Salesforce Archives

Top 10 Key Characteristics of Salesforce Agentforce

When it comes to AI driven customer engagement and automation tools for managing leads and customers, Salesforce Agentforce stands out for its advanced capabilities and industry specific adaptability solutions. Unlike traditional chatbots that focus on basic task automation, Agentforce leverages real time data processing, proactive decision making and deep integration with Salesforce platforms to offer a superior, fully tailored service.

This particular set of attributes allows businesses to deliver highly personalized experiences across multiple platforms, ensuring better customer satisfaction and streamlined operations.

For instance, imagine a retail company using a typical chatbot platform to handle customer inquiries about order status. Most chatbots rely on pre programmed responses or fixed databases, meaning they often give customers outdated information or generic replies.

In contrast, Agentforce, using the Atlas Reasoning Engine, can access live data from the company’s CRM system and provide accurate, real time updates about the customer’s order. This not only saves time but also builds trust by delivering a more informed, seamless customer experience.

So what sets Salesforce Agentforce apart?

Let’s explore the 10 key features that make it a game changer for businesses looking to enhance customer engagement and operational efficiency.

1. Autonomous Agents: Automating Key Tasks

Agentforce provides autonomous agents capable of managing a wide variety of tasks with minimal human involvement.

These agents can handle customer support, assist in sales, and even manage marketing tasks, allowing your team to focus on strategic initiatives rather than repetitive work. For example, an agent can automatically follow up with a customer inquiry or qualify a sales lead, without manually interfering with the CRM.

2. Atlas Reasoning Engine: Real-Time Intelligence

At the core of Agentforce’s intelligence is the Atlas Reasoning Engine, which allows the AI to process real-time data and deliver accurate, context aware responses.

Unlike simple bots that provide scripted answers, Agentforce uses live information to make decisions, helping your team deliver more meaningful and personalized interactions. If a customer asks about the status of an order, for instance, the AI can retrieve the latest updates directly from your system.

3. Proactive Action: Initiating Tasks Automatically

Agentforce doesn’t just react to customer queries; it can also take proactive actions. These agents are triggered by CRM updates or customer behavior, allowing them to initiate tasks automatically.

For instance, if a customer hasn’t made a purchase in a while, the agent can send a personalized re-engagement email or notify a sales team to follow up.

4.Security and Guardrails: Built In Protection

Security is a top priority for businesses, and Agentforce delivers with built-in guardrails that ensure AI agents act within defined boundaries.

The Einstein Trust Layer safeguards data, making sure that only authorized actions are taken. When the AI encounters a situation that requires human intervention, it escalates the issue to a real team member, maintaining control and oversight.

5. Customization: Tailored to Your Needs

Agentforce offers extensive customization options, allowing businesses to tailor the platform to their specific needs.

Tools like Apex, Flows, and APIs enable your Agentforce developer to adjust workflows and integrate third-party systems, making it easy to align the AI with your current operations. Whether you need to handle complex customer service queries or automate internal processes, Agentforce can be adapted to meet your business goals.

6. Multi Channel Communication: Seamless Customer Interactions

Today’s customers expect seamless communication across platforms, and Agentforce excels in multi-channel operation.

Whether through email, social media, or chat, Agentforce ensures consistent engagement across all customer touchpoints. For example, a conversation that starts on social media can easily continue through email or SMS, providing a smooth customer experience.

7. Industry Specific Agents: Ready for Specialized Needs

Salesforce understands that different industries have different challenges, which is why Agentforce includes industry specific agents.

These pre-configured agents are designed for sectors like hightech, healthcare and finance, reducing the time needed for customization. A healthcare agent might help schedule patient appointments, while a retail agent could manage inventory queries and returns.

8. Data Driven Learning: Constant Improvement

Thanks to Salesforce’s Data Cloud, Agentforce agents are always learning and improving.

These agents can access structured and unstructured data, enabling them to refine their responses based on past interactions. This continuous learning ensures that the agents become more effective and efficient as they process more data.

9. Real Time Monitoring: Full Transparency

With real time monitoring, businesses can keep track of how their AI agents are performing. The Omni Supervisor gives managers visibility into key metrics such as response times and customer satisfaction, helping them make informed decisions and quickly adjust strategies if needed. This transparency ensures that your AI-driven processes remain efficient and effective.

10. Low Code Scalability: Simplifying Implementation

Even though you will need the help of an Agentforce developer for its initial implementation, Agentforce offers a low-code configuration through its Agent Builder, allowing businesses to scale their operations without requiring extensive technical expertise. This means that even teams with limited IT resources can implement AI solutions, making it an accessible option for companies of all sizes.

Next Steps: Get Started Today

To fully leverage Agentforce’s capabilities, partnering with an integration and optimization expert like Oktana is key to simplify the process.

We specialize in Salesforce development and AI integration, ensuring that your AI agents are not only customized to meet your specific needs but are also integrated seamlessly into your existing infrastructure.

Ready to begin your AI journey? We have a jumpstart implementation package waiting to simplify your process.

Step-by-Step Guide: Integrating Salesforce with AWS S3

In today’s data-driven world, efficient data management and seamless platform integration are paramount. This article will walk you through the step-by-step process of configuring Salesforce and AWS S3 to work in harmony. This will enable industry professionals to create, read, update, and delete objects with ease, ensuring smooth data operations and enhanced productivity.

AWS Configuration

Creating AWS S3 Policy

1. Log in to AWS Console.

2. Navigate to IAM (use the search bar).

3. Click on Policies (on the left side of the screen).

4. Click on Create policy.

5. Click Choose a service then select S3.

6. Provide the following permissions under:

Read Section: GetObject

Write Section: DeleteObject and PutObject

List Section: ListBucket and ListBucketMultipartUploads

7. Then in the Resources section click on Add ARN next to “bucket”.

Bucket Name: bucket-s3-<your initials>-<favorite animal>
Check Any checkbox for Object Name.

8. Enter PolicyS3SalesforceIntegrationReadOnly as a name for the new policy.

9. Click Create Policy.

Creating AWS S3 User

1. Click on Users (on the left side of the screen).

2. Click on Create user.

3. Type User-S3-Salesforce-Integration in the Name field then click Next.

4. Click Attach policies directly.

5. Select the PolicyS3SalesforceIntegrationReadOnly policy to add.

6. Click Next and review the Summary Details.

7. Click Create User.

Generating AWS IAM User Access & Secret Key

1. Click on Users (on the left side of the screen).

2. Open the recently created user User-S3-Salesforce-Integration.

3. Click on the Security Credentials tab.

4. Click on Create access key (top right of the screen).

5. Select Other then click Next.

6. Provide Key-S3-Salesforce-Integration_<CurrentYear>_<CurrentMonth> as a description.

7. Click Create access key.

8. Click on Download .csv file.

9. Securely store the keys, they will be used at a later point in this guide.

Creating AWS S3 Bucket & Objects

1. Navigate to S3 (use the search bar).

2. Click on Create bucket.

3. Provide the following as bucket name: bucket-s3-<your name initials>-<favorite animal>

Note: Use the same bucket name provided while creating the IAM Policy.

4. Click on Create bucket.

5. Open the newly created bucket.

6. Upload a couple of files or images.

Salesforce Configuration

Storing AWS S3 Access & Secret Key in Salesforce

1. Log in to Salesforce (Trailhead Playground or Salesforce Developer Org).

2. Navigate to Setup > Named Credentials then click on External Credentials tab.

3. Click on New.

4. Provide the following information:

Label: AWS S3 Credential
Name: AWS_S3_Credential
Authentication Protocol: AWS Signature Version 4
Service: s3
Region: us-east-1 (or the one where you created the s3 bucket)
AWS Account ID: <your AWS account ID>

5. Click Save.

6. Click New on the Principals section.

7. Provide the following information:

Parameter Name: AWS S3 Principal
Sequence Number: 1
Access Key: generated in AWS IAM
Access Secret: generated in AWS IAM

8. Go back to the Named Credentials tab.

9. Click on New.

10. Provide the following information:

Label: AWS S3

Name: AWS_S3

URL: https://<your-bucket-name>.s3.<your-bucket-region>.amazonaws.com

Enabled for Callouts: Yes

External Credential: AWS S3 Credential
Generate Authorization Header: Checked

11. Click Save.

Providing access to Credentials in Salesforce

1. Navigate to Setup > Permission Sets.

2. Click on New.

3. Provide the following information:

Label: AWS S3 User
API Name: AWS_S3_User

4. Click Save.

5. Click on Object Settings.

6. Search for and open User External Credentials then click on Edit.

7. Provide Read access.

8. Go back to Permission Set Overview and click on External Credential Principal Access.

9. Add the AWS_S3_Credential – AWS S3 Principal.

10. Assign the Permission Set to the user that you would like to provide access.

Testing Integration

Listing Bucket Objects

This code retrieves all objects stored in the S3 bucket using an HTTP GET request to the S3 endpoint.

				
					HttpRequest request = new HttpRequest();
request.setMethod('GET');
request.setEndpoint('callout:AWS_S3' + '/');
Http http = new Http();
HttpResponse res = http.send(request);

//Checkpoint
Assert.areEqual(200,res.getStatusCode());

//The following section processes the XML result and formats the data for better readability.
String namespace = 'http://s3.amazonaws.com/doc/2006-03-01/';
Dom.Document doc = res.getBodyDocument();
Dom.XMLNode root = doc.getRootElement();

String bucketName = root.getChildElement('Name', namespace).getText();

System.debug('Bucket Name: ' + bucketName);
System.debug('The following objects are stored in the bucket: ');

for (Dom.XMLNode node : root.getChildElements()) {
	if (node.getName() == 'Contents' && node.getNamespace() == namespace) {
    	String key = node.getChildElement('Key', namespace).getText();
    	String lastModified = node.getChildElement('LastModified', namespace).getText();
    	String storageClass = node.getChildElement('StorageClass', namespace).getText();

    	System.debug('Key: ' + key);
    	System.debug('StorageClass: ' + storageClass);
    	System.debug('LastModified: ' + lastModified);   	 
    }
}

Adding Objects

This code uploads a text file to the S3 bucket using an HTTP PUT request, with the file content included in the request body.

Note: If you want to upload binary data, you can use setBodyAsBlob(…) instead of setBody(…).

				
					String fileNameToCreate = 'BytesInTheCloud.txt';
String fileContent = 'Greetings from the cloud! Your data is safe and sound in S3.';

HttpRequest request = new HttpRequest();
request.setMethod('PUT');
request.setBody(fileContent);
request.setEndpoint('callout:AWS_S3/' + fileNameToCreate);

Http http = new Http();
HttpResponse res = http.send(request);

//Checkpoint
Assert.areEqual(200,res.getStatusCode());

As you can see in the screenshot below, the BytesInTheCloud.txt file has been added.

Updating Objects

This code updates the content of an existing file in the S3 bucket using an HTTP PUT request with the new content in the request body.

				
					String fileNameToUpdate = 'BytesInTheCloud.txt';
String fileNewContent = 'Data update complete! Your bytes are now even more awesome.';

HttpRequest request = new HttpRequest();
request.setMethod('PUT');
request.setBody(fileNewContent);
request.setEndpoint('callout:AWS_S3/' + fileNameToUpdate);

Http http = new Http();
HttpResponse res = http.send(request);

//Checkpoint
Assert.areEqual(200,res.getStatusCode());

As you can see in the screenshot below, the BytesInTheCloud.txt file has been updated.

Deleting Object

This code deletes a specified file from the S3 bucket using an HTTP DELETE request. As you can see in the screenshot below, the Dog_3.jpg file has been deleted.

				
					String fileNameToDelete = 'Dog_3.jpg';

HttpRequest request = new HttpRequest();
request.setMethod('DELETE');
request.setEndpoint('callout:AWS_S3/' + fileNameToDelete);

Http http = new Http();
HttpResponse res = http.send(request);

//Checkpoint
Assert.areEqual(204,res.getStatusCode());

As you can see in the screenshot below, the Dog_3.jpg file has been deleted.

Conclusion

Integrating AWS S3 with Salesforce brings together two powerful platforms, enabling efficient and streamlined data management. By following the steps outlined in this article, you’ve successfully configured AWS and Salesforce, securely stored and accessed credentials, and tested the integration by performing various object operations. This seamless integration not only simplifies your data management tasks but also opens up new possibilities for automating and enhancing your workflows.

As you continue to explore and expand on this integration, you’ll find numerous ways to optimize your processes, improve data accessibility, and boost overall productivity. Remember, the key to successful integration lies in thorough testing and continuous learning. Embrace the power of Salesforce and AWS S3. Happy integrating!

FAQ

How do I find my bucket region?

Navigate to the S3 console.

Select your bucket.
The region is displayed in the bucket details.

How do I find my AWS account Id?

Go to the AWS Management Console.

Click on your account name (top right corner).
Copy the Account ID.

How do I assign a Permission Set to my user?

Go to Setup > Permission Sets.

Select the desired Permission Set.

Click Manage Assignments.

Click Add Assignments and select the user(s) you want to assign the Permission Set to.
Click Assign.

Key considerations in your Salesforce AppExchange development

Discover the essentials of Salesforce app development in the AppExchange. From understanding your users to simplifying installation and fortifying security, we’ve compiled the top three considerations when developing on Salesforce AppExchange. Let’s dive in!

1. Diverse customer base on your Salesforce AppExchange app

Yes, your app will impact other Salesforce orgs a lot

When developing for AppExchange, you are developing for a diverse customer base. And what I mean by that is since your app will be listed on Salesforce AppExchange, companies of almost any size or type can install it. Since this app will be installed on a pre-existing Salesforce.org, you have to think about how your app will impact their Org. For example, suppose you make a change to a Standard Object, like Contact or Accounts, by adding a new field or something like that. When the customer installs your app, they could potentially have a blank field on thousands of pre-existing account records, which could cause problems.

How does your customer use Salesforce on a day-to-day basis?

Another thing you want to keep in mind is how your customer is already using Salesforce on a day-to-day basis. It’s essential to create profiles and permission sets tailored to the user types your app requires, granting specific permissions based on potential app usage. This approach is vital from a conceptual user-flow and security perspective.

Setup and Maintenance: Key success factors

You also want to make installation, configuration, and app maintenance as easy as possible. Customers downloading and installing your app may only have one Salesforce Administrator, and you want to make their job as easy as possible. So, the more you can automate and the less your customer has to do, the better. Setup and maintenance are huge factors in whether someone will use your app.

2. Security Review

Yes, it is crucial to follow Salesforce’s best practices

Salesforce has strict security requirements and requires multiple scans from multiple scanners to submit to AppExchange. Therefore, installing Salesforce code analyzer and Apex PMD early in the development process is highly recommended. These are both extensions for Visual Studio Code that report in real time when your code violates best practices, indicating the severity of the violation and recommending ways to fix it.

Along with that, you should also regularly run scans on your code base and correct them as you go. This isn’t something that you necessarily need to do every day, but once a week is a reasonable period. Also, take the time to check the security of code when doing code reviews with developers to make sure they are following best practices.

As you develop, consider the security of features before you implement them. Ask yourself questions like, “Could this feature be used maliciously?” and also consider what permissions and access you give users.

3. Documentation

Last but not least, don’t miss the benefits of early documentation for a seamless AppExchange app submission.

Another crucial part of submitting an app to the AppExchange is the documentation required. Start compiling this information early and continuously update it to ensure a seamless process. This includes technical descriptions, component documentation, class and method documentation, solution architecture diagrams and flows, external callout documentation, and more. This is excellent work for someone like a BA. The earlier you start compiling this documentation, the more work you save.

In conclusion, while developing for Salesforce AppExchange involves additional steps during the development phase, the result is a high-quality product that is easy for almost anyone to install and start using. This approach ensures a smooth user experience and broad accessibility, making the extra effort well worth it.

At Oktana, we are committed to enhancing the Salesforce ecosystem consistently to help admins and users improve their overall Salesforce experience. Our highly skilled technical team has developed and published numerous AppExchange apps and components for companies of all sizes and industries.

Now, you can get started!

Salesforce SAML SSO: A Step-by-Step Guide

This blog will cover an example use case for a SAML SSO solution, explore related concepts, and show how to implement it in the Salesforce platform.

The example use case is the following:

There are two orgs, Epic Innovations and Secure Ops, where the latter contains classified information that cannot leave the system for compliance reasons. Agents working on cases in the Epic Innovations org need some additional information available in the Secure Ops org to work on some of their cases.

The requirements are:

Password-Free Access

Agents should be able to log in to the Secure Ops org without re-entering their passwords.

Conditional Access Control

Agents should be able to access the Secure Ops org only if they have open cases of type Classified assigned to them.

The subsequent sections are organized as follows: Section I reviews the relevant SAML SSO concepts, Section II, describes how the solution can be implemented in the Salesforce Platform, and Section III shows the implementation results.

1. SAML SSO Concepts

What is Single Sign-On?

Single sign-on (SSO) is an authentication method that enables users to access multiple applications with one login and one set of credentials [1].

SSO greatly simplifies the user experience by eliminating users needing to remember and enter different usernames and passwords for each application they use within a particular environment.

SSO is widely used in web applications and SaaS systems to streamline user authentication and improve overall security. It can be implemented using protocols such as OAuth, OpenID Connect, and SAML (Security Assertion Markup Language).

Identity Providers and Service Providers

An Identity Provider (IdP) is a trusted service that stores and verifies a user’s identity. SSO implementations use an IdP to verify the identity of the user attempting to log in. If their identity is verified, they’re given access to the system. Fig 1 shows an example of the X login page, where Google and Apple can be used as IdPs to verify a user’s identity.

A Service Provider (SP) is an entity that provides resources or applications to an end user. In SSO, the SP relies on an IdP to verify a user’s identity. Going back to the X example, the X platform serves as an SP, providing access to the X web application, and relies on either Google or Apple to verify the user’s identity.

Salesforce is automatically enabled as an identity provider when a domain is created. After a domain is deployed, admins can add or change identity providers and increase security for their organization by customizing their domain’s login policy [2].

SAML SSO Flows

When setting up SAML SSO there are two possible ways of initiating the login process: from the identity provider or the service provider. The steps for each flow as outlined in the official Salesforce documentation [3] are described below.

Service Provider-Initiated SAML Flow

The user requests a secure session to access a protected resource from the service provider. For instance, the user would like to access X, which can only be achieved by logging in.
The service provider initiates login by sending a SAML request to the identity provider.
The identity provider sends the user to a login page.
The user enters their identity provider login credentials, and the identity provider authenticates the user.
The identity provider now knows who the user is, so it sends a cryptographically signed SAML response to the service provider. The response contains a SAML assertion that tells the service provider who the user is.
The service provider validates the signature in the SAML response and identifies the user.
The user is now logged in to the service provider and can access the protected resource.

Identity Provider-Initiated SAML Flow

The IdP-Initiated flow is a shortened version of the SP-Initiated flow. In this case, a SAML request is unnecessary.

The user logs in to the identity provider.
The user clicks a button or link to access the service provider.
The identity provider sends a cryptographically signed SAML response to the service provider. The response contains a SAML assertion that tells the service provider who the user is.
The user is now logged in to the service provider and can access the protected resource.

II. Salesforce Implementation

Solution outline

In this blog post, the chosen solution for the sample use case involves implementing a service provider-initiated SAML SSO flow. A connected app for the Secure Ops organization will be configured within the Epic Innovations organization. This setup enables agents to be seamlessly redirected to the Secure Ops login page.

Upon reaching the Secure Ops login page, agents will be prompted to authenticate using their Epic Innovations credentials. Subsequently, the system initiates a verification process to check for any open cases of type Classified associated with the respective agent. If open cases are identified, the agents will be granted access. With open cases, they’re allowed access to the system.

Setting up Salesforce as a SAML Identity Provider

To let users access external systems and, in this case, the Secure Ops org, with their Epic Innovations credentials, the Epic Innovations org has to be enabled as an Identity provider.

To enable a Salesforce org as an IdP [4]:

From Setup, in the Quick Find box, enter Identity Provider, then select Identity Provider.
Click Enable Identity Provider.

Once enabled, you can click Edit to choose a certificate, Download Certificate to download the certificate, and Download Metadata to download the metadata associated with your identity provider, which contains information such as the Entity ID, Name ID Format, and other relevant information that will be discussed in the following sections.

Setting up Salesforce as a SAML Service Provider

The Secure Ops org can be configured as a service provider to facilitate access to the Secure Ops organization using Epic Innovations credentials. This is achieved by creating a SAML single sign-on (SSO) setting using some information from the identity provider.

To create a SAML Single Sign-On Setting [5]:

From Setup, in the Quick Find box, enter Single, and then select Single Sign-On Settings.
Click New; this option allows you to specify all the settings manually. You can also create a configuration with existing Metadata Files.
Fill in the relevant information as shown in the picture below.

Next, some of the key fields are described:

Name: Epic Innovations incorporation. This is a name that easily references the configuration. This name appears if the identity provider is added to My Domain or an Experience Cloud login page.

Issuer: A unique URL that identifies the identity provider. This was taken from the Identity Provider Setup configured in the Epic Innovations org.

Entity ID: A unique URL that specifies who the SAML assertion is intended for, i.e., the service provider. In this case, the Secure Ops domain is filled in.

Identity Provider Certificate: The authentication certificate issued by the identity provider. This was downloaded from the Identity Provider Setup configured in the Epic Innovations org.

Request Signing Certificate: The request signing certificate generates the signature on a SAML request to the identity provider for a service provider-initiated login.

Request Signature Method: Hashing algorithm for signed requests, either RSA-SHA1 or RSA-SHA256.

Assertion Decryption Certificate: If the identity provider encrypts SAML assertions, the appropriate certificate should be selected for this field. In this case, the Epic Innovations org would not encrypt the assertion, so the Assertion not encrypted option can be selected.

SAML Identity Type: This is selected based on how the identity provider identifies Salesforce users in SAML assertions. In this case, the Federation ID will be used.

SAML Identity Location: This option is based on where the identity provider stores the user’s identifier in SAML assertions. In this case, we chose Identity in the NameIdentifier element of the Subject statement. When we set up a connected app, we’ll specify this in the Epic Innovations org.

Service Provider Initiated Request Binding: This is selected according to the binding mechanism that the identity provider requests from SAML messages. In this case, HTTP POST will be used.

Identity Provider Login URL: Since HTTP POST was chosen as the request binding, the URL with endpoint /idp/endpoint/HttpPost is used. This endpoint can be found in the Identity Provider’s metadata file. Also, the corresponding endpoint for HTTP Redirect is available in this file.

Custom Logout URL: This is a URL to which the user will be redirected once logged out. Here, the Epic Innovations’ My Domain was chosen.

Adding the Epic Innovations org to the Secure Ops login page

With the SSO Setting in place, it is time to add the Epic Innovations login option to the Secure Ops login page.

To add the Epic Innovations login option to the My Domain login page [5]:

From Setup, in the Quick Find box, enter My Domain, and then select My Domain.
Under Authentication Configuration, click Edit.
Enable the Epic Innovations option.
Save the changes.

Specifying a Service Provider as a Connected App

A connected app that implements SAML 2.0 for user authentication can be set up to integrate a service provider with Epic Innovations org.

To set up the connected app [6, 7]:

From Setup, in the Quick Find box, enter Apps, and then select App Manager.
Click New Connected App
Fill in the basic information section as appropriate.
In the Web App Settings section, fill in the Start URL with the Secure Ops’ My Domain. This will redirect users to Secure Ops org when they access the connected app.
Click Enable SAML; this will allow more information to be filled in.
For Entity ID, fill in the Secure Ops’ My Domain.
For the ACS URL, which stands for Assertion Consumer Service URL, fill in Secure Ops’ My Domain. The SP’s metadata file can provide this.
For Subject Type, select Federation ID. Remember that the service provider set the Identity Type to Federation ID.
For Name ID Format, select the one that matches the NameIDFormat in the SP’s metadata file.

Add the Connected App to the App Launcher

Since the created Connected App has the start URL set up, it can be added to the app launcher for easier access. To do this:

From Setup, in the Quick Find box, enter App Menu, and then select App Menu.
Then, search the Connected App and mark it as Visible in App Launcher.

Setting up conditional access control

As stated in the requirements, users should only be able to access the Secure Ops org whenever they have open cases marked as classified. A Connected App handler will be used to fulfill this requirement. Connected App handlers can be used to customize connected apps’ behavior when invoked.

A Connected App handler is an Apex class that extends the ConnectedAppPlugin class. Here is the entire implementation for this use case.

				
					global with sharing class SecureOpsAppPlugin extends Auth.ConnectedAppPlugin
{
        global override Boolean authorize(
Id userId,
Id connectedAppId,
Boolean isAdminApproved,
Auth.InvocationContext context
    ){
        // get the number of open cases the user has
        Integer i = [
SELECT COUNT() FROM Case
WHERE
Status!='Closed' AND Type='Classified' AND OwnerId=:userId
   ];
        
        // if the user has one or more cases open, authorize access
        return (i > 0);
    }
}

As mentioned earlier, the created class extends the ConnectedAppPlugin class. In this case, the authorized method is overridden. This method permits the specified user to access the connected app [8]. The method returns a boolean indicating whether the user is approved or not to access the connected app. A value true indicates the user is authorized, and a false indicates that it didn’t grant access.

Since the requirements indicate that access should be denied if there are no open cases, the code runs a COUNT query to check the number of Open cases of type Classified the user has. If the user has at least one case with those characteristics, the method returns true, granting access to the connected app. Otherwise, it returns false, denying access.

Managing Users

There’s one last task before diving into the results: user management. While configuring the Single Sign-On settings, it was established that the Federation ID would be the identifier for the user logging in.

Consequently, any user logging into the Secure Ops organization via the Epic Innovations login should have a corresponding user in the Epic Innovations organization with a matching Federation ID. If a matching Federation ID is not found, the user cannot log in.

To set the Federation ID for a user:

From Setup, in the Quick Find box, enter Users, and then select Users.
Find the user and click Edit.
In the Single Sign On Information section, fill in the Federation ID field.

III. Results

To validate the implementation, let’s first try to access the Secure Ops org without any cases of type Classified open.

From the App Launcher, we select the Secure Ops Solutions connected app we created.

This redirects us to the Secure Ops organization where we have the option to log in with Secure Ops credentials or via Epic Innovations, we choose Epic Innovations.

We get an insufficient privileges error because the Epic Innovations organization doesn’t have any open cases of type Classified. So, our application handler denies access to the Secure Ops organization.

Now, let’s create a case and set the type to be Classified. Since we don’t have any other automation, the case is automatically assigned to our user. We can now try to access the Secure Ops org.

If we attempt the same process, we can log in to the Secure Ops org.

Contact us to explore our services and discover how our extensive knowledge at Oktana can assist you in launching a successful project.

Best Practices for Business Analysts: Salesforce Integration Requirements

Salesforce integration projects are becoming ever more frequent as APIs are increasingly more accessible to consume from source systems. This is relevant to business teams because it can enhance functionality significantly and improve their business processes. However, integrations between two or more systems are always complex.

The role of Business Analysts in software development projects can contribute significantly to ensuring all stakeholders and teams understand the breadth of the implementation at hand. As a Business Analyst, it is important to know how to capture these requirements meaningfully for the business to be confident going forward and for the development team to design and implement the ask with clear expectations.

How should a Business Analyst start to map requirements when an integration is involved?

If User Stories are the accepted format for requirement delivery, the acceptance criteria should always outline “what” is to be achieved and not the “how.” For example, integrating via MuleSoft to receive and display read-only data in a Custom Object should be handled by identifying the following:

Users that can see the data.
Where the data can be seen.
When the data should be seen.
Any data retrieval failures and what should happen (i.e., show this error message).

The technical team must provide all other requirements with respect to API names, data type conversions within MuleSoft, data loading, and performance. Business Analysts can, however, assist with providing a list of fields the business needs, outlining the expected field name, data type, format, restrictions, or any behavior that can be used in a Data Mapping document.

Always ensure to read through the technical documentation and understand the architecture. This must align with business requirements and serve as a checkpoint if both teams have understood each other.

What else does a Business Analyst need to consider?

Three additional aspects haven’t been mentioned that are needed for the success of an integration project:

A picture is worth a thousand words. UX designs and mockups are sometimes needed if the integration entails a custom flow in Salesforce or if the data received and subsequent behavior are complex. Designs add great value for business and technical teams by making expectations more concrete and less ambiguous.
Request at the earliest opportunity any test data that needs to be created. This can cause delays in project testing plans and releases since integrations involve dependencies on other teams.
Know integration terms like payload, API, synchronous and asynchronous integrations, HTTPs endpoints, REST, etc. This aids in both relaying the business requirements to the technical team and understanding technical requirements that might impact behavior in Salesforce.

Overall, Business Analysts add significant value to integration projects by bringing forth desired business processes and Salesforce knowledge with an understanding of how integrations are architectures, enabling a more comprehensive solution for the teams involved.

It is possible for a Business Analyst to have a “format” on how to tackle an integration project. However, this comes with experience as the nature of integration projects becomes more familiar with time, making it easier to plan and execute documentation for the project needs.

If you’re interested in BA content, check out our blog, Mastering User Acceptance Testing: A Step-by-step Guide for Business Analysts.

We Build Salesforce AppExchange Apps

Our team of Salesforce experts can help you develop a new AppExchange app from scratch, help your business migrate your existing products to AppExchange, provide support services for the apps developed, and more.

A couple of years ago, we created Tok. A flagship Salesforce app designed to help keep organizations in close contact at all times. Our app was built on Salesforce Chatter, allowing instant messaging, team messaging, and groups to connect within Salesforce. That way, conversations were safe, secure, and archived within your Salesforce instance. Your team never had to leave Salesforce to talk and collaborate. This app was our star project, used internally in daily communication and widely used by other companies.

With Tok’s success in the market, and as our team grew, so did our internal product development team; we developed more than 13 ready-to-install Appexchange apps with over 1500 downloads.

Here is a list of some of the latest apps designed by our team:

Oktana Account Map gives your users a clear view of where their customers are. See your contacts’ location, local time, and even birthday on the account page. With the ability to filter by birthdays, contacts you own, and new contacts this week – you can control how many customers are placed on the map.
Oktana Calculator & Currency Converter gives your users access to standard calculations and the ability to convert between 170 different currencies without ever needing to leave your Salesforce org. Leveraging the Alpha Vantage API, this component can be embedded in any Salesforce page.
Oktana Calendar can take your team beyond the default Salesforce Calendar component, allowing them to quickly add, edit, delete, and even color-code certain events from within any home page (or app page) in your org. Based on a responsive design, this calendar keeps up with your busy users by sending automated reminders, ensuring they’ll never miss an event. Leverage the Salesforce Calendar to help manage your team’s time more efficiently.
Oktana Contact QR quickly generates a QR code to add contacts to your phone easily. You can set the QR code to redirect to the contact record in the org or download it directly, allowing you to choose what fields to include. Leverage this component to make importing contacts easier for you and your team.
Oktana Location Map lets you quickly look up a location visually on the map; then, it automatically stores the latitude and longitude in the location record for you. This component even allows users to share their location by grabbing a Google Maps link.
Oktana Org Limits Monitor makes it easy to track org usage for developers and admins. They are easily customized to show only what’s important to you. Our developers have experienced losing track of org limits, so they designed a component that can be used anywhere.
Oktana RSS Feed brings your favorite news sources right into your org. This mobile-friendly component can be personalized with up to five RSS feeds. And most importantly, the admin retains control by setting the default feed and determining which sources are appropriate to access.
If a picture is worth a thousand words, a video is worth a million. The Oktana YouTube component lets you embed your video without any code. Admins can choose whether to embed a specific video by YouTube ID or allow users to search for videos. Every user has their viewing history stored, making it easier to locate previously watched videos.
With the Oktana Credflow component, you can now check financial account applicants’ credit scores or criminal background history in just two steps. No coding or design is required; just build flows directly as desired and obtain near-instant results.

These apps are FREE, and you can fully use these solutions without payment. If you need a custom app for your organization, we can build it for you from scratch. Check out our services.

The Strategic Role of Business Analysts in Salesforce Implementation

The successful implementation of Salesforce is crucial for many organizations, as this CRM can transform how they manage customer relationships, sales, and overall business operations. However, successful implementation is not just about buying and installing Salesforce; it’s a strategic process that requires careful planning and execution. This is where Business Analysts play a crucial role.

Business Analysts (BAs) are professionals who specialize in understanding the organization’s business needs and objectives. They are the bridge between the business and the Salesforce implementation team.

Here are some ways Business Analysts actively contribute to a streamlined Salesforce implementation.

1. Clear Requirements: BAs work closely with various departments and teams to gather and document specific requirements. They focus on new requirements and features and on helping different stakeholders identify pain points and analyze how they can be improved. As a result, a Business Analyst will help your organization to ensure that Salesforce meets your business needs based on careful discovery.

2. Communication: They are the bridge between the business and the Scrum team. They holistic understand both the technical and business worlds, enabling them to translate business requirements into Salesforce language for the Dev team’s implementation.

3. Project Planning: Business Analysts typically take the lead in defining the project’s goals, milestones, deliverables, and timelines in agreement with other roles or business counterparts. They also play a key role in risk assessment and mitigation, helping the project team identify potential challenges and develop strategies to overcome them.

4. Process Diagramming: Business Analysts love designing workflows and business processes and workflows to make your business more efficient in Salesforce.

5. Testing and Validation: Business Analysts play a dynamic role during the testing and validation phase. They typically collaborate with the QA Engineering team and Developer team to ensure everything works as expected. Moreover, a BA is responsible for User Acceptance Testing (UAT), an activity where users test and provide feedback about the developed solution; thus, a rigorous examination is carried out before sign-off.

In summary, Business Analysts play a critical role in Salesforce implementation by ensuring the platform aligns with business goals and user needs. They are involved throughout the entire implementation lifecycle, from discovery to launch and maintenance, and their ability to translate business requirements into solutions is essential for a successful Salesforce implementation.

How to Make Your Salesforce Org Secure

In our previous blog post, “One way to keep your org secure: Salesforce Health Check” we covered the built-in Salesforce Health Check tool, the benefits of running a health check, and why you and your company need one.

This blog will cover some in-depth steps you can follow as a guide if you are a Salesforce developer or Admin to make your org more secure. That being said, let’s get to it!

The Lightning Platform has been migrating from Aura components to Lightning Web Components (LWC) for some years. Even though both are still supported and can coexist on the same page and even share information, Salesforce is focusing on LWC, and we should do the same.

When you run your Health Check application, you have 3 moving parts involved:

The Salesforce org
The client (LWC)
The backend code (Apex)

We have configurations available in Setup > Security, allowing us to configure how the app runs. I recommend turning on the following options:

Require HttpOnly Attribute

Setting the HttpOnly attribute will change how an app communicates with the Salesforce server by increasing the security of each cookie the app sends. Since HttpOnly prevents cookies from being read by JavaScript, the browser can receive the cookie, but it cannot be modified in the browser.

HttpOnly is an additional flag included in the Set-Cookie HTTP response header. Using the HttpOnly flag when generating a cookie helps mitigate the risk of a client-side script accessing the protected cookie.

Enable User Certificates

This setting allows certificate-based authentication to use PEM-encoded X.509 digital certificates to authenticate individual users to your org.

Enable Clickjack Protection

You can set the clickjack protection for a site to one of these levels.

Allow framing by any page (no protection).
Allow framing by the same origin only (recommended).
Don’t allow framing by any page (most protection).

Salesforce Communities have two clickjack protection parts. We recommend that you set both to the same level.

Force.com Communities site (set from the Force.com site detail page)
Site.com Communities site (set from the Site.com configuration page)
Require HTTPS

This setting must be enabled in two locations.

Enable HSTS for Sites and Communities in Session Settings.

Enable Require Secure Connections (HTTPS) in the community or Salesforce site security settings.

Session Timeout

It’s a good idea to set a short timeout period if your org has sensitive information and you want to enforce strong security.

You can set values, including:

Timeout value
Force logout on session timeout
Disable the timeout warning popup
Enable Cross-Site Scripting (XSS) Protection

Enable the XSS protection setting to protect against reflected cross-site scripting attacks. If a reflected cross-site scripting attack is detected, the browser shows a blank page with no content. Without content, scripts cannot be used to inject attacks.

Use the Latest Version of Locker

Lightning Locker provides component isolation and security, allowing code from many sources to execute and interact using safe, standard APIs and event mechanisms. Lightning Locker is enabled for all custom LWCs and automatically updates. If you’re using Aura, check your version for compatibility.

One more thing...

I want to spend more time discussing a feature that helps us run our application even more securely. And I am talking about Salesforce Shield. Salesforce Shield allows you to run your application more securely with some features like encryption and monitoring. It adds an extra layer of confidence, privacy, and security and lets us build a new level of trust, compliance, transparency, and governance.

Salesforce Shields is composed of 3 easy to use point and clicks tools, which are:

Platform Encryption: It is designed to bring us state-of-the-art encryption while we do not lose access to key features such as search, validation rules, etc. It can derive the encryption keys from org-specific data or even import our encryption keys(adding an extra layer of control)
Monitoring Events: We often need to track specific events in our orgs (who accesses a piece of data, how the encryption keys are, who is logging, and from where). Monitoring events is the tool for it allowing us to track and access all these events and more from the API and integrate it with the monitoring tool of our choice(New Relic, Splunk, others)
Audit Trail: Some industries require us to keep track of changes in data. Turning on tracking specific fields and setting up an audit policy, we can store historical values for up to 10 years.

Conclusion

It is essential to consider security while developing apps and maintaining our Salesforce org secure. And even though it might seem complicated (and it is), incorporating the Health Check tool and salesforce shield in our development process will help us to keep our org in a good, healthy state.

You can also watch our on-demand Health Check Assessment webinar by my colleagues Zach and Heather, where they covered 4 simple steps to ensure the health of your Salesforce org.

What is a Salesforce Health Check

You got your Salesforce org – a shiny, brightening, brand-new org– ready to keep and maintain the most important information your company has: your customers’ information. Also, you start digging into the AppExchange to get those apps we love to provide a better service to your customer or the people who provide service to them. You could have needed to customize your org so it fitted with your business flow or integrate it with that legacy system which is the most important piece in your selling workflow.

As time passes, as all of us, our orgs get bigger, with more data, apps, customizations, and maybe more integrations. We are happy with all this growth as it means that our business gets bigger with more satisfied customers and more sales – in other words, more money. But it also means that our beloved org may have more security concerns that we need to focus on, and as it gets bigger and bigger, the more difficult to track the issues.

Fortunately, Salesforce provides us with a safety inspector that guides us through reviewing our security flaws and getting them fixed. So let’s understand this tool and why it is so useful to any company using Salesforce.

How does the Salesforce Health Check work?

I am not talking about Homer Simpson (we all know that if he is capable of securing a power plant, he would be an excellent Salesforce Admin).

I am talking about the Health Check tool. This automated tool lets us review in a dashboard all the issues our org has and guides us through the process of fixing them.

First, you have to be a System Administrator and go to:

Setup > Health Check > Wait a few seconds (I do not suggest going for a coffee yet)

Finally, after that wait, you will see a screen similar to this one:

On this page, you will see an overall score calculated by a Salesforce proprietary algorithm. The higher this number, the better.

Below, you’ll find the issues classified as High Risk, Medium-Risk, Low-Risk, and Informational.

For each issue, Salesforce will provide a description with the classification (critical, compliance, etc.) and either a way to fix it or informational links about how to fix it.

With all this information, you can fix Security Issues in your org more efficiently.

Watch our on-demand webinar and learn how you can improve the overall performance of your Salesforce Org by doing an Org Health Assessment.

Benefits of doing a Salesforce Health Check

Optimal System Performance

A health check evaluates your Salesforce instance’s performance and identifies any bottlenecks or areas of inefficiency. Addressing these issues ensures your system operates smoothly and responds promptly to user interactions.

Data Integrity and Quality

Review the quality and accuracy of the data stored in your Salesforce system. You can maintain reliable data supporting informed decision-making by identifying and rectifying inconsistencies, duplicates, and inaccuracies.

Security and Compliance

Addressing identified security and compliance issues during a health check is crucial to maintaining the integrity of your Salesforce instance. By proactively identifying vulnerabilities and ensuring compliance, you protect sensitive data, preserve customer trust, and mitigate legal and financial risks.

When do you need to perform a Salesforce Org Health Assessment?

Encounter errors or performance issues that hinder your operations and revenue
Looking for a seamless transition from Classic to Lightning
Require assistance with meeting new security requirements or ensuring proper user setup
Need a comprehensive diagnosis to determine the actual state of your Salesforce platform

As your business continues to evolve, your Salesforce org should evolve too; running a Health Check is one way to improve your Salesforce org health. Still, you can also run the Salesforce Optimizer, build an Adoption Dashboard, and switching to the Salesforce Lightning experience will help you increase productivity and efficiency, improving the overall performance of your org.

Make sure you run a Health Check at the proper time and the proper way. To learn more about how to keep your Salesforce org healthy, register for our webinar.