | Yes | No | Yes |
Products and Assets | |||
Territory Mgmt | Yes | No | No |
Lead Mgmt/Campaigns | Yes | No | No |
Basic Case Mgmt | Yes | Yes | No |
Advanced Case Mgmt (Auto-Reponse Emails, Assignment Rules, Email-to-Case) | No | Yes | No |
Omnichannel Routing | No | Yes | No |
Entitlements | No | Yes | No |
Reports and Dashboards | Yes | Yes | Yes |
Tasks, Activities and Events | Yes | Yes | No |
Salesforce Files | Yes | Yes | Yes |
Chatter | Yes | Yes | Yes |
External User Licenses
External licenses provide access to CRM data for end customers, prospects, partners, brokers, dealers, and other external stakeholders. Common use cases include partner portals, self-service forums, customer help centers, and broker or dealer portals. External license users can only access the specific Experience Cloud sites they are members of and cannot access the internal Lightning Experience or Salesforce Classic.
Use external licenses for anyone outside your company when you need to limit data access, enforce privacy and security controls, provide restricted permissions (such as preventing user management or broad data modifications), and restrict access to a specific subset of information within your organization.
The below table gives a basic overview of the features/functionality that are offered by the main classifications of the external license types. This can be used as a starter for matching the right license type for your external users.
Partner Community | Customer Community | Customer Community Plus | |
Purpose | Business-to-business experiences with access to sales data such as opportunities and PRM. Can't be used with person accounts. | Business-to-consumer experiences with large numbers of external users with access to cases and knowledge. Works with Person Accounts. | Business-to-consumer experiences with external users who need access to reports and dashboards and standard sharing. |
Accounts/Contacts | Yes | Yes | Yes |
Opportunities/Forecasts/Quotes | Yes | No | No |
Leads & Campaigns | Yes | No | No |
Contracts | Yes | Yes | Yes |
Products & Pricebooks | Yes | Yes | Yes |
Reports and Dashboards | Yes | No | Yes |
Tasks, Activities and Events | Yes | Yes | Yes |
Salesforce Files | Yes | Yes (No Content Libraries) | Yes |
Chatter | Yes | Yes | Yes |
Salesforce Mobile App | Yes | Yes | Yes |
Custom Objects | 100 | 10 | 10 |
Roles and Standard Sharing | Yes | No | Yes |
Territory Mgmt | Yes | No | Yes |
Service Appt | Yes | Yes | Yes |
Considerations
Internal licenses are designed for employees or consultants needing broad access to company data, while external licenses are intended for external users with added security and restricted access. Using the correct license type—internal for internal users and external for external users—is the best practice to ensure appropriate data access and security.
The project overview section mostly identifies the personas and their type (Internal vs External). To identify the license types for the personas key attention needs to be paid to the business process requirements, accessibility and visibility requirements and reporting requirements. Specifically the objects they need access to (Custom or Standard), and what types of standard objects and standard functionality the persona needs access to. Based on their type (Internal vs External), objects they need access to, and key core functionality (Sales Process, Entitlements etc).
Conclusion
Assigning the right license types for your users is key to having a thorough solution and will aid in the business process requirements, access and visibility and data modelling part of your solution. Considerations for assigning the right license involve the identification of user type (internal vs external), object access required (identified in the business process and access and visibility requirements), and key core functionality they perform.
In the next blog, we will discuss common SSO Flows and login mechanisms used by internal and external users.
Resources
The following sources were leveraged to compile this article.
Comments