Securing Salesforce Digital Experiences, Matt Meyers

30.4.202430.4.2024 • Salesforce • 0

Surprising how a book can scare me. As a Salesforce CTA I obviously know everything about the platform and its security, still Matt was able to scare me in a few first pages.

… presenting at local Salesforce Dreamin’ events, informing people about my story and showing them how a hacker performed this attack. During each session, I polled the audience to better understand their awareness of Salesforce security in general. To my surprise, I found most people were overconfident about the security of their Salesforce implementations, and only a select few even knew about this type of attack.

When a few releases back Salesforce started to limit the guest user capabilities I wasn’t happy, as probably a lot of people. We probably overused it on a few projects as a way to give unauthenticated users an extra set of functionality, starting it with ability to add and later update records in SF or just query some extra records, where the full authentication wasn’t really considered as a must and worth the money.

Blocking API access, closely monitoring which objects we giving the access to and we felt save. Untill I read this book.

Additionally, there is an option on the user profile called “API Enabled” that, when disabled, blocks all external access to these APIs. This is what we did in our case. We had “API Enabled” turned off, so as far as we knew, no one could access the data via any APIs.

Salesforce Lightning Experience, which is the user interface that powered our Salesforce Digital Experience portal, used a significant number of microservice application programming interfaces, or APIs, to display the data and user interface layouts. Salesforce did not document these APIs, as they were not designed for use directly by Salesforce’s customers.

Undocumented API, which works even when the API access is disabled? AuraEnabled classes, which means that anyone can freely call them? Grouping methods in a classes in a functional way instead of which persona should be able to use them – maybe that’s another reason why Salesforce restricted guest user to access classes unless specifically given permission.

The book is short but intense, the intro chapter lying out the story of data leak is scary, the solution looks surprisingly short and easy even though I understand it had to be a long and intense week to fix things up. And a tons of bonuses including video how you can test your site or description of all relevant settings you might want to consider when setting up the Experience Cloud.

Overall recommended reading which you can buy from Matt directly. And the related article at the Cactusforce is great read as well.

Napiš komentář, díky!

What do you know about security and SF features?

24.4.202424.4.2024 • Salesforce • 0

Another user group meeting done, this time AutoRABIT hosted us and they were generous! Chlebicky, wine, beer, juices, sweets, plates full of food.

Two speakers, which has interesting history as originaly we promoted the meeting as everything about DevOps, because what else to expect from Andrew Davis, our first confirmed speaker. Just later we found out he will be speaking about shared responsibility to security.

What Alča found out about the topic she pushed back with – you know what, last time it was MuleSoft, it is probably getting to heavy for the regular user/admin, what about something easier, specifically about the presentation you had at PolishDreamin. She was right, so I became the second speakers.

Great attendance at the end we had exactly 60 registered people and around 40 of them made it to the event, improving our KPIs for attendence rate. People I never saw or saw a long time ago, was great to catch up even though I again didn’t have time to speak with all I wanted to. Never mind, next time.

My presentation went well, longer than anticipated, the feedback I got at the end was – actually it wasn’t about features you have in Salesforce and can use but rather why not to use them. Not the intended outcome, but they were right, I was sometimes probably too negative.

Andrew spoke about the security and how we have a feeling that Salesforce will handle it because it is SaaS, where the provider is responsible. But at the end Salesforce is rather PaaS, platform on which you can build things and you will find out that more responsibility is on your side. Combined with the career changes and how hairddresser can now be Salesforce consultant it makes everything even more tricky.

We spoke about Security Posture Management and plenty of modules related to security, which are available on Trailhead. Also about his new book about flow engineering, which does NOT stand for Salesforce flow.

All in all it was such a great evening and we definitely missed you. Check the presentations and a few photos and hope to see you next time – aiming with BBQ for mid June.

Napiš komentář, díky!

Tableau breakfast

10.4.202410.4.2024 • Salesforce • 0

Organizing events should be a piece of cake for me, after all those years of user groups, CzechDreamins, fun runs and much more. Well, organizing this customers facing breakfast was another level to achieve, but fantastic experience overall.

At first we aimed on January, which feels strange with knowing the end of fiscal for Salesforce. Naturally we quickly reschedule to March, but with all the invites and approvals it was pretty to close after the end of fiscal as well, so one more slip and we finished in April, the week after Eastern.

Three speakers at the end, almost 50 registered attendees, about 50 % of them – as expected – made it to the event, and almost three hours later we can claim it a success. As we all agreed, one event won’t make it a success, we should repeat with other topic and again and again and eventually the market would be mature enough to get the message. That’s why we tentatively scheduled our next Actum’s breakfast to the beginning of June and the topic should be Slack the way you didn’t know it.

Michal Mravinac and the pyramid of decisions

Anyway, this breakfast was about Tableau, about the power of AI which came with the Tableau Pulse, about visualisation as it is half of the success, about the practical findings during implementation at P3 Logistic Parks. It was about comparing but also looking back to the history as Michal mentioned during his „you are 60 % below your numbers from last year“ which did hit him quite hard before he realized that last year there was one big deal.

Petr Korinek and how is Tableau helping them

We spoke about the comparison between Salesforce operational reporting and Tableau’s drill down possibilities, about maps, dynamic filters and much more.

Would that be something of interest for you? Let me know and happy to introduce you to our great data team.

Napiš komentář, díky!

CzechDreamin is around the corner – do you have your ticket?

3.4.202428.3.2024 • Salesforce • 0

The situation begin to be hectic as we are getting closer to the event. We sorted out the speakers (check the whole agenda on our website), still playing around whom will be the keynote speaker (finger crossed), looking for additional sponsors to help us cover the costs (can you be one of them?) but mainly looking for attendees at the moment, which means YOU!

A few things we did for the first time ever, the promotional video below is one of them. We had fun, so hopefully you’ll appreciate it as well.

There will be some relaxing activities as well, obviously coffee and tea. Especially the tea stand was a success every year so we will repeat it this time as well.

Speaking about the agenda I have no clue what to see myself again. This we were able to squeze in some „softer“ presentations – 7 deadly sins of project management, powerful start to any project, secret sause for success, equality, Figma training or how to overcome disengagement, disorientation, and distraction.

We didn’t skip the heavier topics – Data Cloud data modeling (sounds almost weird sentence with so many „data“ in), intricacies of data access, data security with Event monitoring, publicly available flows and why screen flows are the hero of Salesforce.

Admins will find somethings as well – basics of SOQL, how to hire the right person (or rather what is usually behind the scene), how to measure adoption (and improve it), how is CPQ different to standard Sales Cloud and when you need it, backups and why they aren’t the same, AI or usability.

We also have plenty for marketers. Tips for SSJS development, great browser extensions, AMPScript (a session from Salesforce Instructor!), cookies, Pardot aka Account Engagement.

All in all, there is something for everyone. Obviously meeting people from all over the world is already included, you just need to find the time during the day to do so. And something optional is getting ready for the Saturday as well, so when planning your trip don’t leave too soon.

Get your tickets while they last and see you at Prague! May 17th is the date this year.

Napiš komentář, díky!

PolishDreamin – I won an award!

27.3.202427.3.2024 • Salesforce • 0

The community conferences poping-up around the world, PolishDreamin in Wroclav and Wir Sind Ohana in Berlin are one of them in Europe. I had the privilige to present at the former one and already looking forward to attend the later one.

Poland, country which is right next to Czechia and where I basically haven’t been yet. Yes, a few business trips to Warszawa, a few team buildings, but it is still a white area for me, so when I found about this conference I was all in. Luckily my session called „Things you didn’t know you can use in your Salesforce“ has been selected and I had a valid reason to go there.

The trip was smooth with the few final kilometers which has been blocked my farmers. Not sure why, but we had similar strike at Prague a while ago, so nothing surprising and with a half an hour delay we made it to the city center.

First impressions – Wroclav is nice city, the center is really small, river around, I immediately liked it.

Dinner for speakers with great food and chats with other people I haven’t seen in a while or ever. Drinks, music and final photo.

Morning run with Johann and then taxi to the airport, as the venue was next to it. A big hall with prepared breakfast, three rooms for presentations, one room of sponsors, roughly 400 attendees, all decorated in Salesforce styles with all the characters and a bit of „forrest“ feeling.

Sharp start and full day of interesting sessions. I had the honor to sit on a CTA pannel with Johann, Ilona, Jakub, and Chetan where we shared what it takes to pass the board and how much our lives changed since then.

My own session has been scheduled at the end of the day, exhausted people fall back into their seats and almost fall asleep. Surprisingly I’ve been able to wake them up and somehow my session has been selected as the best session of the day!

See the presentation below, suprisingly all the text has been lost when uploading to Slideshare but the images are more important anyway.

Things you didn't know you can use in your Salesforce from Martin Humpolec

Ending words, star gala where they’ve been honoring the achievements within the Polish Salesforce ecosystem. As a Czech delegation we – sadly – agreed, that we cannot name so many different people in our bubble, somehow the Czech community is probably not that active or people are hidden without others knowing them. A bit sad.

Party, pizzas, Czech beer – it was a long night to finish this great conference. Definitely one where I want to return!

Napiš komentář, díky!