InCountry logo
mobile-nav
Search
  • Products
    • Platform
      • Overview
      • Compliance and security
      • How it works
      • For SaaS
      • For internal apps
    • Gateways
      • Email
      • HTML
      • Payments
      • Web Forms
  • Solutions
    • Energy
    • Financial services
    • Healthcare
    • Retail
    • Technology
  • Integrations
    • SaaS
      • Cegid
      • Intertrust
      • Mambu
      • PayPal
      • Salesforce
      • Segment
      • ServiceNow
      • Stripe
      • Twilio
      • Veeva Systems
    • IAAS
      • InCountry on Alibaba Cloud
      • InCountry on Yandex.Cloud
  • Resources
    • Country compliance
    • Documentation
    • Library
    • Partners
    • Pricing
  • About
    • Blog
    • Careers
    • Contact Us
    • FAQ
    • Leadership
  • Login
  • Schedule a Demo

›Administrator's guide

Home
  • InCountry Platform
Portal
  • Getting started
  • Documentation
    • Dashboard
    • Managing environments
    • Managing clients and integrations
    • Managing Border configuration
    • Managing serverless scripts
    • Managing file imports
    • Managing profile and organization
    • Managing users
    • Managing secret keys
    • Managing recommendation modules
    • Managing subscription
  • Release notes
Border
  • Documentation
  • Release notes
REST API
  • Documentation
  • How to test CRUD requests through REST API
  • Release notes
Serverless
  • Documentation
Salesforce
  • About
  • Overview
  • Quick start guide for three-model package
  • Quick start guide for legacy package
  • Administrator's guide
    • Managing the package
    • Managing permissions
    • Managing OAuth2 authentication and authorization
    • Managing certificates
    • Registering CSP Trusted Sites
    • Managing InCountry Endpoints
    • Managing REST endpoints
    • Managing InCountry flags
    • Loading the application
    • Managing data regulation policies
    • Managing protected fields
    • Hashing the UserName field
    • Managing custom objects
    • Replacing standard elements
    • Configuring record search
    • Managing components
    • Setting up Salesforce Experience Cloud
    • Managing serverless functions
    • Managing InCountry cache
    • Managing Apex triggers
    • Managing record synchronization
    • Using Email-to-Case feature
    • Debugging
  • Developer’s guide
    • Apex SDK
    • JavaScript API
    • Retrieving record statistics
    • Tracking field history
  • User's guide
    • Working with protected fields
    • Sending compliant email messages
    • Importing data into Salesforce
    • Migrating records
    • Managing audit reports
    • Converting leads
    • Managing reports
    • FAQ
    • Release notes
Payment Vault
  • Documentation
BYOK
  • Documentation
FAQ
  • How to use the InCountry platform
  • Integration options
  • Data regulation models
  • Limits and quotas
  • Video tutorials
Service Status
  • Status

Managing protected fields

note

Management of protected fields is identical for the three-model package and for the legacy package.

PROTECTED fields (regulated fields) are fields that contain information that may be used to identify the person. Due to regulations of different countries, such information must be protected, and in some situations stored in the origin country.

For each Salesforce object, you can define the PROTECTED fields that store the personal identifiable information (PII) or any sensitive information users choose to localize. Such fields will be processed by the package according to the configured data store policy.

Managing PROTECTED fields

The package lets you manage PROTECTED fields as follows:

  • Add PII fields for each Salesforce object

  • Delete the no longer needed PROTECTED fields for each Salesforce object

On the menu, select Settings. The page with the app settings loads, as follows:

Settings

Here you need to select the Salesforce object which PROTECTED fields will be added for.

Adding PROTECTED fields

  1. Select the Salesforce object which PROTECTED fields you want to add.

    Adding PROTECTED fields

  2. Click Add Field. The Add PII Fields form opens.

    Add Form

  3. In the Select Field box, start entering the field name. Select the field from the prompted matches.

  4. In the Hash Function box, select the hash function which will be applied to the value of the field. Ensure that the applied hash function is valid for data contained within the field, otherwise the hashed data pattern will be incorrect for storing in Salesforce. You can use the fixed hash function to apply your own custom value to hashed fields.

  5. In the Lookup relationship box, enter the lookup relationship for the current field. In Salesforce this corresponds to the Lookup Relationship Name.

  6. In the Reference field box, enter the field name which value the current field will reference.

  7. In the Reference order box, specify the order in which fields are referenced. Use the comma to separate different fields from each other.

  8. In the Lookup api name box, enter the field name of the Salesforce object for making calls to Salesforce API. In Salesforce this corresponds to the LookupObjectApiName.

  9. In the Key box, select the key if available to make the field searchable in Salesforce. You can have up to ten searchable PROTECTED and regular fields per one Salesforce object. This setting defines the field value searchability against the object and key.

  10. Check the Need to hash box to enable the hashing for the PROTECTED field. By default, it it enabled automatically when you select the hash function.

  11. Check the Is Compound box to indicate that the field is comprised of multiple fields.

  12. Check the Is Country field box to indicate that the field contains information about the country.

  13. When complete, click Add.

The newly added PROTECTED field will appear on the list with other PROTECTED fields that are attributed to the currently selected Salesforce object. These fields will be processed by the package and shown according to the configured data regulation policy.

Selecting hash functions for PROTECTED fields inline

You can select or change hash functions for PROTECTED fields inline when viewing the list of such fields for a specific Salesforce object.

  1. On the list with PROTECTED fields, locate the field for which you want to change the hash function.

  2. Hover over the field with the hash function.

    Hover over the Hash Function field

  3. Click the Edit icon.

    Select the hash function inline

  4. Select the appropriate hash function.

The selected hash function will be applied to the current PROTECTED field.

Mapping fields to hash functions

note

While configuring fields, please consider the using of the proper hash function for a specific data format. For example, if you need to tokenize the email address, you should use uniqueEmailHash function. Otherwise, email address will not be properly handled by Salesforce. For names, use the uniqueHash function.

If you use the redaction data regulation policy, you need to apply the correct hash functions to fields. Please check the mappings of hash functions to fields in the following table:

Internal Salesforce fieldUI fieldHash functionConditionsNotes
ANYTYPEN/AThis function is on our roadmap and is not available yet.
BASE64N/AuniqueHashIf the field length is greater than or equal to 50 characters.Supporting the backward compatibility.
BASE64N/Asha256If the field length is greater than or equal to 64 characters.Supporting the backward compatibility.
BOOLEANCheckbox/0defaultBoolean
CALCULATEDN/AThis function is on our roadmap and is not available yet.
COMBOBOXN/AdefaultText
CURRENCYCurrencydefaultNumberA new function is to be implemented.
DATACATEGORYREFERENCEN/AThis function is on our roadmap and is not available yet.
DATEDatedefaultDate
DATETIMEDateTimedefaultDateTime
DOUBLENumberdefaultNumberA new function is to be implemented.
EMAILEmail/80uniqueEmailHashUse the uniqueEmailHash as the main function for the Email field. It generates the unique hash every time for this field.
EMAILEmail/80sha256EmailHashUse the sha256EmailHash function to generate the same hash for the same values of this field.
ENCRYPTEDSTRINGText (Encrypted)/175This function is on our roadmap and is not available yet.
HIERARCHYN/AThis function is on our roadmap and is not available yet.
IDN/AThis function is on our roadmap and is not available yet.
INTEGERN/AdefaultNumber
LOCATIONGeolocationdefaultNumberA new function is to be implemented.
LONGN/AThis function is on our roadmap and is not available yet.
LOOKUPN/AThis function is on our roadmap and is not available yet.
MULTIPICKLISTPicklist (Multi-Select)/4099This function is on our roadmap and is not available yet.
PERCENTPercentdefaultNumberA new function is to be implemented.
PHONEPhone/40defaultTextA new function is to be implemented.
PICKLISTPicklist/255sha256A new function is to be implemented.Use the sha256 function if the pick list field is not restricted and it can take more than 64 characters. Otherwise use the defaultText function.
PICKLISTPicklist/255defaultTextA new function is to be implemented.
REFERENCELookup Relationship/18This function is on our roadmap and is not available yet.
REFERENCEExternal Lookup RelationshipThis function is on our roadmap and is not available yet.
STRINGAutoNumber/30uniqueHashIf the field length is greater than or equal to 50 characters.Preparing the backward compatibility.Use the uniqueHash function to generate a unique hash value for this field every time. Otherwise use the defaultText function.
STRINGText/255sha256If the field length is greater than or equal to 64 characters,Use the sha256 function if the field can take more than 64 characters.
STRINGdefaultTextIf the field length is less than 30 characters,
TEXTAREAText Area (Long)/32768uniqueHashIf the field length is greater than or equal to 50 characters.
TEXTAREATextArea/255sha256If the field length is greater than or equal to 64 characters,
TEXTAREAText Area (Rich)/32768defaultText
TIMETimeA new function is to be implemented.
URLURL/255sha256
URLURL/255defaultText
Specifics of the compound Address field
STRINGCity/40uniqueHash or defaultText
PICKLISTAccuracy/40defaultTextUse the sha256 if the picklist field is not restricted and its length is greater than 64 characters. Otherwise use defaultText.
PICKLISTCountry/80sha256 or defaultTextUse the sha256 if the picklist field is not restricted and its length is greater than 64 characters. Otherwise use defaultText.
PICKLISTCountryCodesha256 or defaultTextUse the sha256 if the picklist field is not restricted and its length is greater than 64 characters. Otherwise use defaultText.
DOUBLELatitude/18.15A new function is to be implemented.
DOUBLELongitude/18.15A new function is to be implemented.
STRINGPostalCode/20uniqueHash or defaultText
STRINGState/80uniqueHash or sha256 or defaultText
PICKLISTStateCodesha256 or defaultTextUse the sha256 if the picklist field is not restricted and its length is greater than 64 characters. Otherwise use defaultText.
TEXTAREAStreet/255uniqueHash or sha256 or defaultText

Using the fixed hash function

You can use the fixed hash function to apply custom values that you need instead of using the built-in hash functions returning random strings.

The fixed has function for PROTECTED field

This function supports the following fields types:

  1. STRING

  2. TEXTAREA

  3. PICKLIST

  4. MULTIPICKLIST

  5. COMBOBOX

  6. TIME

  7. DATE

  8. DATETIME

  9. BOOLEAN

  10. PERCENT

  11. INTEGER

  12. LONG

  13. DOUBLE

  14. CURRENCY

  15. PHONE

  16. EMAIL

  17. URL

The length of the values that the fixed hash function can apply depends on the field type.

Linking child objects to parent objects

To correctly support the links between child and parent objects, you need to set up the additional attribution for each child Salesforce object.

  1. Select the child Salesforce object.

  2. Click Add field.

  3. In the Add PII Fields form, define the following configuration:

    1. Select Field - select the field which is used to link a child object to the parent object (for example, for the Contact object this is 'AccountId').
    2. Hash Function - select 'Nothing'.
    3. Reference order - enter '0'.
    4. Lookup api name - enter the name of the parent object.
    5. Key - select the key which will provide searchability of the field.
  4. When complete, click Add.

Add PII Fields

Deleting PROTECTED fields

note

You delete PROTECTED fields from the configuration of the InCountry Data Residency for Salesforce package only. These fields will be preserved in Salesforce itself.

You can delete the not needed PROTECTED fieds from the data store policy for a specific Salesforce object. Such fields will be no longer protected by the package when showing their values in the interface of Salesforce.

  1. Select the Salesforce object which PROTECTED fields you want to delete.

  2. On the list with PROTECTED fields, locate the one you want to delete.

    Select the field

  3. Click the box with the down arrow and then select Delete.

If you want to delete all the fields from the current configuration of the selected Salesforce object, click Delete All Fields.

← Managing data regulation policiesHashing the UserName field →
  • Managing PROTECTED fields
  • Adding PROTECTED fields
    • Selecting hash functions for PROTECTED fields inline
    • Mapping fields to hash functions
    • Linking child objects to parent objects
  • Deleting PROTECTED fields
InCountry logo blue
© InCountry 2022.
All rights reserved. InCountry, Inc
  • PRIVACY POLICY
  • TERMS OF SERVICE
  • Social share
    • YouTube logo
    • Facebook logo
    • Twitter logo
    • LinkedIn
  • Column 1
    • Products
      • Platform
        • Overview
        • Compliance and security
        • How it works
        • For SaaS
        • For internal apps
      • Gateways & Vaults
        • Email
        • HTML
        • Payments
        • Web Forms
    • Solutions
      • Energy
      • Financial services
      • Healthcare
      • Retail
      • Technology
  • Column 2
    • Integrations
      • SaaS
        • Cegid
        • Intertrust
        • Mambu
        • PayPal
        • Salesforce
        • Segment
        • ServiceNow
        • Stripe
        • Twilio
        • Veeva Systems
      • IAAS
        • InCountry on Alibaba Cloud
        • InCountry on Yandex.Cloud
  • Column 3
    • Resources
      • Country compliance
      • Documentation
      • Library
      • Partners
      • Pricing
    • About
      • Blog
      • Careers
      • Contact Us
      • FAQ
      • Leadership