Configuration and Setup

User licenses does what?

A user license determines which features the user can access in Salesforce. For example, you can allow users access to standard Salesforce features and Chatter with the standard Salesforce license. But, if you want to grant a user access to only some features in Salesforce, you have a host of licenses to choose from. For example, if you have to grant a user access to Chatter without allowing them to see any data in Salesforce, you can give them a Chatter Free license.

Which of the following is true when salesforce acts as the identity provider to an external application

A user logged to salesforce can flow through to the external application

Protocol vs Standard

Protocol specifies the set of rules that enable systems to exchange information. Generally, the term protocol and standard are used interchangeably. Standard is a specification, a set of industry practices that vendors agree to support. Often, a standard contains a protocol to specify how the companies implement the standard.

What protocol is used for single sign-on?

SAML

The three protocols that Salesforce and other identity vendors follow to implement identity solutions.

SAML OAuth 2.0 OpenID Connect

SAML (Acronym)

Security Assertion Markup Language

main features of Salesforce Identity

Single sign-on Connected apps Social sign-on Multi-factor authentication My Domain Centralized user account management User provisioning App Launcher

Single sign-on (SSO) vs Social Sign-on

Single sign-on (SSO) enables a person to log in once and access other apps and services without logging in again. Social sign-on enables a person to log in to an app using the credentials established with a social account like Google. That app accepts the Google credentials, and the user doesn't have to create another account and password.

What can you limit at the Organization-wide default level of data access?

Specify the default level of access that users have to each others' records. You use organization-wide sharing settings to lock down your data to the most restrictive level, and then use the other sharing tools to selectively give access to other users. For example, you can give all employees access to an object called Candidate to allow anyone to add a candidate to the database. But you can restrict access to Positions so that anyone can see the jobs available but only the employees with the proper permissions can edit them.

What must be unique about a custom fields?

The custom field name and label must be unique for that object to avoid merge and display issues.

What is the default naming convention for alias

The first letter of the user's first name and the first four letters of their last name.

Sifference between an identity provider and a service provider?

The identity provider is the one authenticating the user. The service provider is asking for the authenticated identity.

What is the concept rule when it comes to concepts in the platform?

The permissions on a record are always evaluated according to a combination of object-, field-, and record-level permissions. When object- versus record-level permissions conflict, the most restrictive settings win.

What comes with profiles

a set of permissions which grant access to particular objects, fields, tabs, and records.

Centralized User Account Management

admins can manage all their user account tasks in one place. Administrators can easily grant users access to other apps and revoke or freeze access when they have to.

OpenID Connect Protocol adds what?

an authentication layer on top of OAuth 2.0 to enable secure exchange of user information. Like SAML, OpenID Connect sends identity information from one service to another.

What is a user?

anyone who logs in to Salesforce including employees at your company, such as sales reps, managers, and IT specialists, who need access to the company's records.

Role hierarchies(Records)

Give access for users higher in the hierarchy to all records owned by users below them in the hierarchy. Role hierarchies don't have to match your organization chart exactly. Instead, each role in the hierarchy should represent a level of data access that a user or group of users needs.

single sign-on (SSO)

Lets users access all authorized resources without logging in separately to each one—and without having to create (and remember) different user credentials for each app.

What does setting an object to private do?

Makes those records visible only to record owners and users above them in the role hierarchy.

Multi-Factor Authentication

Multi-factor authentication (MFA) is a Salesforce Identity feature that is required for all users who log in directly to Salesforce

SAML uses what type of protocol to send packages of information?

Ones written in XML

In the sharing model what does the Field: Private do?

Only the record owner, and users above that role in the hierarchy, can view, edit, and report on those records.

What are the four levels of data access

Organization, Objects, Fields and Records

assertion

is the information being sent. An assertion can carry detailed information about a user., returning a response—an assertion—saying, "Yes, this user is authorized, and here's some information about the user."

Object manager

is where you can view and customize standard and custom objects in your org.

standard objects

like Accounts and Contacts

Setup Menu Administration Category

manage your users and data. You can do things like add users, change permissions, import and export data, and create email templates.

Records

object database tables and are the actual data associated with an object.

What can you limit at the Role Hierarchies default level of data access?

open up access to those higher in the hierarchy so they inherit access to all records owned by users below them in the hierarchy. Role hierarchies don't have to match your organization chart exactly. Instead, each role in the hierarchy represents a level of data access that a user or group of users needs. For example, you can restrict access to Candidates by setting the organization-wide default to Private, but allow recruiters to view and edit the candidate records that they own. Recruiters can't see candidate records they don't own because recruiters are all at the same level in the role hierarchy. However, hiring managers can be given read/write access to all candidate records because they are at a higher level in the role hierarchy than recruiters.

App Launcher

p\Presents tiles for all the standard apps, custom apps, and connected apps in your Salesforce org. Your users can go to one location in Salesforce to access all apps—without having to log in again. You choose which third-party and other connected apps to add the App Launcher. And you control which apps are available to which users.

User Provisioning for Connected Apps

provides a single location where admins can create, update, delete, and manage those user accounts such as Google Apps, Office365, Concur, or Box.

chatter feed tracking

provides a way for multiple people to comment and collaborate on a particular record. The discussions and decisions are stored on the record so everyone can stay up to date on important decisions.

What user admin task can you do on the mobile device

resetting passwords, freezing users, and viewing current system status

Trailhead Playground (TP) org

safe environment where you can practice the skills you're learning before you take them to your real work. They come with all the standard app building and customization tools required to test your app development chops. You can have unto 10 at one time

When you want users to move seamlessly between Salesforce orgs and applications without logging in repeatedly you use what type of sign in

single sign-on (SSO)

Organization-wide defaults(Records)

specify the default level of access users have to each others' records. You use org-wide sharing settings to lock down your data to the most restrictive level, and then use the other record-level security and sharing tools to selectively give access to other users.

The user account identifies what 3 things?

the user, and the user account settings determine what features and records the user can access.

What do roles determine?

what users can see in Salesforce based on where they are located in the role hierarchy

When are social sign-on useful

when you want customers to be able to log in to an Experience Cloud site without having to create (and remember) a new username and password. Customers can log in to an Experience Cloud site using their Facebook or LinkedIn account.

Setup Menu Settings Category

where you manage your company information and org security. You can do things like add business hours, change your locale, and view your org's history.

What can you limit at the Record level of data access?

you can allow particular users to view an object, but then restrict the individual object records they're allowed to see.

What can you limit at the object level of data access?

you can prevent a group of users from creating, viewing, editing, or deleting any records of that object. For example, you can use object permissions to ensure that interviewers can view positions and job applications but not edit or delete them.

Fields

are columns in object database tables. Both standard and custom objects have them

Objects

are tables in the Salesforce database that store a particular kind of information

Setup Menu

gives you quick links to a collection of pages that let you do everything from managing your users to modifying security settings.

data type

indicates what kind of information your field holds.

app

is a set of objects, fields, and other functionality that supports a business process.

Org

is short for organization, and it refers to a specific instance of Salesforce

Which protocol allows secure data sharing between applications

Auth2.0

Authentication vs Authorization

Authentication means who a person is. These days, authentication is often used as shorthand for authorization and Authentication means what a person can do.

How do admins and businesses benefit from Salesforce Identity?

Convent one-click access to all apps so users can be more productive

Salesforce Identity

Let's you give the right people the right access to the right resources at the right time

In the sharing model what does the Field: Controlled by Parent do?

A user can perform an action (such as view, edit, or delete) on a record based on whether he or she can perform that same action on the record associated with it.

Sharing rules(Records)

Are automatic exceptions to organization-wide defaults for particular groups of users, so they can get to records they don't own or can't normally see. Sharing rules, like role hierarchies, are only used to give additional users access to records. They can't be stricter than your organization-wide default settings

How do you set organization-wide sharing defaults

1. From Setup, enter Sharing Settings in the Quick Find box, then select Sharing Settings. 2. Click Edit in the Organization-Wide Defaults area. 3. For each object, select the default access you want to use. (Recall the questions you answered in the previous section to help you figure out which default access setting is most appropriate.) 4. To allow employees at higher levels in the role hierarchy to access records automatically, select Grant Access Using Hierarchies for any custom object that does not have default access of Controlled by Parent.

What set of questions can you use to determine the org wide defaults for your app.

1. Who is the most restricted user of this object? 2. Is there ever going to be an instance of this object that this user shouldn't be allowed to see? 3. Is there ever going to be an instance of this object that this user shouldn't be allowed to edit?

What is required to have a my domain

1. Work in multiple Salesforce orgs in the same browser 2. Set up single sign-on (SSO) with external identity vendors 3. Set up authentication providers, such as Google and Facebook, so that your users can log in to your Salesforce org with their social account credentials

How many custom fields for each of the tabs and objects can you add

800 fields

What is a dependent picklist?

A custom or multi-select picklist for which the valid values depend on the value of another field, called the controlling field.

What is the purpose of an alias?

A short name to identify the user on list pages, reports, or other places where their entire name doesn't fit.

What does the user list show?

All the users in your organization

In the sharing model what does the Field: Public Read Only do?

All users can view and report on records but not edit them. Only the owner, and users above that role in the hierarchy, can edit those records.

In the sharing model what does the Field: Public Read/Write do?

All users can view, edit, and report on all records.

Manual sharing(Records)

Allows owners of particular records to share them with other users. Although manual sharing isn't automated like org-wide sharing settings, role hierarchies, or sharing rules, it can be useful in some situations, such as when a recruiter going on vacation needs to temporarily assign ownership of a job application to someone else.

What can you limit at the Manual Rules default level of data access?

Allows owners of particular records to share them with other users. Although manual sharing isn't automated like organization-wide sharing settings, role hierarchies, or sharing rules, it can be useful in some situations, for example, if a recruiter going on vacation needs to temporarily assign ownership of a job application to another employee.

Setup Menue Platform Tool Category

You can view and manage your data model, create apps, modify the user interface, and deploy new features to your users and manage code.

How is your orgs my domain determined?

For production orgs, if a My Domain wasn't specified during org creation, your default My Domain is based on your internal Salesforce org ID.

What can you limit at the organization level of data access?

By maintaining a list of authorized users, setting password policies, and limiting login access to certain hours and certain locations.

What is a controlling field?

Controlling fields can be any picklist (with at least one and fewer than 300 values) or checkbox field on the same record.

From the user list you can do what 5 things?

Create one or more users. Reset passwords for selected users. View a user's detail page by clicking the name, alias, or username. Edit a user's details. Log in as any user if the system permission is enabled or if the user has granted you system administrator login access.

How many profiles can a user have?

Each user can have only one profile.

What is required from Usernames

Each user has both a username and an email address. The username must be formatted like an email address and must be unique across all Salesforce organizations. It can be the user's email address, so long as it is unique.

What can you limit at the Sharing Rules default level of data access?

Enable you to make automatic exceptions to organization-wide defaults for particular groups of users, to give them access to records they don't own or can't normally see. Sharing rules, like role hierarchies, are only used to give more users access to records—they can't be stricter than your organization-wide default settings. For example, you can allow all employees to view Positions, but use sharing rules to grant full editing access to employees in a role or group called Hiring Managers.

What is the main reason to use dependent pick list?

Help users enter accurate and consistent data.

Identity provider vs Service provider

Identity provider is a trusted service that enables users to access other websites and services without logging in again. Service provider is a website or service that hosts apps and accepts identity from an identity provider.

Which orgs types are roles available in?

In Professional, Enterprise, Unlimited, Performance, and Developer editions of Salesforce.

How should you use Organization wide defaults?

These are the defaults that specify the baseline level of access that users have to records that they don't own. Configure your organization-wide defaults for what the most restricted user is allowed to access. Then use other record-level security and sharing tools (role hierarchies, sharing rules, and manual sharing) to open up the data to other users who need to access it.

How do users benefit from Salesforce Identity?

They can use one username and password to access everything they need

What are the steps to add a user

To add users: 1. From Setup, enter Users in the Quick Find box, then select Users. 2. Click New User to add a single user or click Add Multiple Users to add up to 10 users at a time. 3. Enter each user's name, email address, and a unique username in the form of an email address. By default, the username is the same as the email address, but you can overwrite this. 4. Select the user license you want to associate with the users you create (the license determines which profiles are available for each user). 5. Select a profile. 6. Select Generate passwords and notify user via email to email a login name and temporary password to each new user. 7. Click Save.

OAuth 2.0 Protocol is used for what?

To allow secure data sharing between applications. The user works in one app but sees the data from another.

What is a good reason to customize the user registration for your org or site?

To better support business processes after registration.

What can you limit at the Field level of data access?

To restrict access to certain fields, even for objects a user has access to. For example, you can make the salary field in a position object invisible to interviewers but visible to hiring managers and recruiters.

What is the max number of users you can add at one time?

Up to 10 users at a time.

How do you assign roles if you have a org with many users?

You may find it easier to assign roles when adding users. However, you can set up a role hierarchy and assign roles to users at any time.

What does each user account contain?

Username Email Address User's First Name (optional) User's Last Name Alias Nickname License Profile Role (optional)

Username and password vs Credentials

Username and password are what the user supplies to log in to a system. Credentials are basically the same thing.

What are the 5 guidelines for Adding Users?

Username: Each user must have a username that is unique across all Salesforce organizations (not just yours). Username Format: Users must have a username in the format of an email address (that is, [email protected]), but they don't have to use a real email address. (They can use their email address if they wish as long as their email address is unique across all Salesforce orgs.) Email: Users can have the same email address across organizations. Passwords: Users must change their password the first time they log in. Login Link: Users can only use the login link in the sign-up email once. If a user follows the link and does not set a password, you (the admin) have to reset their password before they can log in.

How do role hierarchy work?

Users at the top of the hierarchy can see all the data owned by users below them. Users at lower levels can't see data owned by users above them, or in other branches, unless sharing rules grant them access. Roles are optional but each user can have only one.

What happens when you enable multi-factor authentication

Users have to provide two or more pieces of evidence—or factors—when they log in. One factor is the user's username and password combination. The requirement for additional factors is satisfied through the use of a verification method that the user has in their possession, such as an authenticator app or a USB security key.

Social sign-on

Users log in to a Salesforce org with their username and password from an external authentication provider, like Facebook, Twitter, LinkedIn, or Google.

What is the simplest way to control which users have access to which data?

Using Object level data access.

What's the difference between single sign-on (SSO) and social sign-on?

With SSO, users can access services without logging in to each one. With social sign-on, users can access a service using their social account credentials.

How do you grant users more access?

With a permission set.

What happens in environments where the organization-wide sharing setting default for an object is set to private or public read only?

You can grant users more access to records by setting up a role hierarchy or defining sharing rules. Just remember, you can only use sharing rules to grant more access. You cannot use them to restrict access to records beyond what was originally specified with the organization-wide sharing defaults.

How should you give/assign user profiles

based on a user's job function (the Standard User profile is the best choice for most users). Don't give a user a profile with more access than the user needs to do their job.

What do profiles do?

determine what users can do in Salesforce