Amazon Connect for Salesforce

Amazon Connect for Salesforce is a Manage Package that helps to configure Amazon Connect Computer Telephony integration with Salesforce, it’s a very simple process to receive incoming calls and make outgoing calls right from Salesforce. Now, don’t get confused between Amazon for Salesforce and Service Cloud Voice.

AWS Contact Center is seamlessly integrated with Salesforce by Amazon Connect for Salesforce whereas Service Cloud Voice provides a more sophisticated AI-powered feature on top of the Amazon Connect for Salesforce, but not limited only to AWS Contact Center. Service Cloud Voice provides support for other Partner Telephony and lets you create a Service Cloud Voice contact center that uses a telephony provider of your choice. I will talk about Service Cloud Voice in my next article.

Amazon Connect is a highly scalable, cloud-based contact center service. The Amazon Connect CTI Adapter is the Manage Package that is designed to provide complete cloud-based integration and workflow capabilities between Amazon Connect, Salesforce Service Cloud, and Sales Cloud.

Amazon Connect for Salesforce
Amazon Connect for Salesforce

The Amazon Connect CTI integration with Salesforce consists of two components:

  • A Manage package can be installed from the below link

  • An Application deployment at your AWS instance

The full set-up guidance can be found is in the below link

Find more blogs at

Encryption in Salesforce

When we talk about Encryption in Salesforce, There are typically three kinds of encryption you may need to secure your data:

  • Encription at rest
  • Encription during transit
  • Encription during usuage

Here we will be going to talk about Encryption at rest which is provided by Salesforce Shield which provides 3 products:

  • Event Monitoring
  • Field Audit Trail
  • Encryption


Protect data at rest – Encrypt standard & custom fields, files & attachments

Natively to Salesforce features like Search, Chatter, Relationship work with encrypted data

Bring your Own Key: Customer can manage keys, Customer-driven encryption key lifecycle management

Encryption in Salesforce
Salesforce Shield

Find more details at

There are two types of Shield Encryption: Deterministic & Probabilistic. Deterministic encryption is for the field which you need in the where clause in a query but the Probabilistic type ensures extra security than the Deterministic type.

Don’t get confused between Classic encryption and Shield platform encryption, Classic encryption is also provided on top of the platform with no cost but it doesn’t support the Standard field, File, also it provides 128 bit AES and user access to the encryption field is managed by permission set

Salesforce Unlock Package

There are three kinds of packages one can build in the Salesforce platform, Out of which Salesforce Unlock Package is very powerful for the use-case of project deployment, release management, and CICD.

  1. Manage Package: Metadata is IP Protected, distributed via AppExchange
  2. Unmanage Package : Metadata is not IP Protected, you can protect via password but not a good way of working
  3. Unlock Package: Metadata elements are not locked, use it for modular development

Salesforce Unlock package provides a great way for modular development and release, Best suited for Multi org rollout of core functionalities. The diagram below illustrates the unlock packaging and release via Salesforce CLI. Core reviews can also be automated using Salesforce CLI Scanner plug-in using PMD v6.38.0, ESlint v6.8.0, and RetireJS v2.2.5. My blog on Salesforce Code Review Process has more details on that

It’s Source driven development and deployment mechanism comes with Platform, no-cost, fully integrated with developer IDE VS Code

Salesforce Unlock Package
Salesforce Unlock Package

Refer to the Salesforce developer guide to get your hands dirty

Salesforce Experience Cloud and Record Sharing

Salesforce Experience Cloud has three types of user licenses that are intended as long-term replacements for the legacy portal licenses and these licenses have different capabilities for Salesforce Experience Cloud and Record Sharing to ot’s users.

  • Customer Community — for high-volume user. upper cap 10M
  • Customer Community Plus — role-based Customer Community license, upper cap 2M
  • Partner Community — For Sales Partner, upper cap 2M

Below decision tree will help to decide the right Community license for your organization

Choose the Right Community License

Record Sharing to Experience Cloud User

There Is only one feature in Salesforce to share a record with a Customer Community user: Sharing Set. The other sharing options are only available to the Customer Community Plus or Partner Community license via Groups, Roles

Sharing Set: Grant a user access to records based on affiliation with the user’s contact or account. A relation with Account or Contact is a must to share the object record via Sharing ser. The rule is something like for a requirement share the cases which are raised by a community user User.Contact=Case.Contact

Sharing Set

Share Group: Members of this share group can access any records owned by high-volume portal users in the associated sharing set. Note that members’ access to the records is not restricted to the objects defined in the sharing set.

Use share groups to share records owned by an external user (Customer Community or High-Volume Customer Portal ) with internal users, partner users, or other Customer Community users in the same account.

Share Group

Sharing Rule: Just like other Salesforce internal users, Owner and Criteria-based sharing rules can be used to share records within the Partner Community and Customer Community Plus.

Apex sharing is not available for Customer Community users, only available to the Customer community plus or Partner Community license
Role Hierarchy: Partner Community and Customer Community Plus can have Role Hierarchy, max 3 roles (Executive, Manager and User) and then Executive reports to Internal Channel Manager.

Delegate External User Administration

If partner organizations have many users, you can delegate user administration to external users within their own Account, access is given in their Profiles

Super User Access to a Partner User or CC+

grant access to all records for the account to certain users. Super users can get insights into the records of other partner users who are at their role level or below them in the role hierarchy. Superusers can access records according to their level of permission. For example, if a manager with full access to cases is granted Super User Access, then they can view and edit cases of other managers and their direct reports. A different manager who has read-only access to cases can only view the cases of other managers and their direct reports, even as a Super User. Available for Partner Community, Customer Community Plus

Delegated Account Management

Give external users the power to manage account members and account brand information. Available for Partner Community, Customer Community Plus

Community License and Object Access

Salesforce File

Salesforce File and Data Model

In this article, we will be going to give a few important information about Salesforce File. The lightning experience uses Salesforce Files for any Content, Attachments, Files, Content, and Documents. The internal object name is ContentDocument. Salesforce File and Data Model

ContentDocument object represents a document that has been uploaded to a library in Salesforce CRM Content or Salesforce Files

Salesforce File and Data Model
Content Document Object Model

Now the ContentDocumentLink object represents the link between a Salesforce CRM Content document, Salesforce file, or ContentNote and where it’s shared. A file can be shared with other users, groups, records, and Salesforce CRM Content libraries

Use this object to query the locations where a file is shared or query which files are linked to a particular location. For example, the following query returns a particular document shared with a Chatter group

  • Point to note that both ContentDocument and ContentDocumentLink objects are not customizable, you cannot add custom fields.
  • Use the ContentDocumentLink  object to query the locations where a file is shared or query which files are linked to a particular location. For example, the following query returns a particular document shared with a Chatter group

SELECT ContentDocument.title FROM ContentDocumentLink WHERE ContentDocumentId = ‘069D00000000so2’ AND LinkedEntityId = ‘0D5000000089123’

  • The ContentDocumentLink object supports triggers 

These are the few important settings when you enable File in a Salesforce organization

If you are using File Connect then the external files (like from Google Drive, SharePoint, Box etc) can be connected to Salesforce.

For more articles, please visit

Salesforce Code Review Process

There are many AppExchange tools for Salesforce Static code analysis, few of the market leaders are SonarQube, CheckMarx, CodeScan. PMD (Programming Mistake Detector) is also a popular option. These tools help the Release Manager in Salesforce Code Review Process.

I will not go through each tool’s capability rather highlight my opinion and comparison between two of my personal favorite CodeScan and PMD; Paid vs Open Source. And Lastly want to cover Salesforce CLI Scanner which can be a viable alternative.

Salesforce Code Review Process
  1. PMD has a set of built-in rules available for both Apex and Visualforce pages. Static ruleset with define priority n PMD for Apex.

2. Finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth

3. Supports Salesforce Apex & Visualforce

4. Plugin for VS Code, ANT build, Eclipse 

5. It is Open-source which doesn’t have any licensing cost

Major drawback – The scan doesn’t review Lightning and LWC Components.

Salesforce Code Review Process

CodeScan Features

  1. Codescan is an end to end code analysis solution to ensure quality and security of Salesforce orgs 2.
  2. 350+ security and quality rules for Apex, Visualforce, Lightning and Metadata
  3. IDE plugins helps developers to get the review on real time to address any issues with the code quality
  4. 4.Integrates directly with Salesforce and all popular CI/CD pipelines, Integration with Jira
  5. Covers Lightning Component and Javascript related issues and standards.
  6. Easy to configure/modify a ruleset as needed
  7. It is not open source. License cost is involved. Self-host or cloud plan

CodeScan SFDX Plugin
IDE Plugins
Azure DevOps
Bitbucket Pipelines
GitHub Actions

Code Quality check with the Salesforce CLI Scanner

The Salesforce CLI Scanner plug-in is a unified tool for static analysis of source code. Developer can install the plug-in on a local developer machine or integrate it into a CI/CD process to scan the code.

It can be seamlessly integrated with Salesforce dx release management to automate the code review process.

Salesforce CLI Scanner plug-in uses PMD v6.38.0, ESlint v6.8.0, and RetireJS v2.2.5 at this moment. Salesforce is actively implementing new features to further improve Salesforce CLI Scanner.

PMD is a source code analyzer that allows for static analysis of code written in a number of supported languages, including Java, Apex, and Visualforce. It’s built-in rules detect common flaws in code, such as empty catch blocks or unused variables.

ESLint is a popular linting tool for JavaScript. It provides numerous static analysis rules that help developers write quality code.

RetireJS is an engine that analyzes a project’s third-party JavaScript dependencies and identifies those that have known security vulnerabilities

Plugin Design
Salesforce CLI Scanner

Salesforce Einstein Analytics Deployment

Salesforce Einstein Analytics Deployment: Salesforce Einstein Analytics components can be deployed in orgs via three ways:

If the Einstein Analytics components will be deployed to a related org then Change set is the best option.
Else Package-based metadata deployment using VS Code is the freeware to carry out the deployment.

There are deployment tools like AutoRabit, Copado Gearset etc who supports Einstein Analytics component deployment seamlessly but the assumption here is customers don’t have a license of any of those tools.

Before starting, please make sure who is carrying out the deployment has the below permission

  • Manage Analytics
  • API enabled
  • Modify Metadata
  • Modify All Data

Below is the package.xml

  • Security Predicates update is a post deployment manual task

Connect to the source org from VS code and retrieve the components using the above xml. Then connect to the destination org and deploy.

Please be cautious about any component override.

Change set based deployment link

Salesforce: Send Email delivery to Gmail, Yahoo

Let’s consider a use-case of this problem:

The customer is using email2case. When customers send an email to the support email ( like then a case is successfully created. Now, from Console when an Agent replies back to the customer from Feed->Send mail the email is NOT reaching the customer.


1. Create DKIM key in Salesforce

2. publish the CNAME and alternate CNAME to the DNS server. You may need to involve your infrastructure IS and email domain admin

3. Once done, wait for few hours and activate the DKIM key in Salesforce. 

4. Next is to have Salesforce SPF added in your DNS’s SPF records. Below is the article for reference:
Include Salesforce in Your SPF Record

5. Once you have activated DKIM and SPF, we recommend you to disable the below deliverability settings:
– ‘Activate bounce management’
– ‘Enable compliance with standard email security mechanisms’

Salesforce: email notifications from corporate email domain

If you want to send email notifications (like case status change, Lead creation) to the customers from your corporate email for branding or don’t want to expose the sales or service personal email then

  1. Create a service emailbox in the corporate email service
  2. go to Salesforce Organization-Wide Addresses
  3. Set User Selectable Organization-Wide Email Addresses and get it verified
  4. This email address will then automatically be avaialble for selection in workflow email alert and flow email alert.

This’s it. Customers will get the notification from the defined corporate branded email id

Salesforce: File transfer through Einstein BOT

Options to transfer File through Salesforce Einstein BOT

Currently, there is no file upload functionality in the einstein chatbot – between Bot and a Customer. A file transfer facility is available between Agent and Customer, by transferring chat from Einstein bot to Agent and then Agent can request the customer to transfer file by sending a link to transfer file.

A customer can’t upload a file until you initiate the file transfer by clicking the file transfer icon. This restriction helps prevent customers from uploading unsolicited or potentially dangerous files into the chat.

Salesforce: File transfer through Einstein BOT
Salesforce: File transfer through Einstein BOT

The is an idea to allow file transfer through Einstein BOT: