Journey to Architect - Blog Roadmap
To enhance accessibility and learning, I am also converting these videos into detailed blog posts, complete with screenshots and diagrams. The content is organized around key architect domains and various technical subjects.
Data Architecture Posts
Picklists are a great mechanism for fields with fixed value options. However, there are some situations where there are challenges with them. Adding new values requires elevated permissions and deployments. If the fixed values come in from an external system, then Picklists may not work well.
Building a Salesforce Data Model and considering how to handle two versions of the same record? How will you handle changes made to one? What about child records?
I provide a guide through two different approaches for handling Versioning.
Security Spectacular Posts
In this blog, I dive into Field Level Security and visibility. I review the different approaches to granting access to a secure field.
a) FLS on a Permission Set.
b) Dynamic Forms to control Field visibility
c) Hide visibility and display the field through an LWC.
Dive deep into the world of Permission Sets with this latest tutorial. Understand the power of "Session Activation Required" in permission sets and permission set groups. This feature offers a dynamic way to grant users specific capabilities under certain conditions. We take you through a real-world example, demonstrating how to elevate user permissions temporarily based on specific actions.
In this blog, we continue our exploration of Salesforce Security, focusing on permission sets and permission set groups. The Salesforce security landscape is evolving, and understanding these concepts is crucial for access management.
I dive into the world of Salesforce security, focusing on Profiles and Permission sets. Profiles started as the key element for User Control. However, Permission Sets came about to ease the complexity. Now, we are seeing a time when Profiles will have some redundant capabilities removed, so we should start preparing for it.
In this blog, we summarize the world of Salesforce Authentication, Authorization, and Data Sharing, providing you with a guide to understand and manage security in your Salesforce environment.
Integration Extravaganza Posts
In this blog/video, I delve deep into the realm of Salesforce APIs, your gateway to robust and seamless integrations.
We will review the many different APIs available.
There are times when the standard Salesforce REST API is not the best way to have an external client access Salesforce. This is when you may need to build a custom Apex Web Service. In this blog/video, I walk you through the basic steps for building a custom Web Service:
1. Showing how the bare bones lines of code required
2. Adding complexity for controlling the JSON and handling incoming parameters
3. Showing how to have a controlled JSON Request and Response for inserts, and also handle and communicate errors to the Client
Loading large number of records into Salesforce should be done by the Bulk API instead of the REST API.
In this blog/video, I walk through the five (5) Steps of the Bulk API and then demo it using Postman. These 5 steps can be thought of as loading data through a loading dock.
When you are in Salesforce and using Apex to make callouts to JSON Web Services, you have a choice about how you can deal with the JSON for outgoing and incoming serialization and deserialization. I cover:
1) Apex with Fixed JSON classes or structures, along with some of the benefits;
2) Apex with Dynamic Deserialization, which takes code and more effort, but can allow you to process more complex JSON;
3) How you can use Custom Meta Data to handle the incoming data dynamically, giving you a flexible system that can be modified without redeploying code.
When planning Integrations, choosing the correct approach can be dependent on the projected load. Getting this information from the business users at the start of a project can be challenging.
In this blog/video, I show how ""Steve's Number of Zeros"" approach can help the Integration Architect build reasonable estimations that can be the foundation of the integration planning.
Understanding Serialization and Deserialization is a key concept for Integration Architects; kind of like using the Transporter on Star Trek.
I walk through key concepts about how data can be moved between two different processes. Serialization creates a stream that is communicated to another process. At the end, deserialization is used to put the data into a usable format.
When making API calls, one process is the Client and one process is the Server. Like two Tango Dance Partners, each one has a different set of moves. One must understand the key responsibilities of each. This is a walk through of the different roles and responsibilities for the Client and the Server.
This is a guide through the many different ways to reach into Salesforce Core to read, write, and update data. Includes: Versioned Web Services, Non-Versioned Custom Web Services, HTTPS, Portals, and SMTP. This will give the Architect a high level view & show where to find key documentation.
This is a summary of most Salesforce Products, and how they are grouped together in their hosting. Additionally, I take you through the Salesforce Trust website and show the hosting.
Identity & Access Posts
Dive deep into the intricacies of OAuth Web Server Flow with my unique and easy-to-understand Beer Garden Analogy! This blog/video is a continuation of my Securing Identity Series, providing you with detailed insights and a step-by-step guide on how OAuth Web Server Flow operates with a third-party web server.
What you’ll learn:
-Revisiting the Beer Garden Analogy: Understand the process of obtaining access tokens with a recap of our previous analogy.
-Introducing the Burger House: Learn about the role of third party web server in the OAuth Web Server Flow.
-Step-by-Step OAuth Process: Follow the journey from requesting data to receiving it securely, involving both front-end and back-end channels.
-Key Elements of OAuth Web Server Flow: Discover the crucial components that make this flow secure and efficient.
Welcome to this guide on setting up a Salesforce Connected App for seamless OAuth integration. In this step-by-step tutorial, you’ll learn the basics of setting up a Connected App in Salesforce and accessing it through Postman using the API.
What will you learn?
-The basics of creating and configuring a Connected App in Salesforce.
-Enabling and setting OAuth scopes to manage API capabilities.
-Authenticating your app using Postman to enable API access.
Are you finding it challenging to navigate through Salesforce security and OAuth flows? Don't Worry!
In this blog/video, I simplify these complex concepts using an inventive Beer Garden analogy that makes understanding more approachable.
What’s Inside: The Beer Garden Analogy
-Explaining the details of OAuth flows within Salesforce
-Building analogy for the process of accessing secure data to ordering beer at a garden
-Introducing Key Terms: Resource Server, Resource Owner, Client, Authentication Server, and Access Token
-Clarifying the Username Password Flow
Dive into Salesforce Security & Identity with this guide! In today’s video, we summarize when to use Single Sign-On (SSO) and OAuth for different access scenarios. From direct logins to API interactions via mobile apps, get clarity on which method best secures your Salesforce access.
I summarize:
-The distinction between Direct Login, Single Sign-On, and OAuth
-Different OAuth flows for varied access scenarios
-The optimal security approach for human users, integration users, and devices
In this blog/video, we walk through the process of implementing Social Sign-on with Google Authentication in Salesforce.
What you’ll learn:
-Setting up Google as an Authentication Provider in Salesforce
-Creating and Configuring a Registration Handler Class
-Navigating and Adjusting the 'My Domain' Settings in Salesforce
-Ensuring Secure User Login with Google Authentication
Unlock the power of Salesforce Security Identity with SAML JIT (Just In Time) Single Sign-On. This video provides a dive into how SAML JIT facilitates the automatic creation and updating of user data. Discover the step-by-step process of configuring and implementing this feature to keep your user data synchronized and up-to-date across different Salesforce organizations or between an Identity Provider and Salesforce.
What you’ll learn:
-Understanding the SAML JIT Single Sign-On Mechanism
-Step-by-Step Configuration of User Data Sync
-Implementing a Custom SAML JIT Handler
-Verifying Automatic User Data Synchronization
Join me as we embark on a journey exploring SAML (Security Assertion Markup Language) and its integral role in Single Sign-On (SSO). Using Salesforce-to-Salesforce SSO as our example, we break down the steps and terminologies associated with this authentication method.
Highlights:
-Overview: Introduction to SAML and its connection to SSO.
-Diagram Walkthrough: A visual representation of Salesforce identity provider (IDP) and service provider setups.
-Key Terms: Unraveling terms like user access, redirection, SAML assertions, relay state, and more.
-The Magic Behind the Scenes: A detailed look at the back-and-forth communication, ensuring secure and seamless authentication.
-Demo: Witnessing SAML in action using the Salesforce environment
-Deep Dive: Scrutinizing the details of SAML requests and responses.
-Security: Digital signatures and their significance in ensuring a safe SSO environment.
In this tutorial, I will guide you through a comprehensive, step-by-step demonstration on how to establish Single Sign-On between two Salesforce Developer Environments.
What you'll learn:
1. Setting up two distinct Developer Environments: One as an Identity Provider and the other as a Service Provider.
2. Initial configuration of the Identity Provider followed by the Service Provider, and concluding with the final touches on the Identity Provider.
3. User configuration across both environments, connected via a Federated Id.
4. A live demonstration of a user logging into the Identity Provider and seamlessly navigating to the Service Provider without needing to sign in again.
In the realm of Salesforce, understanding the mechanics of Security and Identity with Single Sign-On (SSO), can be important. Let's delve deep into the interplay of Salesforce when it operates as a Service Provider under an external Identity Provider (IDP), highlighting the key configurations and flows.
As we progress in this series, we will delve into the technicalities and finer details. However, it's essential to have a solid understanding of these fundamental concepts before diving deeper. Stay tuned for a more in-depth exploration in my upcoming videos/blogs!
We are continuing on our enlightening journey discussing browser-based authentication and authorization. Here we are delving deeper, unraveling the intricate web of Single Sign-On (SSO) and the concept of an external Identity Provider controlling Authentication into Salesforce.
This is the second installment of my Salesforce Security Deep Dive series, where we'll be exploring various aspects of Salesforce security in a series of videos and now blogs.
In this episode, we delve into Authentication when using Salesforce as your Identity Provider. Salesforce offers a range of out-of-the-box capabilities that you can leverage within a user Profile to enhance your organization's security posture.
This is a summary for a Salesforce Security Deep Dive series with a several videos and blogs.
I introduce the concepts of Authentication and Authorization. These are shown from the perspective of a Browser (User) accessing the User Interface and a Client accessing an API.
Video Series Library
I’m striving to provide fresh content for Salesforce continuously; there are now 102 videos with loads of content on integration, data architecture, security, identity, data cloud, certifications, and introducing the new AI adventures series.
