update S2S TSG

Author: sbmjais

support/sales-copilot/crm-permissions-and-configurations/access-denied-sf-ss.md

@@ -44,7 +44,7 @@ To resolve this issue, you must fix the connected app configuration in Salesforc
 1. Under **Custom Connected App Handler**, ensure that the value of **Run As** is set to **Copilot for Sales Integration User**.
 1. Go to **Administration** > **Users** > **Users** and confirm that the profile of the integration user is **CopilotForSalesIntegrationProfile**.
 
-Also, check is there were unintended changes made to the connected app configuration. If yes, revert the changes to the original configuration.
+Also, check if there were unintended changes made to the connected app configuration. If yes, revert the changes to the original configuration.
 
 ## More information
 

support/sales-copilot/crm-permissions-and-configurations/authentication-failed-sf-ss.md

@@ -52,7 +52,7 @@ To resolve this issue, you must fix the connected app and integration user confi
     1. User is associated with **Copilot for Sales connected app permission set** permission set.
     1. User is associated with **Salesforce API Integration** permission set license assignments.
 
-Also, check is there were unintended changes made to the connected app or integration user configuration. If yes, revert the changes to the original configuration.
+Also, check if there were unintended changes made to the connected app or integration user configuration. If yes, revert the changes to the original configuration.
 
 ## More information
 

support/sales-copilot/crm-permissions-and-configurations/authorization-failed-sf-ss.md

@@ -28,7 +28,7 @@ When a user tries to access Salesforce with server-to-server flow, the following
 
 > Server-to-server authorization failed.
 
-The related error message reads "Couldn't get client credentials to access Salesforce.".
+## Error 1: Couldn't get client credentials to access Salesforce
 
 ## Cause
 
@@ -40,6 +40,23 @@ To resolve this issue, contact Microsoft support and provide the following infor
 - If the connected app "Copilot for Sales Connected App" was updated accidentally. 
 - If the connected app is still available, get the client ID of the connected app.
 
+## Error 2: Session ID isn't allowed for use REST API access at Salesforce
+
+## Cause
+
+During Salesforce server-to-server flow setup, a connected app is deployed to the Salesforce organization. The error occurs when appropriate OAuth scope is not set for the connected app.
+
+## Resolution
+
+To resolve this issue, contact your administrator to set the appropriate OAuth scope for the connected app Confirm that the connection is still active in admin settings.
+
+1. Sign in to Salesforce CRM as an administrator.
+1. Go to **Setup** > **Platform Tools** > **Apps** > **App Manager**.
+1. On **Copilot for Sales Connected App** row, select the down arrow, and then select **Edit**.
+1. Under **API (Enable OAuth Settings)**, select **Manage user data via APIs (api)** in the **Selected OAuth Scopes** list.
+
+Also, check if there were unintended changes made to the connected app configuration. If yes, revert the changes to the original configuration.
+
 ## More information
 
 If your issue is still unresolved, go to the [Copilot for Sales - Microsoft Community Hub](https://techcommunity.microsoft.com/t5/viva-sales/bd-p/VivaSales) to engage with our experts.