A user with the "Salesforce Integration" license type can be used for all sync functionality, to avoid paying for a user license. Contact us if you need any assistance with getting this working correctly.
Outbound Syncs
In general, you need either "Modify All" on the objects you wish to write to, or "Modify all data" at the org level.
Inbound Syncs
In general, you need either "Read All" on the objects you wish to read, or "Read all data" at the org level.
However, there are a couple of situations that require extra privileges:
Formula Fields
These are retrieved via the metadata API, so you need "Modify Metadata Through Metadata API Functions" (even though we are only reading).
Picklist Values
To read picklist values, we execute some Apex code via the tooling API to retrieve all picklist values in bulk. For this reason, you need the "Author Apex" system permission.
At first, may appear that a Salesforce Integration user cannot be granted this permission as it is hidden from the profile editing screen.
Instead, you must create a Permission Set with no specific license type:
