Category Archives: Development

Salesforce SAML SSO: A Step-by-Step Guide

This blog will cover an example use case for a SAML SSO solution, explore related concepts, and show how to implement it in the Salesforce platform.

The example use case is the following:

There are two orgs, Epic Innovations and Secure Ops, where the latter contains classified information that cannot leave the system for compliance reasons. Agents working on cases in the Epic Innovations org need some additional information available in the Secure Ops org to work on some of their cases.

Salesforce SAML SSO: A step-by-step guide

 

The requirements are:

  1. Password-Free Access

Agents should be able to log in to the Secure Ops org without re-entering their passwords.

  1. Conditional Access Control

Agents should be able to access the Secure Ops org only if they have open cases of type Classified assigned to them.

The subsequent sections are organized as follows: Section I reviews the relevant SAML SSO concepts, Section II, describes how the solution can be implemented in the Salesforce Platform, and Section III shows the implementation results.

1. SAML SSO Concepts

What is Single Sign-On?

Single sign-on (SSO) is an authentication method that enables users to access multiple applications with one login and one set of credentials [1].

SSO greatly simplifies the user experience by eliminating users needing to remember and enter different usernames and passwords for each application they use within a particular environment.

SSO is widely used in web applications and SaaS systems to streamline user authentication and improve overall security. It can be implemented using protocols such as OAuth, OpenID Connect, and SAML (Security Assertion Markup Language).

Identity Providers and Service Providers

An Identity Provider (IdP) is a trusted service that stores and verifies a user’s identity. SSO implementations use an IdP to verify the identity of the user attempting to log in. If their identity is verified, they’re given access to the system. Fig 1 shows an example of the X login page, where Google and Apple can be used as IdPs to verify a user’s identity.

Fig 1. x.com login page.

A Service Provider (SP) is an entity that provides resources or applications to an end user. In SSO, the SP relies on an IdP to verify a user’s identity. Going back to the X example, the X platform serves as an SP, providing access to the X web application, and relies on either Google or Apple to verify the user’s identity.

Salesforce is automatically enabled as an identity provider when a domain is created. After a domain is deployed, admins can add or change identity providers and increase security for their organization by customizing their domain’s login policy [2].

SAML SSO Flows

When setting up SAML SSO there are two possible ways of initiating the login process: from the identity provider or the service provider. The steps for each flow as outlined in the official Salesforce documentation [3] are described below.

Service Provider-Initiated SAML Flow

  1. The user requests a secure session to access a protected resource from the service provider. For instance, the user would like to access X, which can only be achieved by logging in.
  2. The service provider initiates login by sending a SAML request to the identity provider.
  3. The identity provider sends the user to a login page.
  4. The user enters their identity provider login credentials, and the identity provider authenticates the user.
  5. The identity provider now knows who the user is, so it sends a cryptographically signed SAML response to the service provider. The response contains a SAML assertion that tells the service provider who the user is.
  6. The service provider validates the signature in the SAML response and identifies the user.
  7. The user is now logged in to the service provider and can access the protected resource.

Identity Provider-Initiated SAML Flow

The IdP-Initiated flow is a shortened version of the SP-Initiated flow. In this case, a SAML request is unnecessary.

  1. The user logs in to the identity provider.
  2. The user clicks a button or link to access the service provider.
  3. The identity provider sends a cryptographically signed SAML response to the service provider. The response contains a SAML assertion that tells the service provider who the user is.
  4. The user is now logged in to the service provider and can access the protected resource.

II. Salesforce Implementation

Solution outline

In this blog post, the chosen solution for the sample use case involves implementing a service provider-initiated SAML SSO flow. A connected app for the Secure Ops organization will be configured within the Epic Innovations organization. This setup enables agents to be seamlessly redirected to the Secure Ops login page.

Upon reaching the Secure Ops login page, agents will be prompted to authenticate using their Epic Innovations credentials. Subsequently, the system initiates a verification process to check for any open cases of type Classified associated with the respective agent. If open cases are identified, the agents will be granted access. With open cases, they’re allowed access to the system.

Setting up Salesforce as a SAML Identity Provider

To let users access external systems and, in this case, the Secure Ops org, with their Epic Innovations credentials, the Epic Innovations org has to be enabled as an Identity provider.

To enable a Salesforce org as an IdP [4]:

  1. From Setup, in the Quick Find box, enter Identity Provider, then select Identity Provider.
  2. Click Enable Identity Provider.

Once enabled, you can click Edit to choose a certificate, Download Certificate to download the certificate, and Download Metadata to download the metadata associated with your identity provider, which contains information such as the Entity ID, Name ID Format, and other relevant information that will be discussed in the following sections.

Fig 2. Identity Provider Setup in the Epic Innovations org.

Setting up Salesforce as a SAML Service Provider

The Secure Ops org can be configured as a service provider to facilitate access to the Secure Ops organization using Epic Innovations credentials. This is achieved by creating a SAML single sign-on (SSO) setting using some information from the identity provider.

To create a SAML Single Sign-On Setting [5]:

  1. From Setup, in the Quick Find box, enter Single, and then select Single Sign-On Settings.
  2. Click New; this option allows you to specify all the settings manually. You can also create a configuration with existing Metadata Files.
  3. Fill in the relevant information as shown in the picture below.
Fig 3. Single Sign-On settings in the Secure Ops org.

Next, some of the key fields are described:

Name: Epic Innovations incorporation. This is a name that easily references the configuration. This name appears if the identity provider is added to My Domain or an Experience Cloud login page.

Issuer: A unique URL that identifies the identity provider. This was taken from the Identity Provider Setup configured in the Epic Innovations org.

Entity ID: A unique URL that specifies who the SAML assertion is intended for, i.e., the service provider. In this case, the Secure Ops domain is filled in.

Identity Provider Certificate: The authentication certificate issued by the identity provider. This was downloaded from the Identity Provider Setup configured in the Epic Innovations org.

Request Signing Certificate: The request signing certificate generates the signature on a SAML request to the identity provider for a service provider-initiated login.

Request Signature Method: Hashing algorithm for signed requests, either RSA-SHA1 or RSA-SHA256.

Assertion Decryption Certificate: If the identity provider encrypts SAML assertions, the appropriate certificate should be selected for this field. In this case, the Epic Innovations org would not encrypt the assertion, so the Assertion not encrypted option can be selected.

SAML Identity Type: This is selected based on how the identity provider identifies Salesforce users in SAML assertions. In this case, the Federation ID will be used.

SAML Identity Location: This option is based on where the identity provider stores the user’s identifier in SAML assertions. In this case, we chose Identity in the NameIdentifier element of the Subject statement. When we set up a connected app, we’ll specify this in the Epic Innovations org.

Service Provider Initiated Request Binding: This is selected according to the binding mechanism that the identity provider requests from SAML messages. In this case, HTTP POST will be used.

Identity Provider Login URL: Since HTTP POST was chosen as the request binding, the URL with endpoint /idp/endpoint/HttpPost is used. This endpoint can be found in the Identity Provider’s metadata file. Also, the corresponding endpoint for HTTP Redirect is available in this file.

Custom Logout URL: This is a URL to which the user will be redirected once logged out. Here, the Epic Innovations’ My Domain was chosen.

Adding the Epic Innovations org to the Secure Ops login page

With the SSO Setting in place, it is time to add the Epic Innovations login option to the Secure Ops login page.

To add the Epic Innovations login option to the My Domain login page [5]:

  1. From Setup, in the Quick Find box, enter My Domain, and then select My Domain.
  2. Under Authentication Configuration, click Edit.
  3. Enable the Epic Innovations option.
  4. Save the changes.
Fig 4. My Domain Authentication Configuration in the Secure Ops org.

Specifying a Service Provider as a Connected App

A connected app that implements SAML 2.0 for user authentication can be set up to integrate a service provider with Epic Innovations org.

To set up the connected app [6, 7]:

  1. From Setup, in the Quick Find box, enter Apps, and then select App Manager.
  2. Click New Connected App
  3. Fill in the basic information section as appropriate.
  4. In the Web App Settings section, fill in the Start URL with the Secure Ops’ My Domain. This will redirect users to Secure Ops org when they access the connected app.
  5. Click Enable SAML; this will allow more information to be filled in.
  6. For Entity ID, fill in the Secure Ops’ My Domain.
  7. For the ACS URL, which stands for Assertion Consumer Service URL, fill in Secure Ops’ My Domain. The SP’s metadata file can provide this.
  8. For Subject Type, select Federation ID. Remember that the service provider set the Identity Type to Federation ID.
  9. For Name ID Format, select the one that matches the NameIDFormat in the SP’s metadata file.

Add the Connected App to the App Launcher

Since the created Connected App has the start URL set up, it can be added to the app launcher for easier access. To do this:

  1. From Setup, in the Quick Find box, enter App Menu, and then select App Menu.
  2. Then, search the Connected App and mark it as Visible in App Launcher.

Setting up conditional access control

As stated in the requirements, users should only be able to access the Secure Ops org whenever they have open cases marked as classified. A Connected App handler will be used to fulfill this requirement. Connected App handlers can be used to customize connected apps’ behavior when invoked.

A Connected App handler is an Apex class that extends the ConnectedAppPlugin class. Here is the entire implementation for this use case.

				
					global with sharing class SecureOpsAppPlugin extends Auth.ConnectedAppPlugin
{
        global override Boolean authorize(
Id userId,
Id connectedAppId,
Boolean isAdminApproved,
Auth.InvocationContext context
    ){
        // get the number of open cases the user has
        Integer i = [
SELECT COUNT() FROM Case
WHERE
Status!='Closed' AND Type='Classified' AND OwnerId=:userId
   ];
        
        // if the user has one or more cases open, authorize access
        return (i > 0);
    }
}

As mentioned earlier, the created class extends the ConnectedAppPlugin class. In this case, the authorized method is overridden. This method permits the specified user to access the connected app [8]. The method returns a boolean indicating whether the user is approved or not to access the connected app. A value true indicates the user is authorized, and a false indicates that it didn’t grant access.

Since the requirements indicate that access should be denied if there are no open cases, the code runs a COUNT query to check the number of Open cases of type Classified the user has. If the user has at least one case with those characteristics, the method returns true, granting access to the connected app. Otherwise, it returns false, denying access.

Managing Users

There’s one last task before diving into the results: user management. While configuring the Single Sign-On settings, it was established that the Federation ID would be the identifier for the user logging in.

Consequently, any user logging into the Secure Ops organization via the Epic Innovations login should have a corresponding user in the Epic Innovations organization with a matching Federation ID. If a matching Federation ID is not found, the user cannot log in.

To set the Federation ID for a user:

  1. From Setup, in the Quick Find box, enter Users, and then select Users.
  2. Find the user and click Edit.
  3. In the Single Sign On Information section, fill in the Federation ID field.

 

III. Results

To validate the implementation, let’s first try to access the Secure Ops org without any cases of type Classified open.

From the App Launcher, we select the Secure Ops Solutions connected app we created.

Fig 5. Secure Ops Connected App in the App Launcher.

This redirects us to the Secure Ops organization where we have the option to log in with Secure Ops credentials or via Epic Innovations, we choose Epic Innovations.

Fig 6. Login options for the Secure Ops organization.

We get an insufficient privileges error because the Epic Innovations organization doesn’t have any open cases of type Classified. So, our application handler denies access to the Secure Ops organization.

Fig 7. Insufficient privileges error when trying to access the Secure Ops organization.

Now, let’s create a case and set the type to be Classified. Since we don’t have any other automation, the case is automatically assigned to our user. We can now try to access the Secure Ops org.

Fig 8. New case of type Classified in the Epic Innovations org.

If we attempt the same process, we can log in to the Secure Ops org.

 

Contact us to explore our services and discover how our extensive knowledge at Oktana can assist you in launching a successful project.

We Build Salesforce AppExchange Apps

Our team of Salesforce experts can help you develop a new AppExchange app from scratch, help your business migrate your existing products to AppExchange, provide support services for the apps developed, and more.

A couple of years ago, we created Tok. A flagship Salesforce app designed to help keep organizations in close contact at all times. Our app was built on Salesforce Chatter, allowing instant messaging, team messaging, and groups to connect within Salesforce. That way, conversations were safe, secure, and archived within your Salesforce instance. Your team never had to leave Salesforce to talk and collaborate. This app was our star project, used internally in daily communication and widely used by other companies. 

With Tok’s success in the market, and as our team grew, so did our internal product development team; we developed more than 13 ready-to-install Appexchange apps with over 1500 downloads.

Here is a list of some of the latest apps designed by our team:

  • Oktana Account Map gives your users a clear view of where their customers are. See your contacts’ location, local time, and even birthday on the account page. With the ability to filter by birthdays, contacts you own, and new contacts this week – you can control how many customers are placed on the map.
  • Oktana Calculator & Currency Converter gives your users access to standard calculations and the ability to convert between 170 different currencies without ever needing to leave your Salesforce org. Leveraging the Alpha Vantage API, this component can be embedded in any Salesforce page.
  • Oktana Calendar can take your team beyond the default Salesforce Calendar component, allowing them to quickly add, edit, delete, and even color-code certain events from within any home page (or app page) in your org. Based on a responsive design, this calendar keeps up with your busy users by sending automated reminders, ensuring they’ll never miss an event. Leverage the Salesforce Calendar to help manage your team’s time more efficiently.
  • Oktana Contact QR quickly generates a QR code to add contacts to your phone easily. You can set the QR code to redirect to the contact record in the org or download it directly, allowing you to choose what fields to include. Leverage this component to make importing contacts easier for you and your team.
  • Oktana Location Map lets you quickly look up a location visually on the map; then, it automatically stores the latitude and longitude in the location record for you. This component even allows users to share their location by grabbing a Google Maps link.
  • Oktana Org Limits Monitor makes it easy to track org usage for developers and admins. They are easily customized to show only what’s important to you. Our developers have experienced losing track of org limits, so they designed a component that can be used anywhere.
  • Oktana RSS Feed brings your favorite news sources right into your org. This mobile-friendly component can be personalized with up to five RSS feeds. And most importantly, the admin retains control by setting the default feed and determining which sources are appropriate to access.
  • If a picture is worth a thousand words, a video is worth a million. The Oktana YouTube component lets you embed your video without any code. Admins can choose whether to embed a specific video by YouTube ID or allow users to search for videos.  Every user has their viewing history stored, making it easier to locate previously watched videos.
  • With the Oktana Credflow component, you can now check financial account applicants’ credit scores or criminal background history in just two steps. No coding or design is required; just build flows directly as desired and obtain near-instant results.

These apps are FREE, and you can fully use these solutions without payment. If you need a custom app for your organization, we can build it for you from scratch. Check out our services.

How to Make Your Salesforce Org Secure

In our previous blog post, “One way to keep your org secure: Salesforce Health Check” we covered the built-in Salesforce Health Check tool, the benefits of running a health check, and why you and your company need one.

This blog will cover some in-depth steps you can follow as a guide if you are a Salesforce developer or Admin to make your org more secure. That being said, let’s get to it!

Salesforce org secure health check

The Lightning Platform has been migrating from Aura components to Lightning Web Components (LWC) for some years. Even though both are still supported and can coexist on the same page and even share information, Salesforce is focusing on LWC, and we should do the same. 

When you run your Health Check application, you have 3 moving parts involved:

  1. The Salesforce org
  2. The client (LWC)
  3. The backend code (Apex)

 

We have configurations available in Setup > Security, allowing us to configure how the app runs. I recommend turning on the following options: 

  • Require HttpOnly Attribute

Setting the HttpOnly attribute will change how an app communicates with the Salesforce server by increasing the security of each cookie the app sends. Since HttpOnly prevents cookies from being read by JavaScript, the browser can receive the cookie, but it cannot be modified in the browser. 

HttpOnly is an additional flag included in the Set-Cookie HTTP response header. Using the HttpOnly flag when generating a cookie helps mitigate the risk of a client-side script accessing the protected cookie.

  • Enable User Certificates 

This setting allows certificate-based authentication to use PEM-encoded X.509 digital certificates to authenticate individual users to your org.

  • Enable Clickjack Protection

You can set the clickjack protection for a site to one of these levels.

  • Allow framing by any page (no protection).
  • Allow framing by the same origin only (recommended).
  • Don’t allow framing by any page (most protection).

Salesforce Communities have two clickjack protection parts. We recommend that you set both to the same level.

  • Force.com Communities site (set from the Force.com site detail page)
  • Site.com Communities site (set from the Site.com configuration page)
  • Require HTTPS

This setting must be enabled in two locations. 

Enable HSTS for Sites and Communities in Session Settings.

Enable Require Secure Connections (HTTPS) in the community or Salesforce site security settings.

  • Session Timeout

It’s a good idea to set a short timeout period if your org has sensitive information and you want to enforce strong security.

You can set values, including: 

  • Timeout value
  • Force logout on session timeout
  • Disable the timeout warning popup
  • Enable Cross-Site Scripting (XSS) Protection

Enable the XSS protection setting to protect against reflected cross-site scripting attacks. If a reflected cross-site scripting attack is detected, the browser shows a blank page with no content. Without content, scripts cannot be used to inject attacks. 

  • Use the Latest Version of Locker

Lightning Locker provides component isolation and security, allowing code from many sources to execute and interact using safe, standard APIs and event mechanisms. Lightning Locker is enabled for all custom LWCs and automatically updates. If you’re using Aura, check your version for compatibility.

One more thing...

I want to spend more time discussing a feature that helps us run our application even more securely. And I am talking about Salesforce Shield. Salesforce Shield allows you to run your application more securely with some features like encryption and monitoring. It adds an extra layer of confidence, privacy, and security and lets us build a new level of trust, compliance, transparency, and governance.

Salesforce Shields is composed of 3 easy to use point and clicks tools, which are:

  1. Platform Encryption: It is designed to bring us state-of-the-art encryption while we do not lose access to key features such as search, validation rules, etc. It can derive the encryption keys from org-specific data or even import our encryption keys(adding an extra layer of control)
  2. Monitoring Events: We often need to track specific events in our orgs (who accesses a piece of data, how the encryption keys are, who is logging, and from where). Monitoring events is the tool for it allowing us to track and access all these events and more from the API and integrate it with the monitoring tool of our choice(New Relic, Splunk, others)
  3. Audit Trail: Some industries require us to keep track of changes in data. Turning on tracking specific fields and setting up an audit policy, we can store historical values for up to 10 years.

Conclusion

It is essential to consider security while developing apps and maintaining our Salesforce org secure. And even though it might seem complicated (and it is), incorporating the Health Check tool and salesforce shield in our development process will help us to keep our org in a good, healthy state.


You can also watch our on-demand Health Check Assessment webinar by my colleagues Zach and Heather, where they covered 4 simple steps to ensure the health of your Salesforce org. 

What is a Salesforce Health Check

You got your Salesforce org – a shiny, brightening, brand-new org– ready to keep and maintain the most important information your company has: your customers’ information. Also, you start digging into the AppExchange to get those apps we love to provide a better service to your customer or the people who provide service to them. You could have needed to customize your org so it fitted with your business flow or integrate it with that legacy system which is the most important piece in your selling workflow.

As time passes, as all of us, our orgs get bigger, with more data, apps, customizations, and maybe more integrations. We are happy with all this growth as it means that our business gets bigger with more satisfied customers and more sales – in other words, more money. But it also means that our beloved org may have more security concerns that we need to focus on, and as it gets bigger and bigger, the more difficult to track the issues.

Fortunately, Salesforce provides us with a safety inspector that guides us through reviewing our security flaws and getting them fixed. So let’s understand this tool and why it is so useful to any company using Salesforce.

How does the Salesforce Health Check work?

I am not talking about Homer Simpson (we all know that if he is capable of securing a power plant, he would be an excellent Salesforce Admin). 

power plant health check homero
Source: miro.medium.com

I am talking about the Health Check tool. This automated tool lets us review in a dashboard all the issues our org has and guides us through the process of fixing them.

First, you have to be a System Administrator and go to:

Setup > Health Check > Wait a few seconds (I do not suggest going for a coffee yet)

Finally, after that wait, you will see a screen similar to this one:

On this page, you will see an overall score calculated by a Salesforce proprietary algorithm. The higher this number, the better.

Below, you’ll find the issues classified as High Risk, Medium-Risk, Low-Risk, and Informational.

For each issue, Salesforce will provide a description with the classification (critical, compliance, etc.) and either a way to fix it or informational links about how to fix it. 

With all this information, you can fix Security Issues in your org more efficiently.

Watch our on-demand webinar and learn how you can improve the overall performance of your Salesforce Org by doing an Org Health Assessment

Benefits of doing a Salesforce Health Check

Optimal System Performance

A health check evaluates your Salesforce instance’s performance and identifies any bottlenecks or areas of inefficiency. Addressing these issues ensures your system operates smoothly and responds promptly to user interactions.

Data Integrity and Quality

Review the quality and accuracy of the data stored in your Salesforce system. You can maintain reliable data supporting informed decision-making by identifying and rectifying inconsistencies, duplicates, and inaccuracies.

Security and Compliance

Addressing identified security and compliance issues during a health check is crucial to maintaining the integrity of your Salesforce instance. By proactively identifying vulnerabilities and ensuring compliance, you protect sensitive data, preserve customer trust, and mitigate legal and financial risks.

When do you need to perform a Salesforce Org Health Assessment?

  • Encounter errors or performance issues that hinder your operations and revenue
  • Looking for a seamless transition from Classic to Lightning
  • Require assistance with meeting new security requirements or ensuring proper user setup
  • Need a comprehensive diagnosis to determine the actual state of your Salesforce platform

As your business continues to evolve, your Salesforce org should evolve too; running a Health Check is one way to improve your Salesforce org health. Still, you can also run the Salesforce Optimizer, build an Adoption Dashboard, and switching to the Salesforce Lightning experience will help you increase productivity and efficiency, improving the overall performance of your org.

Make sure you run a Health Check at the proper time and the proper way. To learn more about how to keep your Salesforce org healthy, register for our webinar

Organize Your Gmail Inbox with Google Apps Script

Managing a cluttered inbox can be overwhelming and time-consuming. Fortunately, Google Apps Script provides a powerful toolset that allows you to automate tasks within Gmail, making it easier to keep your inbox organized and streamlined. In this article, we will explore how to use Google Apps Script to organize your Gmail inbox efficiently.

Visit the Google Apps Script website, and create a new project by clicking on “New Project” from the main menu. This will open the Apps Script editor, where you can write and manage your scripts.

Label and Categorize Emails

The first step in organizing your inbox is to create labels and categorize your emails based on specific criteria. For example, you can create labels for “Project B,” “Project A,” “Important,” or any other custom categories you need. Use the following code to add labels to your emails:

				
					function categorizeEmails(){
let count = 100
const priorityAddresses = [
'important@example.com'
].map((address) => `from:${address}`).join(' OR ');

const labelName = "Important"; // Replace with your desired label name
const label = GmailApp.createLabel(labelName);

while (count > 0) {
const threads = GmailApp.search(`${priorityAddresses} -has:userlabels`, 0, 10)
count = threads.length
for(const thread of threads) {
thread.markImportant();
label.addToThread(thread);
}
}
}

Archive or Delete Old Emails

Having old and unnecessary emails in your inbox can lead to clutter. With Google Apps Script, you can automatically archive or delete emails that are older than a certain date. Here’s how:

				
					function archiveOldEmails() {
  const threads = GmailApp.search("in:inbox before:30d");
  for (const thread of threads) {
	thread.moveToArchive();
  }
}

				
			
				
					function deleteUnwantedMessages() {
let count = 100
const blockedAddresses = [
'spam1@example.com',
'spam2@example.com'
].map((address) => `from:${address}`).join(' OR ');
const searchQuery = `category:promotions OR category:social OR ${blockedAddresses}`;
while (count > 0) {
const threads = GmailApp.search(searchQuery, 0, 10);
count = threads.length
console.log(`Found ${count} unwanted threads`);
for(const thread of threads) {
console.log(`Moved to trash thread with id: ${thread.getId()}`)
thread.moveToTrash();
}
}
console.log("Deleting messages complete.");
}

Reply to Important Emails

It’s essential to respond promptly to crucial emails. With Google Apps Script, you can set up a script that automatically sends a reply to specific emails based on their sender or subject. Here’s a simple example:

				
					function autoReplyImportantEmails() {
  const importantSender = "important@example.com"; // Replace with the email address of the important sender
  const importantSubject = "Important Subject"; // Replace with the subject of important emails

  const threads = GmailApp.search(`is:unread from: ${importantSender} subject:${importantSubject}`);
  const replyMessage = "Thank you for your email. I will get back to you shortly.";

  for (const thread of threads) {
	threads[i].reply(replyMessage);
  }
}

Schedule Your Scripts

Once you have written your scripts, schedule them to run automatically at specific intervals. To do this, go to the Apps Script editor, click on the clock icon, and set up a time-driven trigger. You can choose to run the script daily, weekly, or at any custom frequency that suits your needs.

Conclusion

Organizing your Gmail inbox with Google Apps Script can significantly improve your productivity and reduce the time spent on email management. With the ability to label and categorize emails, archive or delete old messages, and automatically respond to important emails, you can maintain a clutter-free and efficiently organized inbox. Explore the power of Google Apps Script, and tailor your scripts to suit your unique email management requirements.

 

Read more about the latest tech trends in our blog.

Migrate from HubSpot to Salesforce this 2023

Migrating to Salesforce can unlock the power of advanced CRM functionality, enabling your business to optimize sales and marketing processes, improve collaboration, and drive growth. This article will explore why migrating from HubSpot to Salesforce can be a game-changer for your businesses, enabling you to achieve higher efficiency, scalability, and success. So let us tell you when, why, how, and more!

Key indicators that it's time to upgrade and transition from HubSpot to Salesforce

1. When business growth outpaces HubSpot’s capacity, struggling to keep pace with the expanding demands of upgrading to Salesforce becomes crucial.

2. In situations requiring advanced sales and marketing features, Salesforce provides a tailored suite of tools for enhanced efficiency and improved outcomes.

3. The need to integrate with a diverse range of third-party applications, systems, or tools has become more important as your business has grown in complexity.

Third party integrations Salesforce

4. When needing advanced reporting, analytics, and visualization features to gain deeper insights into sales and marketing performance, Salesforce’s powerful reporting tools and customizable dashboards can provide the necessary analytics capabilities.

Check out this recent HubSpot to Salesforce migration and customer testimonial.

Why Migrate from HubSpot to Salesforce?

Why Migrate from HubSpot, Zendesk, or any other CRM platform to Salesforce

Advanced Sales and Marketing Functionality

Salesforce empowers teams to enhance processes and achieve better outcomes. Businesses gain access to a comprehensive suite of tools and features specifically designed to drive sales and marketing success.

Customization and Scalability

A highly flexible platform that can seamlessly suit any business’s specific and unique needs. From customizing workflows and automation rules to designing personalized user interfaces, Salesforce allows your company to create a CRM system that aligns perfectly with their requirements and grows alongside your organization.

Integration with Business Systems

By migrating, companies can achieve a unified and interconnected infrastructure, enabling efficient data flow, automated workflows, and comprehensive insights across different departments and functions. This integration capability enhances productivity, data accuracy, and decision-making within the organization, ultimately leading to improved operational efficiency and customer satisfaction.

Robust Reporting and Analytics

With Salesforce’s advanced reporting functionalities, businesses can create custom reports and dashboards, track key performance indicators (KPIs), and gain valuable insights into their sales, marketing, and customer service efforts. Additionally, Salesforce’s AI-powered analytics tools, such as Einstein Analytics, provide advanced predictive and prescriptive analytics, helping businesses uncover hidden patterns, identify potential risks or opportunities, and take proactive measures.

Industry-Leading Support and Community

Whether troubleshooting technical issues, addressing implementation challenges, or seeking guidance on best practices, Salesforce’s support team can assist organizations throughout their migration and beyond.

Technical considerations to ensure a smooth and successful migration process

Migrating from one CRM platform to another requires careful planning and care of various technical aspects:

Data Audit

Organizations should conduct a comprehensive data audit to assess the quality, completeness, and accuracy of their existing data in HubSpot. This step helps identify any data inconsistencies or gaps that must be addressed before the migration.

Data Mapping and Cleansing

Analyze the data structure and fields in HubSpot and Salesforce to accurately map corresponding data during migration. Also, during this process, the consultant must identify any inconsistencies or discrepancies in data formats, naming conventions, or data types and address them before the migration.

Migration Tools

Choosing the right technology for migrating to Salesforce is essential to ensure a successful and efficient transition. It is important to carefully evaluate migration requirements such as data volume, transformation complexity, and loading speed to select the most appropriate tool. The correct choice can streamline the migration process, minimize errors, and optimize the performance of the final system in Salesforce.

Some technologies you can consider in this phase are:

Data Loader: Versatile tool that allows loading large volumes of data into Salesforce from various sources, such as external databases. It is efficient for massive migrations and offers advanced programming and automation options.

Data Import Wizard: A simpler and user-friendly tool is ideal for smaller migrations or less technical users. It enables quick and easy data loading from CSV or Excel files, although it has limitations regarding data volumes and customization options.

Bulk API: Powerful option for large-scale migrations. It enables loading massive amounts of data into Salesforce through batch operations, delivering optimal performance and increased efficiency in time and resources. Bulk API is beneficial when processing substantial volumes of data within a limited timeframe, as it leverages Salesforce’s parallel processing capability.

Data Security and Privacy

As a leading CRM platform, Salesforce adheres to industry best practices and compliance standards to ensure data protection. It is essential to define access controls and user permissions in Salesforce. Provides granular control over user permissions, allowing administrators to define roles, profiles, and data access settings to enforce data privacy.

Customizations and Workflows

Understanding the current configurations will help determine how they can be replicated or optimized in Salesforce. This evaluation includes identifying dependencies on specific features or functionalities in HubSpot and finding equivalent or alternative solutions within Salesforce’s ecosystem. During migration planning, it is essential to involve key stakeholders and subject matter experts from both HubSpot and Salesforce teams. This collaboration ensures a comprehensive understanding of the customizations in Salesforce.

Integration with Third-Party Systems

By evaluating the available integration options in Salesforce, such as pre-built connectors or APIs, businesses can identify the most suitable approach to seamlessly connect Salesforce with other business-critical systems. By taking a proactive approach and planning the migration of custom integrations, companies can minimize disruptions and maintain the integrity of data and functionality. 

User Training and Adoption

Knowledge transfer is key to your project. Developing a comprehensive training plan that familiarizes users with the Salesforce interface, features, and functionalities is essential. This plan should include various training sessions, documentation, and resources to help users adapt and maximize the new system’s potential. Salesforce partners like Oktana can significantly facilitate knowledge transfer during migration. They can provide expert guidance and training tailored to the business’s needs, ensuring users have the necessary skills to navigate Salesforce effectively.

Testing and Validation

It is crucial to set up a dedicated testing environment within Salesforce. This environment allows businesses to validate the migrated data, customizations, workflows, and integrations before the final migration. Establishing a structured testing plan covering various migration aspects is essential. This plan should outline specific test scenarios, expected results, and steps to reproduce issues.

Success Case Studies Migrations done by Oktana

High Tech company HubSpot to Salesforce Data & Process Migration

Our customer is a data analytics company that transforms complex data into valuable insights for business decision-makers. As the company expanded and added more processes, the complexity of the CRM grew exponentially, and leaders decided to migrate to Salesforce to increase usability and update all data. The new CRM would also require more functionality and customizations to include a sales management process.

Virtual Events Platform company CRM Migration to Salesforce

We partner with a global virtual event venue company that provides multiple interactive areas optimized for connecting and engaging. This start-up company boosted sales during the COVID-19 pandemic. They decided to change their CRM from HubSpot to Salesforce. This required migrating all their data to Salesforce and recreating all processes and workflows they were already using.

In a nutshell

The decision to migrate from HubSpot to Salesforce requires careful consideration and planning. While the process may pose challenges, it can be successfully executed while maintaining sales and marketing team productivity and ensuring a high data transfer success rate. Key factors include thorough team training on the new system, creating a detailed migration plan, and testing the setup before proceeding with the final migration. By carefully considering these factors and selecting the most suitable approach, your business can successfully migrate from HubSpot to Salesforce, unlocking the potential for improved sales and marketing operations within the organization.

At Oktana, we specialize in CRM system migrations and offer our expertise to guide you through decision-making and address any detailed questions. Schedule a meeting with one of our experts. 

Creating a Conversational Bot with ChatGPT, MuleSoft, and Slack

Can we create a fully functional conversational bot that leverages the power of a Large Language Model (LLM)? The answer is a resounding yes!

In this post, we’ll guide you through the process of building a robust and interactive conversational bot from scratch. If you have a fresh OpenAI account, it’s possible to utilize 100% free accounts and software since OpenAI gives us $15 of credit to try it. If not, you must add credits to your OpenAI account, but it’s inexpensive for this sample app.

We’ll use MuleSoft, Slack, and the state-of-the-art ChatGPT to make it happen. Unlike traditional NLP systems, ChatGPT is an LLM designed to understand and generate human-like text. This makes it extremely useful for various language-processing tasks.

So, buckle up and join us as we reveal the secrets to creating an intelligent bot that leverages the advanced capabilities of ChatGPT, an LLM that can enhance team collaboration and productivity, and deliver a seamless user experience. Let’s dive in!

Note: The accounts and software used in this post could have some limitations since MuleSoft gives us trial accounts.

The main purpose it’s that you understand and learn the basics about:

  • Implementation of OpenAI REST API (we’ll be using ChatGPT-3.5-turbo model)
  • How to create a simple backend integration with Anypoint Studio.
  • How to realize an integration with Slack.

Pre-requirements

  • Anypoint Studio’s latest version.
    • Once you installed Anypoint Studio and created a new Mule Project, we need to install the Slack Connector, you just need to access the Anypoint Exchange tab, and then you will be able to search for and install the connector.
  • Anypoint Platform trial account, you can create a 30 days trial account.
  • A Slack Bot installed on a Channel.
  • An OpenAI account with available credit. Remember, OpenAI gives us $15 if it’s your first account. If you previously registered on the OpenAI platform, then you will need to add a balance to your account. However, following this guide and creating your sample application, will be really cheap.

Once we have everything installed and configured, we can proceed with getting the corresponding authorization tokens that we will need along with our integration. Save these in your mule-properties .yaml file.

OpenAI API Key

Once you have created your account on OpenAI, you will be able to access your account dashboard, where you will see a tab labeled “API Keys”. Here, you can generate your secret key to make requests to the OpenAI API. Simply click on “Create new secret key”, copy the key, and save it to a text file.

Slack Oauth

On your Slack application, you should have already configured your bot inside a channel on Slack. If you don’t know how to do it, you can follow this guide. On Bot’s scope configuration, enable ‘channels:read’, ‘chat:write:bot’, and ‘channels:history’. 

This screenshot it’s an example of how looks the interface, you will have your own client ID and Client Secret:

Configuration properties

You can use this sample file for your mule-properties .yaml file, you just need to replace your own KEYS and IDs.

The Integration

Now that we have our Bot created in Slack, and our API Key on the OpenAI dashboard, you start getting an idea about the roles of each system and which is the missing piece that connects them all, that’s right, it’s MuleSoft’s Anypoint Platform.

The Project Structure

The project is divided into a main flow, and 3 flows, divided according to functionality. We need to do some things between receiving and replying to a message from a user on Slack. Please see the image below, and each block’s explanation.

Main Flow

  1. This Mule flow listens for new messages in a Slack channel using the slack:on-new-message-trigger component. The channel is specified using the ${slack.conversationId} property. A scheduling strategy is set to run the flow every 5 seconds using the fixed-frequency component.
  2. Next, the flow checks if the message received is from a user and not from the bot itself. If the message is from the bot, the flow logs a message saying that it is the bot.
  3. The incoming message is then transformed using the DataWeave expression in the Transform Message component. The transformed message is stored in the incomingMessage variable, which contains the user, timestamp, and message text. 
    • If the message is from a user, the incomingMessage.message is checked to see if it equals “new”. If it does, the finish-existing-session-flow is invoked using the flow-ref component. If it doesn’t equal “new”, the check-session-flow is invoked with the target set to incomingMessage.

Overall, this flow handles incoming messages in a Slack channel and uses choice components to determine how to process the message based on its content and source.

The finish-existing-session-flow and check-session-flow are likely other flows in the application that handle the logic for finishing existing sessions or checking if a new session needs to be started.

Finish existing session flow

  • “Finish-existing-session-flow”: terminates the previous session created by the user.

Check session flow

This flow called “check-session-flow” checks if a user has an existing session or not, and if not, it creates one for the user. The flow follows the following steps:

  1. Check if a user has an existing session: This step checks if the user has an existing session by looking up the user’s ID in an object store called “tokenStore”.
  2. Check array messages user: This step checks the object store “store_messages_user” to see if there are any messages stored for the user.
  3. Choice Payload: This step uses a choice component to check if the payload returned from step 1 is true or not.
    • When Payload is true: If the payload from step 1 is true, this step retrieves the existing session ID from the “tokenStore” object store and sets it as a variable called “sessionId”. It also retrieves any messages stored for the user from the “store_messages_user” object store and sets them as a variable called “messageId”. Finally, it logs the “messageId” variable.
    • Otherwise: If the payload from step 1 is not true, this step sets a welcome message to the user and stores it in the “store_messages_user” object store. It generates a new session ID and stores it in the “tokenStore” object store. Finally, it sets the “sessionId” variable and generates a welcome message for the user in Slack format.
  4. At the end of the flow is where we interact with OpenAI API, calling a flow named “make-openai-request-flow”.

The steps in this flow ensure that a user’s session is properly handled and that messages are stored and retrieved correctly.

Make OpenAI request flow

The purpose of this flow is to take a user’s message from Slack, send it to OpenAI’s API for processing, and then return the response to the user via Slack. The flow can be broken down into the following steps:

  1. Transform the user’s message into a format that can be sent to OpenAI’s API. This transformation is done using DataWeave language in the “Transform Message” component. The transformed payload includes the user’s message, as well as additional data such as the OpenAI API model to use, and a default message to send if there is an error.
  2. Log the transformed payload using the “Logger” component. (Optional, was used to check if the payload was loaded correctly)
  3. Send an HTTP request to OpenAI’s API using the “Request to ChatGPT” component. This component includes the OpenAI API key as an HTTP header.
  4. Store the user’s message and OpenAI’s response in an object store using the “Store message user” component. This allows the application to retrieve the conversation history later. (please read more about this on OpenAI documentation. This will help to keep the conversation context that a user has with ChatGPT since messages are stored with roles: “user” and “assistant”.).
  5. Transform the OpenAI response into a format that can be sent to Slack using the “Make JSON to send through Slack” component. This component creates a JSON payload that includes the user’s original message, the OpenAI response, and formatting information for Slack.
  6. Send the Slack payload as an ephemeral message to the user using the “send answer from chatGPT to Slack” component.
  7. As the final step, we delete the original message sent by the user, as we are using ‘Ephemeral messages’, since the Bot is deployed on a channel, the messages are public, with ‘Ephemeral messages’ we can improve the privacy on the messages sent on the Slack channel.
    1. Create a payload to delete the original message from Slack using the “payload to delete sent messages” component.
    2. Send a request to delete the original message from Slack using the “delete sent message” component. 

By following these steps, the MuleSoft application can take a user’s message from Slack, send it to OpenAI’s API, and return the response to the user via Slack, while also storing the conversation history for later use.

This was created and tested with these versions:
Mule Runtime v4.4.0
Anypoint Studio v7.14
Slack Connector v1.0.16

Why you should Integrate Shopify with Marketing Cloud

Choosing the right platform to build your online business is a very important decision to make. Power technology infrastructure must be integrated into your site to support the customer buying journey and drive your customers toward a conversion. Integrating Shopify with Salesforce Marketing Cloud will help your business increase customer engagement, provide a personalized experience, and much more benefits that will help you generate conversions and optimize the journey of your customers.

How does it work?

In order to integrate Shopify and Marketing Cloud, you will need MuleSoft, to help exchange customers, products, and order data between both platforms. A tracking code is installed in your Shopify store that syncs product views and other actions taken in your store with Marketing Cloud. This allows you to generate reports, send customized emails throughout the entire shopping cycle, and have a 360-degree view of your customers so your team can create a more personalized experience, resulting in more engagement, more sales, and less investment.

overview shopify and salesforce marketing cloud demo

Benefits of the Integration

Personalized Shopping Suggestions Powered through Einstein AI

Every time your customer creates a Shopify account, they’re automatically added to your database so you can decide (depending on their behavior) the best email campaign or flows to include them in.

For example: Bob creates an account in your company’s online store and then he made a purchase. Now he receives a personalized order confirmation email with the details of his purchase and additional product recommendations based on his shopping interests.

These product recommendations are generated through Einstein AI, with customer data such as previous purchases, browsing history, and other significant shopping patterns.

Abandoned Cart Reminders Personalized with Shopify Data

With this integration, your customers can receive a customized email whenever they added products to their shopping cart, but didn’t complete the purchase. This feature allows you to configure personalized flows, so you won’t have to worry about losing a sale. Simply set up the amount of time you wish to remind your customers about their pending shopping carts, and the email will be automatically sent from Marketing Cloud.

Create Custom Marketing Campaign Flows

With Marketing Cloud, you can easily create and customize marketing campaign flows to reach your customers throughout different stages of the buying cycle. As mentioned above, you can create flows for abandoned shopping carts and email purchases. Flow can also be configured for newsletters, sales promotions and whatever email marketing approach fits your strategy.

How does a Guided Send work in Marketing Cloud?

  1. Create the email template and define your audience.
  2. Select the data extension option so you’re able to send an email to all of your target audience.
  3. Finally, select the email address from which the campaign would be sent
    Just follow these three simple steps, and you too can send email campaigns to your selected Shopify subscribers.

Track Success in Real-Time with Marketing Cloud Dashboard

With the Marketing Cloud dashboard, you get all the information you need to track the success of your campaigns in one centralized dashboard. With this integration, you and your team can access real-time performance results and statistical Shopify data for all of your campaigns on every email sent.

Some of the information you can access includes:

  • Behavior: clicks, forwards, and purchases.
  • Conversions and new subscribers
  • Email Activity: analyze which section performs better based on real-time results.
  • Delivery Data: number of emails sent and bounce rate
  • Engagement Data: open rate and click-to-open rate
  • Email Performance Data: conversion funnel and engagement distribution
  • Insights on best-performing emails, subscriber journeys, and engagement histories

Is this something you or your company need?

We have a team of experts ready to help you. Our technical team has partnered on multi-product, cross-cloud integrations with over 8 years of experience building on the Salesforce platform. We are experienced and confident in implementing third-party integrations. We can connect any application, technology, or system to Salesforce.

If you have any doubts about this integration being the right fit for your organization, don’t hesitate to contact our Sales team at [email protected] for more information.

Salesforce Integration Best Practices

Index

What can we do to avoid a Salesforce integration failure?
THIS is the problem behind this article.

A lot of investment goes into a system integration, such as money, time, planning, and strong expectations. Salesforce has over 2,500 integrations and applications available to make your life (or your customer’s life) easier. So why not take advantage of it in the best way possible?

In this article, you will learn how to manage your integration in the best way possible by handling all major factors and acknowledging the Want to avoid a Salesforce integration failure? We will show you how to manage all factors behind Salesforce Integrations Best Practices.

Basics

First, let’s go back to basics. What is an integration?

A Salesforce integration happens when two or more systems come together through a process that facilitates functions or procedures that were once separate. By doing so, all their data is easier to handle by means of multiple, now connected, processes and systems running hand in hand.

Think about it for a second. It’s quite weird to find a system nowadays that is fully isolated.

Dealing with integrations is an essential part of a Salesforce technologist’s job. Hence, becoming skilled in this process means performing the integration faster, with little to no errors, while recognizing that the systems should stay ​​malleable and accessible to other future integrations.

Did you know?

An essential part of any integration is the famous API, an Application Programming Interface. The API is essential because it works as a software intermediary between the applications to communicate with each other.
Without it, there would be no interaction and integration between the systems.

In order to build a good integration and have it perform to the best of its ability, you need to consider all the factors that affect its proper functioning. There are many, but for this example, we will highlight timing. To put it simply, be certain that your processes run to a suitable clock. Whether you choose a synchronous or asynchronous one, would depend mainly on the integration type.

And to help you remember how they work here is a graphic to keep handy…

Security Comes First

As it should be, security is one of the most important factors when it comes to Salesforce integrations. Plenty of factors affect security, but what matters most is taking care of what may have undue access or even harm your integration pattern, your data, as well as your customer’s data. Security elements that typically manage firewalls, forward proxy, reverse proxy, encryptions, and the WS protocol, prevent your system from being invaded by harmful disruptions in the following ways:

  • Countering attacks
  • Managing your sensitive information
  • Protecting your online identity
  • Handling authentications
  • Throttling

Even with all their help, security measures are still number one in our list of best practices and should be counted as primary for each individual project. Brushing them aside as a routine step should be avoided at any cost. For more information, consult security considerations.

Salesforce Integration Patterns

Salesforce patterns and the requirements behind your project, go hand-in-hand. Therefore, patterns need to be carefully understood to handle them better. Makes sense, right? 

Before going ahead, think about timing, direction, security measures, and anything else that impacts their correct functioning. To learn more about patterns, their type, timing, and patterns to consider, consult the Salesforce Pattern Selection Guide.

Now that you have a better understanding of what patterns are, let’s go over some simple factors and the questions affecting each.

  • Since Salesforce needs to perform processes based on the response it receives, the first factor to consider is keeping track of transactions being followed.
  • Timing, as mentioned previously, is also an important factor. Check if it should be synchronous vs asynchronous. Do the processes need to be in real-time vs near real-time?
  • Ultimately, there are a few other elements to manage, such as integrating declaratively or not, the size of your message, how to protect against unforeseen situations (ex. your external system going down), and all matters related to the Salesforce contract.


The platform being used can also be a factor that alters patterns and integrations. We recommend using MuleSoft. You can design, build, customize, and integrate your APIs faster thanks to its one-in-all platform that also allows testing, grants you pre-build assets, and lets you discover more APIs to expand your reach. There are other resources like Informatica and Jitter that should also work nicely. However, MuleSoft is a formidable contender in terms of data management, customization, and customer experience. You won’t be disappointed.

Common Mistakes

From not handling the scope of your project, to losing sight of all the requirements –  it’s human to miss the beat and lose track of what is really at stake. Keeping track of things can save you time, money, and stress. We know you know this, but it’s never a bad idea to have some useful reminders. 

Here you’ll find some tips to make your life easier and avoid common yet foreseeable mistakes… 

Check your to-do list.

  • Before getting started, be mindful of activating and deactivating the corresponding components. Improper activation may disturb both your implementation and your team’s workflow.
  • Pay attention to workflows, triggers, as well as conflicts and discrepancies with mapping data fields, types, and structures. 
  • Be careful not to duplicate worthless data. Do the dishes! Have everything neat and ready before and after integrating your systems. 
  • Choose the right system architecture. Take your time to select the right system since it is a crucial decision that may cost you more in the long run. 
  • Check if you need to consider any future customizations that will influence key decisions, such as the integration type, pattern, security measures, and others specific to your implementation. 

Don’t lose track of things.

  • This may sound obvious, but having a clear idea of what you’re about to implement will always be the first step to take into account.
  • Be mindful of objectives and priorities that may save you from having to go back and start over from scratch. 
  • We recommend asking for help from a consultant if necessary. Help is never a bad idea.
  • Whoever is responsible for implementing the integration needs to be mindful of every activity, commit, and comma –  in order to avoid serious problems in the long run. 
  • Whenever there is a need to change or customize your work, be sure to keep things in order and your documentation will become a lifesaver. 
  • Keep in mind that Rome wasn’t built in a day. Your integration will go through phases that can be thwarted by early avoidable mistakes.

Summary

After understanding the importance of what an integration really is, and the role of the API behind it, we know that security comes first. The security elements that typically manage tools like firewalls and proxies have a crucial role to play and shouldn’t be left aside. 

Choosing the right pattern, architecture, and platform is also important. They all influence each other. Any integration is different in itself and should be respected as such. 

Finally, remember that checking your to-do list and keeping track of things will save you lots of headaches down the road. Try to maintain everything as neat and sorted as you can, from activating and deactivating components, to managing documentation and your integration’s lifecycle.

At Oktana, we’re both Salesforce and MuleSoft partners, skilled at Salesforce integrations, including Heroku and Slack. With certifications across a wide range of Salesforce products, in addition to products like Informatica and MuleSoft, we can connect any app or system to the Salesforce ecosystem.

If you’re in need of a consultant to help expand your current resources and augment your team, don’t hesitate to contact us. Our team of Salesforce experts is here to help support your project.

Further resources