Understand the access Unito needs within your tool(s) to enable each integration to sync properly.
In this article:
- Permissions for Unito integrations
Unito requires appropriate permissions within your connected tools in order to sync work items. While most apps or tools have a straightforward authorization process in Unito, some need special attention to ensure your flows sync smoothly.
Here are these permissions, outlined for each tool.
What are OAuth Scopes? Open Authorization (OAuth) allows Unito to securely access specific data within your tools. During integration setup, you'll grant OAuth scopes to define the level of access required for effective syncing.
Regarding data security and privacy, rest assured Unito is SOC 2 Type 2 certified and all information is encrypted.
Trello permissions
The user account selected in your flow must be a member of the Trello Board you want to sync:
OAuth Scopes for Unito's Trello integration
Jira permissions
In order to sync your Jira projects, you'll need a mix of global and project-specific permissions, from login permissions to issue and comment permissions. You can find the full list of user permissions here.
Note that you need administrator permissions to connect your Jira account to Unito. Once the account is connected, you only need project-level admin permissions to create a flow.
If you get stuck on setting up permissions schemes in Jira, you can find a guide here.
OAuth Scopes for Unito's Jira integration
GitHub permissions
You need to both be a member of the organization that owns the repository you want to sync and a collaborator (which is different from a contributor). If your organization has enabled third-party application restrictions, you'll need to follow this step-by-step guide for approving third-party apps in GitHub.
In addition, we need the repository permission that includes “repository webhooks for public and private repositories” to create webhooks. We do not require the admin:repo_hook permission. You can get more information about these permissions here.
Most importantly, Unito will never ask for, or require access to, any code you have stored on GitHub.
Note: We can't sync a repository if it was forked from another repository.
OAuth Scopes for Unito's GitHub integration
GitLab permissions
The GitLab account you use with Unito needs to be a member of the organization that owns the repository that you want to sync. You'll also need push — or read/write — access.
We use webhooks to improve workflow performance. To create those webhooks, the GitLab account you use with Unito must have Maintainer or Owner-level permissions. That's because we need the Configure project hooks permission. Learn more about GitLab user permissions.
Bitbucket permissions
Just like GitLab and GitHub, your account needs to be part of the organization that owns the repositories you need to sync and you'll need push access. Beyond that, you'll also need the issue tracker enabled on the repository, which is disabled by default.
Asana permissions
Your account needs to be a full member of your organization, not a guest. Then, make sure the account is part of the Asana team that owns the project you want to sync.
OAuth Scopes for Unito's Asana integration
monday.com permissions
No special permissions required!
OAuth Scopes for Unito's monday.com integration
| Function | Permissions Required |
|---|---|
| Read your basic personal details | me:read |
| Read board data | boards:read |
| Modify board data | boards:write |
| Access data about your account's users | users:read |
| Read updates data | updates:read |
| Modify updates data | updates:write |
| Read teams data | teams:read |
| Access information about your account | account:read |
ClickUp permissions
Just connect your account and you're ready to go.
Basecamp permissions
Being a member of the Basecamp workspace that needs syncing should be enough. No special permissions required!
Wrike permissions
Make sure the project or folder is shared with the account you're using for your workflows. Also, because all projects and folders in Wrike are private by default, the ones you want to sync need to be shared with the account used to sync them.
Zendesk permissions
Confirm that your Zendesk account has admin privileges. We need this in order to search for certain endpoints and create webhooks.
OAuth Scopes for Unito's Zendesk integration
|
'crm.objects.contacts.read',
'crm.objects.contacts.write',
'crm.schemas.contacts.read',
'crm.objects.deals.read',
'crm.objects.deals.write',
'crm.schemas.deals.read',
'crm.objects.companies.read',
'crm.objects.companies.write',
'crm.schemas.companies.read',
'crm.objects.owners.read',
'crm.objects.line_items.write',
'crm.objects.line_items.read',
'tickets',
|
HubSpot permissions
Only a HubSpot Super Admin can connect your account to Unito and create flows to sync tasks, tickets or deals.
OAuth scopes for Unito's HubSpot integration
| OAuth Scope | Definition |
|---|---|
|
crm.settings.properties.write |
Enables Unito to edit the settings of properties in your HubSpot CRM. This includes changing the name, description, group name, field type, options for dropdown fields, and other settings related to properties. |
| crm.objects.contacts.read | Allows Unito to read or retrieve contact information from your HubSpot CRM. |
| crm.objects.contacts.write | Enables Unito to create, update, or delete contact information in your HubSpot CRM. |
| crm.schemas.contacts.read | Gives Unito permission to read the structure or schema of your contact data in HubSpot. This includes information about what fields are available for contacts and their data types. |
| crm.objects.deals.read | Allows Unito to read or retrieve deal information from your HubSpot CRM. |
| crm.objects.deals.write | Enables Unito to create, update, or delete deal information in your HubSpot CRM. |
| crm.schemas.deals.read | Gives Unito permission to read the structure or schema of your deal data in HubSpot. This includes information about what fields are available for deals and their data types. |
| crm.objects.companies.read | Allows Unito to read or retrieve company information from your HubSpot CRM. |
| crm.objects.companies.write | Enables Unito to create, update, or delete company information in your HubSpot CRM. |
| crm.schemas.companies.read | Gives Unito permission to read the structure or schema of your company data in HubSpot. This includes information about what fields are available for companies and their data types. |
| crm.objects.owners.read | Allows Unito to read or retrieve owner information from your HubSpot CRM. |
| crm.objects.line_items.write | Enables Unito to create, update, or delete line item information in your HubSpot CRM. Line items typically represent individual products or services in a deal. |
| crm.objects.line_items.read | Allows Unito to read or retrieve line item information from your HubSpot CRM. |
| tickets | Gives Unito permission to read, write, and delete tickets in your HubSpot Service Hub. Tickets represent customer service issues or tasks. |
| Contacts | Provides access to Contact, Companies, Deals, Properties, Engagements, and Owners endpoints. |
Salesforce permissions
Salesforce's granular permissions model means users must have edit rights on a field to include it in a Unito flow. Additionally, your Salesforce plan must support API access.
Custom Fields in Salesforce: Unito can only access custom fields that are available to the specific user connecting the integration.
ServiceNow permissions
Users require full access to read, write, create, and delete permissions on the specific tables you want Unito to sync in ServiceNow.
You'll also need at least read access to the sys_journal_field table in order to sync work notes.
Who Typically Holds These Permissions?
- System Administrators ('admin' role): Admins have wide-ranging control over ServiceNow instances, including managing tables and their permissions.
- Users with Tailored Roles: ServiceNow allows role creation and customization. It's possible to specifically grant the necessary 'read, write, create, delete' permissions to a role for tables targeted by Unito syncs.
How to Verify and Manage Permissions
This process might require the assistance of a ServiceNow administrator:
- Table Access Control Lists (ACLs): Each table in ServiceNow has ACLs specifying the actions (read, write, etc.) allowed for different roles.
- Roles: Check roles assigned to the user intending to use Unito. Ensure the role has the needed ACLs on relevant tables.
Smartsheet permissions
Add your Smartsheet account to Unito and you'll be ready to sync your Sheets. No additional permissions needed.
Required OAuth Scopes for Unito's Smartsheet integration
| SCOPE | This scope gives Unito permission to: |
| CREATE_SHEETS | Create new sheets in your Smartsheet account. |
| ADMIN_WEBHOOKS | Create, delete, and update webhooks, get information on all webhooks, and reset shared secrets. Webhooks are used to notify Unito when there are changes in your Smartsheet data. |
| READ_CONTACTS | Read or retrieve contact information from your Smartsheet account. |
| READ_SHEETS | Read all sheet data, including attachments, discussions, and cell data. This is necessary for Unito to sync this data. |
| READ_USERS | Retrieve user and group information from your Smartsheet organization account. |
| WRITE_SHEETS | Insert and modify sheet data, including attachments, discussions, and cell data. This is necessary for Unito to make updates to your Smartsheet data based on changes in other synced tools. |
| DELETE_SHEETS | Delete sheets in your Smartsheet account. |
Slack permissions
Add your Slack account to Unito and you'll be ready to sync your conversations. No additional permissions needed.
OAuth Scopes for Unito's Slack integration
| SCOPE | This scope gives Unito permission to: | |
| channels:history | View messages and other content in public channels that your Slack app has been added to. | |
| channels:join | Join public channels in a workspace | |
| channels:manage | Manage public channels that your Slack app has been added to and create new ones. | |
| channels:read | View basic information about public channels in a workspace | |
| chat:write | Manage a user's public channels and create new ones on a user's behalf | |
| users:read | View people in a workspace | |
| users:read.email | View email addresses of people in a workspace |
Google Sheets permissions
During the authorization process, you'll need to give Unito access to your Google account so your flow can see and edit your sheets.
OAuth scopes for Unito's Google Sheets integration
| SCOPE | Type of Data | This scope gives Unito permission to: |
| Read & Write | Metadata | Access to the user's file metadata, excluding downloadUrl and thumbnail. |
| Sheets | Allows read/write access to the user's sheets and their properties. | |
| Read | Email address | View your email address. |
| Profile | See your personal info, including any personal info you've made publicly available |
Notion permissions
During the authorization process, you'll need to select the pages or databases you want to give Unito access to — along with its children.
OAuth scopes for Unito's Notion integration
| SCOPE | Type of Data | This scope gives Unito permission to: |
| Read & Write | Pages (view and edit) | View and edit pages you select in the next step. You can also share pages later with Unito via the Share menu. |
| Pages (create new) | Add new pages/databases inside pages it has access to. | |
| Read | Email address | View all workspace members and guests and their email addresses. |
Google Contacts permissions
When you first connect your Google Contacts account to Unito, you might notice that Unito needs permission to permanently delete contacts. This permission is a requirement for this integration to work, but Unito never deletes your data.
In fact, we have a very strict policy regarding content deletion. You can find the full policy here, but the essence of it is Unito will never delete data on the platform it originates from.
Say you sync your Google Contacts to Trello, where they become new Trello cards. If you delete, close, or archive a Trello card synced to a Google contact, the original contact will never be deleted. So even if Unito needs this permission to work properly, we will never delete your contacts.
Intercom permissions
To use Unito, make sure your Intercom account has "Can install, configure and delete apps" access turned on. You can find this under the Apps and integrations section of your user permissions.
Teamwork permissions
In order to properly sync tasks, Unito users need to be a Client User in Teamwork and not just a Collaborator.
Beyond that, Unito only needs special permissions if you want to create Teamwork projects directly from Unito. To do this, you must have administrator permissions in Teamwork or permission to add projects. If you don't have these permissions, reach out to someone who has administrator permissions.
Microsoft Excel permissions
Unito needs Read & Write permissions to sync rows from an Excel spreadsheet.
Microsoft Outlook permissions
To successfully sync Outlook calendar events or contacts using Unito, you'll need:
- An active Microsoft 365 license: This is required to access and use the Outlook features within your Microsoft 365 suite.
- Global Administrator role: This role is necessary for permissions that affect a broad range of users or require organization-wide access, such as
User.Read.AllandContacts.ReadWrite. - Exchange Administrator role: This role grants specific permissions related to email and calendar access, including
Mail.Read,Calendars.ReadWrite, andMailboxSettings.Read.
If you encounter any difficulties syncing events or contacts, double-check that these permissions are correctly assigned to the user account connected to Unito.
Unito needs Read and Write permissions to sync Outlook events. You'll also need an account with admin permissions to use Unito's Outlook integration.
Facebook Ads Manager permissions
Unito requires the 'read_ads' permission to access and sync your ad campaign data.
Roles with "read_ads" Permission by Default:
- Advertiser: A role specifically focused on being able to view ad performance and reporting.
- Analyst: Has broad access to view advertising insights.
- Admin: Has full control of the Ads Manager account, including all ad-related permissions.
Who Might Not Have It
- Editor: This role primarily focuses on creating and editing ads, potentially lacking the specific "read_ads" permission to view in-depth insights.
How to Check and Assign the "read_ads" Permission
- Business Settings: Navigate to your Facebook Business Settings.
- Accounts > Ad Accounts: Select the relevant ad account.
- People: Here you can view existing users and their assigned roles.
- Add People: Grant the "read_ads" permission when adding new users, or edit the permissions of existing users.
MySQL permissions
Here's the breakdown of MySQL permissions needed, along with who typically has them:
- INSERT, SELECT, UPDATE, DELETE on each table to be synced: These are the core permissions allowing Unito to create, read, modify, and remove data within your MySQL tables.
- SELECT on the information_schema schema: This schema holds metadata about your database structure, essential for Unito to understand what to sync.
Who Has These Permissions?
- Database Administrators (DBAs): DBAs typically have full control over a MySQL database, including schema management and granting permissions.
- Users with Custom Privileges: It's possible to specifically grant these required permissions to individual users based on their synchronization needs.
How to Check and Grant MySQL Permissions
The process usually involves using SQL commands:
- SHOW GRANTS: Use
SHOW GRANTS FOR 'user'@'host';(replace 'user' and 'host' appropriately) to see existing permissions. - GRANT: Use
GRANT INSERT, SELECT, UPDATE, DELETE ON database.table TO 'user'@'host';to assign table-level permissions. - Schema-Level GRANT: Grant SELECT permissions on the information_schema:
GRANT SELECT ON information_schema.* TO 'user'@'host';
Important Considerations
- Principle of Least Privilege: Grant only the necessary permissions to minimize potential security risks.
- Data Sensitivity: If dealing with highly sensitive data, involve your DBA to ensure proper authorization and security best practices.
Official MySQL Documentation
For in-depth instructions and syntax examples, refer to the official MySQL documentation on user account management.
SurveyMonkey permissions
Authentication is currently limited to 1 user per SurveyMonkey account, meaning you must be the owner of your SurveyMonkey account in order to authenticate using OAuth 2 through Unito.
OAuth Scopes
-
surveys_read: Enables retrieving survey details, responses, and other survey-related information.
-
surveys_write: Allows Unito to create new surveys, modify existing surveys, and manage survey settings.
-
contacts_read: Grants Unito access to read contact information from the SurveyMonkey account. It enables retrieving contact lists, individual contact details, and associated metadata.
-
contacts_write: Unito can write or modify contact information in the SurveyMonkey account. It includes creating, updating, or deleting contacts, as well as managing contact groups or segments.