einstein-activity-capture-setup
Configure Einstein Activity Capture (EAC) for an org: enable the feature, create Configuration profiles, set auth type (User-Level or Org-Level OAuth), define email and calendar sync scope, configure excluded domains and privacy settings, assign users, and verify sync health. NOT for manual activity logging, Einstein Opportunity Scoring setup, Pipeline Inspection, or troubleshooting email deliverability outside EAC.
Best use case
einstein-activity-capture-setup is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Configure Einstein Activity Capture (EAC) for an org: enable the feature, create Configuration profiles, set auth type (User-Level or Org-Level OAuth), define email and calendar sync scope, configure excluded domains and privacy settings, assign users, and verify sync health. NOT for manual activity logging, Einstein Opportunity Scoring setup, Pipeline Inspection, or troubleshooting email deliverability outside EAC.
Teams using einstein-activity-capture-setup should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/einstein-activity-capture-setup/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How einstein-activity-capture-setup Compares
| Feature / Agent | einstein-activity-capture-setup | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Configure Einstein Activity Capture (EAC) for an org: enable the feature, create Configuration profiles, set auth type (User-Level or Org-Level OAuth), define email and calendar sync scope, configure excluded domains and privacy settings, assign users, and verify sync health. NOT for manual activity logging, Einstein Opportunity Scoring setup, Pipeline Inspection, or troubleshooting email deliverability outside EAC.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Einstein Activity Capture Setup This skill activates when a practitioner needs to enable, configure, and assign Einstein Activity Capture (EAC) in a Salesforce org — covering the full admin workflow from feature enablement through Configuration profile creation, auth type selection, exclusion rule setup, user assignment, and sync verification. It does NOT cover Einstein Opportunity Scoring setup, Pipeline Inspection, manual activity logging design, or general email deliverability troubleshooting. --- ## Before Starting Gather this context before working on anything in this domain: - **License verification:** EAC is included in Einstein for Sales (add-on), Sales Cloud Einstein, and Einstein 1 Sales editions. It is NOT included in core Sales Cloud or Service Cloud. Verify entitlement in Setup > Company Information > Permission Set Licenses — look for `Einstein Activity Capture` PSL seats. Attempting to enable EAC without the correct license results in a silent failure or a greyed-out Setup toggle. - **Email platform:** EAC supports Microsoft Exchange (on-premises 2013+), Microsoft 365, and Google Workspace (Gmail / Google Calendar). Confirm which platform users are on before choosing auth type — Google Workspace only supports User-Level OAuth; Microsoft 365 supports both User-Level and Org-Level OAuth. - **Exclusion domain list:** Legal, HR, executive assistants, and competitors often have domains that must not be synced. This list must be finalized before assigning users to a Configuration profile. Exclusions cannot be retroactively applied to already-synced data. - **Storage impact:** As of Summer '25, EAC-synced emails are stored as standard `EmailMessage` records and consume org file storage. For high-volume orgs (1000+ reps sending 50+ emails/day), storage growth can be significant. Confirm org storage headroom and plan an archival or data retention policy before go-live. - **Privacy mode:** EAC offers a Private Activities setting at the Configuration level. When enabled, synced activities are visible only to the owning user and admins — not to other reps browsing the same Contact or Opportunity record. Confirm the org's privacy policy requirements before disabling this. --- ## Core Concepts ### Configuration Profiles A Configuration profile (also called an EAC Configuration) is the central admin artifact for EAC. It defines: which email and calendar events to sync (scope), the authentication model (User-Level vs Org-Level OAuth), the direction of calendar sync (bi-directional or Salesforce-to-email-client only), excluded domains and email addresses, and the privacy mode setting. Every user who uses EAC must be assigned to exactly one active Configuration profile. Users with no Configuration assignment get the PSL but cannot sync. A single org can have multiple Configuration profiles — for example, one profile for the sales team (full bi-directional sync, no privacy mode) and one for executive assistants (email only, privacy mode on). Configuration profiles are managed in Setup > Activity Settings > Einstein Activity Capture > Settings. ### Authentication Types **User-Level OAuth** requires each user to individually authorize EAC to access their email/calendar account by clicking "Connect Account" in their personal Salesforce settings. The authorization token is stored per-user. If the user revokes the token or changes their password, their sync stops — independently of other users. This is the only option for Google Workspace. **Org-Level OAuth** (Microsoft 365 only) uses a single service account authorized by an admin. The admin grants EAC access to the entire Microsoft 365 tenant (or a defined subset of mailboxes) via Azure Active Directory. Individual users do not need to take action. When a rep leaves, their sync is revoked by removing them from the EAC assignment — not by revoking individual tokens. This model is preferred for large enterprise rollouts because it eliminates the user-authorization friction, but it requires a Microsoft 365 Global Admin to perform the AAD app consent during setup. ### Sync Behavior and the Activity Timeline EAC syncs emails to Salesforce as `EmailMessage` records associated with matching Contacts and related records (Leads, Opportunities, Accounts, Cases) via address matching. Calendar events sync as `Event` records. Both surfaces appear in the Activity Timeline component on record pages. Important: prior to Summer '25, EAC-synced activities were stored in a separate Einstein data store and were NOT queryable via standard SOQL on `Task` or `Event`. As of Summer '25, synced emails are stored as standard `EmailMessage` records and ARE queryable. Synced calendar events remain as standard `Event` records with `IsActivitySyncEnabled = true`. Confirm the org's API version and release version when advising on queryability — older behavior docs are misleading. Activity matching uses the email addresses on the Salesforce Contact/Lead records. If an email domain matches a Contact's email but EAC cannot find a unique Contact match, the activity is placed in the "Unresolved Items" queue for the user to manually associate. Duplicate or missing Contact email addresses are a primary cause of "emails syncing but not appearing on records." ### Permission Set License Assignment The `Einstein Activity Capture` PSL must be assigned to each user before they can be added to a Configuration profile. Assigning a Configuration profile to a user without first granting the PSL results in the assignment appearing to succeed but sync never starting. The PSL is managed separately from standard Permission Sets — it is assigned via Setup > Users > [User] > Permission Set License Assignments. --- ## Common Patterns ### Pattern: Enterprise Rollout with Org-Level OAuth (Microsoft 365) **When to use:** Large org (100+ reps) on Microsoft 365 where individual user authorization steps are not operationally feasible, or where IT security requires a centrally managed service account. **How it works:** 1. A Microsoft 365 Global Admin consents to the Salesforce EAC application in Azure Active Directory, granting EAC permission to read user mailboxes in the tenant. 2. In Salesforce Setup, create a Configuration profile with Auth Type = Org-Level OAuth, configure sync scope, exclusion domains, and privacy settings. 3. Assign the EAC PSL to all target users in bulk via Permission Set License Assignments. 4. Assign users to the Configuration profile. Sync starts automatically within 1–2 hours with no action required from users. **Why not User-Level OAuth:** With User-Level OAuth at 200+ reps, IT must communicate to each rep, track authorization completion, and handle token refresh failures individually. Org-Level OAuth reduces support overhead to near zero post-setup. ### Pattern: Privacy-Conscious Rollout with Domain Exclusions **When to use:** Orgs with legal, HR, or compliance requirements that prohibit certain email categories from entering Salesforce, or orgs where executives require that their calendar events remain private. **How it works:** 1. Before creating the Configuration profile, compile the exclusion list: external domains (competitors, legal counsel, HR vendors), internal domains used for sensitive communication (e.g. `legal.company.com`), and specific email addresses. 2. In the Configuration profile, enter excluded domains under "Excluded Domains" and excluded email addresses under "Excluded Email Addresses." 3. For calendar privacy, enable "Private Events" exclusion so events marked Private in the email client are not synced. 4. For the executive group, create a separate Configuration profile with Private Activities mode enabled, so synced activities are only visible to the exec and admins. 5. Assign users to their respective profiles after all exclusions are confirmed with Legal/Compliance. **Why not configure exclusions post-launch:** EAC does not retroactively remove already-synced emails when exclusion rules are added. Any email that matched a contact before the exclusion was added remains on the record. Exclusions only prevent future syncs. --- ## Decision Guidance | Situation | Recommended Approach | Reason | |---|---|---| | Users on Google Workspace | User-Level OAuth only | Google Workspace does not support Org-Level OAuth for EAC | | Users on Microsoft 365, large rollout (100+) | Org-Level OAuth via Azure AD consent | Eliminates per-user authorization overhead; IT manages centrally | | Users on Microsoft 365, small rollout (<20) | Either; User-Level is simpler | Org-Level requires Azure AD Global Admin involvement, disproportionate for small teams | | Org has legal/HR domains that must not sync | Configure Excluded Domains BEFORE user assignment | Exclusions are not retroactive; assign users only after exclusions are confirmed | | Executive users who need activity privacy | Separate Configuration profile with Private Activities enabled | Prevents other reps from seeing exec emails/calendar on shared records | | High email volume org (1000+ reps) | Plan storage archival before go-live | As of Summer '25, EAC emails consume org storage; large orgs can exceed storage limits within months | | Users not seeing synced emails on records | Check Contact email address match and Unresolved Items queue | Sync works but matching fails when Contact email is missing or duplicated | --- ## Recommended Workflow Step-by-step instructions for an AI agent or practitioner working on this task: 1. **Verify license entitlement and seat count.** Navigate to Setup > Company Information > Permission Set Licenses and confirm the `Einstein Activity Capture` PSL exists with sufficient seats for the target user population. If the PSL is absent or seats are insufficient, stop — contact Salesforce AE or Account Manager before proceeding. No configuration will function without the correct license. 2. **Enable Einstein Activity Capture.** Navigate to Setup > Activity Settings > Einstein Activity Capture. Toggle "Enable Einstein Activity Capture" on. If the toggle is greyed out, the PSL is missing or the org type does not support EAC (e.g. Developer Edition without add-on). 3. **Compile exclusion requirements before creating Configuration.** Work with Legal, HR, and Security stakeholders to build the excluded domains and excluded address lists. Also confirm: (a) whether calendar sync should be bi-directional or one-directional, (b) whether Private Activities mode is required, and (c) the email platform (Microsoft 365 / Google Workspace) and auth model. 4. **Create Configuration profile(s).** In Setup > Activity Settings > Einstein Activity Capture > Settings, create a new Configuration. Set the name, auth type (User-Level OAuth or Org-Level OAuth), sync scope (email, calendar, or both), sync directions, excluded domains, excluded addresses, and privacy settings. For Org-Level OAuth, complete the Azure AD app consent flow during this step. 5. **Assign EAC PSL to target users.** For each user who will use EAC, go to Setup > Users > [User] > Permission Set License Assignments and add the `Einstein Activity Capture` PSL. Do this BEFORE adding users to a Configuration profile. Bulk assignment via Data Loader or the PSL assignment page is supported for large user groups. 6. **Assign users to Configuration profile.** Return to the Configuration profile and add users or profiles to the assignment list. For User-Level OAuth, instruct users to connect their email account in their personal Salesforce settings (Profile > Settings > Connected Accounts). For Org-Level OAuth, sync starts automatically within 1–2 hours. 7. **Verify sync and review Unresolved Items.** After 2–4 hours, confirm that emails and calendar events appear on the Activity Timeline of test Contact and Opportunity records. Review the EAC Unresolved Items page for activities that matched no record. Address missing or duplicate Contact email addresses causing matching failures. Monitor storage consumption in Setup > Storage Usage in the first week. --- ## Review Checklist Run through these before marking work in this area complete: - [ ] Einstein Activity Capture PSL exists in org with correct seat count confirmed - [ ] EAC toggle is enabled in Setup > Activity Settings > Einstein Activity Capture - [ ] Excluded domains and addresses reviewed and approved by Legal/Compliance BEFORE user assignment - [ ] Configuration profile(s) created with correct auth type, sync scope, directions, and privacy settings - [ ] For Org-Level OAuth: Azure AD app consent completed by Microsoft 365 Global Admin - [ ] EAC PSL assigned to ALL target users before Configuration profile assignment - [ ] Users assigned to correct Configuration profile(s) - [ ] For User-Level OAuth: users instructed and confirmed to connect their accounts - [ ] Sync verified — emails and calendar events visible on Activity Timeline for test records - [ ] Unresolved Items queue reviewed and addressed - [ ] Org storage consumption monitored with archival plan in place for high-volume orgs --- ## Salesforce-Specific Gotchas Non-obvious platform behaviors that cause real production problems: 1. **PSL must precede Configuration assignment** — Assigning a user to a Configuration profile without first granting the Einstein Activity Capture PSL appears to succeed in the UI but sync never starts. No error is displayed. The fix is to grant the PSL first, then re-save or re-add the user to the Configuration. This is the most common cause of "EAC assigned but not syncing." 2. **Exclusion rules are not retroactive** — Adding an excluded domain to a Configuration profile after users have been syncing does not remove previously synced emails from Salesforce records. Those records persist. Exclusions only prevent future sync. If retroactive removal is required, records must be deleted manually or via a batch Data Loader job querying `EmailMessage` WHERE the from/to address matches the excluded domain. 3. **Storage growth is real as of Summer '25** — Before Summer '25, EAC used a separate data store that did not count against org storage. As of Summer '25, synced emails are stored as standard `EmailMessage` records and consume file storage. A 500-rep team each receiving 40 emails/day can add 1–2 GB of storage per month depending on attachment sizes. Plan for this before go-live. 4. **Google Workspace does not support Org-Level OAuth** — EAC Org-Level OAuth is exclusive to Microsoft 365 via Azure AD. Any guidance recommending Org-Level OAuth for Google Workspace is incorrect — Google Workspace users must always use User-Level OAuth and individually connect their accounts. 5. **Activity Timeline vs SOQL queryability changed in Summer '25** — Prior to Summer '25, EAC-synced emails were in a separate Einstein data store, not queryable via standard SOQL. As of Summer '25, synced emails are queryable as `EmailMessage` records. Always confirm the org's Salesforce release version before advising on queryability. --- ## Output Artifacts | Artifact | Description | |---|---| | EAC Configuration profile | Named configuration defining auth type, sync scope, exclusion rules, and privacy settings for a user group | | PSL assignment list | Record of which users have been granted the Einstein Activity Capture PSL | | Sync verification report | Manual or documented check that Activity Timeline shows synced emails/events on test records | | Storage consumption baseline | Initial storage usage reading taken at go-live to detect unexpected growth | | Exclusion domain registry | Approved list of excluded domains and addresses, signed off by Legal/Compliance | --- ## Related Skills - einstein-copilot-for-sales — For Einstein Opportunity Scoring, Pipeline Inspection, and AI email generation that complement EAC in a Sales Cloud Einstein deployment - permission-sets-vs-profiles — For understanding PSL vs Permission Set assignment patterns when rolling out EAC to large user populations ## Official Sources Used - Einstein Activity Capture Setup — https://help.salesforce.com/s/articleView?id=sf.einstein_sales_activity_capture.htm - Considerations for Setting Up Einstein Activity Capture — https://help.salesforce.com/s/articleView?id=sf.einstein_sales_activity_capture_consideration.htm - Einstein Activity Capture Configuration Profiles — https://help.salesforce.com/s/articleView?id=sf.einstein_sales_activity_capture_configuration.htm - Salesforce Well-Architected Overview — https://architect.salesforce.com/docs/architect/well-architected/guide/overview.html
Related Skills
shield-kms-byok-setup
Configure Shield Platform Encryption with customer-supplied (BYOK) or customer-held (Cache-Only Key Service) tenant secrets, rotate them, and recover. NOT for Classic Encryption or field masking.
slack-salesforce-integration-setup
Use this skill when setting up or troubleshooting the Salesforce for Slack managed app — including connecting a Salesforce org to a Slack workspace, configuring the three-party admin handshake, linking Slack channels to Salesforce records, enabling record preview sharing, and managing org-level limits. Triggers on: Salesforce for Slack app not connecting, Slack org connection setup, Salesforce record sharing in Slack, Slack workspace admin approval, connecting Salesforce to Slack. NOT for building custom Slack apps or Slack bots (separate development platform), not for Slack Workflow Builder Salesforce connector (use slack-workflow-builder skill), not for Flow-based Slack messaging (use flow-for-slack skill).
salesforce-maps-setup
Use when configuring Salesforce Maps (formerly MapAnything) — territory planning, route optimization, live tracking, geo-grid visualizations, and check-in/check-out workflows for Sales or Service field reps not on Field Service. Covers package installation order (Maps + Maps Advanced + Maps Routing/Live Tracking add-ons), the MapsTerritoryPlan / MapsAdvancedRoute / MapsLayer object family, base-data syncs (Geocoding and Routing services), and integration with Sales and Service Cloud records. Triggers: 'Salesforce Maps setup', 'MapAnything migration', 'territory planning by polygon', 'route optimization for sales reps', 'live tracking field reps', 'plot accounts on a map', 'check-in to the closest account'. NOT for Field Service Lightning territory and scheduling (use admin/fsl-scheduling-optimization-design and data/fsl-territory-data-setup) — Maps and FSL are different products. NOT for Consumer Goods Cloud retail visit planning (use admin/consumer-goods-cloud-setup) — RoutePlan/Visit objects are CG-specific. NOT for Tableau / CRM Analytics geo charts.
private-connect-setup
Configure Private Connect between Salesforce and AWS/Azure for traffic to stay on private networks. NOT for standard internet callouts.
net-zero-cloud-setup
Use this skill when configuring Salesforce Net Zero Cloud — including Scope 1/2/3 emission source modeling via the StnryAssetCrbnFtprnt / VehicleAssetCrbnFtprnt / Scope3CrbnFtprnt object families, emission factor library setup (EmssnFctr / EmssnFctrSet), DPE-driven carbon calculation jobs, supplier engagement scoring, and CSRD / ESRS / TCFD disclosure pack mapping. Triggers on: Net Zero Cloud setup, Sustainability Cloud carbon accounting, Scope 1 2 3 emissions Salesforce, emission factor library, supplier engagement Net Zero, ESG disclosure pack mapping. NOT for ESG content scoring (use Marketing Cloud), NOT for general financial reporting (use Accounting Subledger), NOT for energy-only utility billing (use Energy & Utilities Cloud).
named-credentials-setup
Named Credentials and External Credentials configuration for secure outbound callouts: per-user vs per-org authentication, legacy vs enhanced Named Credentials, external credential principal types (Named Principal, Per User, Anonymous), OAuth 2.0 and JWT flows, and credential deployment. NOT for callout code patterns, Apex HTTP implementation, or OAuth server-side flow debugging.
manufacturing-cloud-setup
Use this skill when configuring Salesforce Manufacturing Cloud — including Sales Agreement setup, Account-Based Forecasting (ABF) recalc jobs, run-rate management, Rebate Management programs, channel inventory tracking via Channel Revenue Management, and Group Membership / OrderItem-to-SalesAgreement reconciliation. Triggers on: Manufacturing Cloud setup, Sales Agreement Salesforce, account-based forecast recalculation, run rate manufacturing, rebate program setup, channel revenue management. NOT for general Sales Cloud opportunity-to-order flow (use standard Opportunity / Order), NOT for Field Service install-base management (use FSL skills), NOT for Automotive Cloud dealer modeling (use automotive-cloud-setup).
loyalty-management-setup
Use this skill when setting up or extending Salesforce Loyalty Management — including program and currency creation, tier group design, qualifying vs. non-qualifying point currency separation, DPE batch job activation, partner loyalty configuration, and member portal setup on Experience Cloud. Triggers on: Loyalty Management setup, loyalty tier setup Salesforce, qualifying points vs redemption points, DPE batch job for loyalty, partner loyalty program Salesforce, loyalty member portal. NOT for Marketing Cloud engagement program design (separate product), not for B2B loyalty via Sales Cloud (standard opportunity, not loyalty program), not for general Experience Cloud site setup (use experience-cloud-setup skill).
change-data-capture-integration
Use this skill when setting up CDC to stream Salesforce record changes to external systems via CometD or Pub/Sub API. Covers change event channels, entity selection, event structure, replay ID management, gap events, and subscriber management. NOT for Apex CDC trigger subscribers (see apex/platform-events-apex). NOT for publishing custom business events (use integration/platform-events-integration).
automotive-cloud-setup
Use this skill when setting up or extending Salesforce Automotive Cloud — including the Vehicle / VehicleDefinition data model, dealer-OEM relationship modeling via AccountAccountRelation, ActionableEvent orchestration for service campaigns and recalls, FinancialAccount lifecycle for retail-credit deals, and DriverQualification / WarrantyTerm extensions. Triggers on: Automotive Cloud setup, Salesforce Automotive Cloud data model, Vehicle vs VehicleDefinition, dealer hierarchy AccountAccountRelation, Automotive Cloud actionable events, recall campaign Salesforce. NOT for general Sales Cloud opportunity work on a vehicle product (use standard Opportunity), NOT for Manufacturing Cloud sales agreements (use manufacturing-cloud-setup), NOT for Field Service vehicle inventory (use FSL skills).
fsl-territory-data-setup
Use this skill when bulk loading Service Territory data: boundary polygons, ServiceTerritoryMember assignments, OperatingHours, TimeSlots, and territory hierarchy setup. Trigger keywords: service territory bulk load, KML polygon import FSL, ServiceTerritoryMember migration, OperatingHours data setup, PolygonUtils Apex. NOT for Enterprise Territory Management (ETM/Account Territories), admin-level territory configuration UI, or scheduling policy setup.
einstein-analytics-data-model
Use this skill when working with CRM Analytics (Einstein Analytics) extended metadata (XMD) — the multi-layer metadata system that controls field display labels, aliases, number formatting, date formatting, measure/dimension classification, and color palettes on CRM Analytics datasets. Trigger keywords: XMD API, dataset field formatting CRM Analytics, wave dataset labels, main XMD update, dataset versioning Analytics. NOT for dataflow development, recipe node configuration, dataset ingestion setup, standard dashboard design, or SAQL query construction — those are covered by analytics-dataflow-development and analytics-recipe-design.