Quick start guide for three-model package

About this document

This document provides a step-by-step guide on how to get started with the three-model package supporting the restriction, redaction, and UI-based replication models.

Prerequisites

Before installing the package, you need to check and enable the following prerequisites:

• Orders

  • This is a required feature for the package installation. Enable Orders only if you need to regulate this object.

Package installation

1. Log in to your Salesforce instance.

2. Create the installation URL for the InCountry Data Residency for Salesforce package by combining the following:

   1. Address of your Salesforce instance: https://{your-salesforce}.lightning.force.com/.

   2. Package URL path: packaging/installPackage.apexp?p0=04t3R000000c4QQQQI (example)

3. Install the InCountry Data Residency for Salesforce packages for Salesforce administrators.

The resulting URL address for package installation should be similar to the following pattern:

https://{your-salesforce}.lightning.force.com/packaging/installPackage.apexp?p0=04t3R000000c4QQQQI

Assigning permission sets

1. Navigate to Setup > Administration > Users > Permission Sets.

2. Assign InCountry User and InCountry Admin permission sets to appropriate Salesforce users.

Registering certificates for request authorization

1. Import the certificates into Salesforce:

   1. incountry - the generic certificate for performing data requests to the InCountry Platform. This is a required certificate.

   2. serverless - the certificate to perform serverless functions. This is an optional certificate.

   3. batch - the certificate to perform batch data operations (for data migration). This is an optional certificate.

2. For each certificate, please follow the next steps:

   1. Navigate to Setup > Settings > Security > Certificate and Key Management.

   2. Click Import from a Keystore.

   3. Select the *.JKS certificate.

   4. Enter the password for the imported certificate.

   5. Click Save.

Enabling Identity Provider

1. Navigate to Setup > Settings > Identity > Identity Provider.

2. Click Enable Identity Provider. This action will generate a self-signed certificate.

3. Click the same button one more time.

4. Select the recently created self-signed certificate and click Save.

5. Upon confirmation in the prompted dialog box, you will see details of the identity provider setup.

Now you can proceed with the registration of the certificate.

Configuring Remote Site settings

1. Navigate to Setup > Security > Remote Site Settings.

2. Click New Remote Site.

3. Enter the provided REST endpoint (for example, https://sa-restapi-mt-01.api.incountry.io/) into the Remote Site URL box.

Setting up OAuth2 authentication and authorization

Before configuring OAuth2 authorization for the package, you need to create an account on the InCountry Portal.

Please follow these steps:

1. Create a new account.

2. Log in to the InCountry Portal.

3. Create a new environment.

4. Create a new Salesforce service.

5. Configure an authentication provider for a Salesforce organization.

6. Register an authentication endpoint.

7. Register a REST API endpoint.

8. Create a custom metadata type for a REST API endpoint.

9. Registering remote sites.

10. Create an authentication provider.

11. Register named credentials in a Salesforce organization.

12. Configure a custom metadata type for a Salesforce organization.

13. Create a self-signed certificate.

14. Upload the public certificate into the Salesforce service.

Registering CSP Trusted Sites

For the details on registering CSP trusted sites, please 📃 check our documentation.

Registering InCountry endpoints

1. Click the App Launcher icon.

2. Select Settings.

   

3. Locate the InCountry Endpoints section.

4. Click Create New Endpoint.

   

5. In the Create New Endpoint form, fill out the information about the REST endpoint and select the registered certificates.

   

6. Click Create.

Configuring data regulation policies

1. Select Settings.

2. Select the Salesforce object.

   

3. Select the data regulation policy.

4. Select the restriction type for the Salesforce object.

   

5. Specify the country for storing regulated data of the current Salesforce object.

6. Click Add.

Configuring protected fields

1. Select Settings.

2. Select the Salesforce object.

3. Click Add Field.

   

4. Select the field that will be treated as protected, select the hash function, and adjust optional parameters if needed.

5. Click Save.

Swapping Salesforce components with InCountry UI components

To show records with protected fields according to the redaction data regulation policy, you need to swap Salesforce components with InCountry UI components. This can be achieved in the following way:

1. Replacing tabs within apps.

   1. Configuring restrictions to tabs in user profiles.

   2. Replacing standard tabs with customized tabs.

2. Adding a custom component.

Additional configuration

1. Register custom objects within the InCountry Data Residency application.

2. Configure the search bar to look up records in Salesforce.

Using the application

Once you have configured the application correctly, you can proceed with the management of records containing regulated data in Salesforce.