InCountry logo
mobile-nav
Search
  • Products
    • Products
      • InCountry for Salesforce
      • Data Residency-as-a-Service
      • Alibaba Cloud InCountry Service
      • Compliance and security
    • Gateways
      • Email
      • Payment Vault
      • Web Forms
      • HTML
    • Developers
      • REST API
      • SDK
  • Solutions
    • Automotive
    • Energy
    • Financial services
    • Healthcare
    • Retail
    • Technology
    • Latest success story
      • IBM Consulting
  • Integrations
    • Cegid
    • Intertrust
    • MuleSoft
    • PayPal
    • Salesforce
    • ServiceNow
    • Stripe
    • Veeva Systems
    • Yandex
  • Resources
    • Country compliance
    • Documentation
    • Library
    • Partners
    • Pricing
  • About
    • News and Blog
    • Careers
    • Contact Us
    • FAQ
    • Leadership
  • Login
  • Schedule a Demo

β€ΊSalesforce

Home
  • InCountry Platform
Portal
  • Getting started
  • Documentation
    • Dashboard
    • Managing environments
    • Managing SDK credentials and services
    • Managing Border configuration
    • Managing payment vaults
    • Managing email gateways
    • Managing resident functions
    • Managing file imports
    • Managing profile and organization
    • Managing users
    • Managing encryption keys
  • Release notes
Border
  • Documentation
  • Release notes
REST API
  • Documentation
  • How to test CRUD requests through REST API
  • Release notes
Resident Functions
  • Documentation
Salesforce
  • About
  • Overview
  • Quick start guide for three-model package
  • Quick start guide for legacy package
  • Administrator's guide
    • Managing the package
    • Managing permissions
    • Managing OAuth2 authentication and authorization
    • Managing certificates
    • Registering CSP Trusted Sites
    • Managing InCountry Endpoints
    • Managing REST endpoints
    • Managing InCountry flags
    • Loading the application
    • Managing data regulation policies
    • Managing protected fields
    • Hashing the UserName field
    • Managing custom objects
    • Replacing standard elements
    • Configuring record search
    • Managing components
    • Setting up Salesforce Experience Cloud
    • Managing resident functions
    • Managing InCountry cache
    • Managing Apex triggers
    • Managing record synchronization
    • Managing web forms
    • Tracking changes to data regulation policies and regulated fields
    • Using Email-to-Case feature
    • Debugging
    • Migrating data from one Salesforce organization to another
  • Developer’s guide
    • Apex SDK
    • JavaScript API
    • Retrieving record statistics
    • Tracking field history
  • User's guide
    • Working with protected fields
    • Sending compliant email messages
    • Importing data into Salesforce
    • Migrating records
    • Managing audit reports
    • Converting leads
    • Managing reports
    • Using formula fields
    • Using frontend validations
    • FAQ
    • Release notes
Payment Vault
  • Documentation
BYOK
  • Documentation
FAQ
  • Get started with the platform
  • Integration options
  • Data regulation models
  • Limits and quotas
  • Video tutorials
Service Status
  • Status

Quick start guide for three-model package

About this document

This document provides a step-by-step guide on how to get started with the three-model package supporting the restriction, redaction, and UI-based replication models.

Prerequisites

Before installing the package, you need to check and enable the following prerequisites:

  • Orders

    • This is a required feature for the package installation. Enable Orders only if you need to regulate this object.

Package installation

note

For the details on package installation, please πŸ“ƒ check our documentation.

  1. Log in to your Salesforce instance.

  2. Create the installation URL for the InCountry Data Residency for Salesforce package by combining the following:

    1. Address of your Salesforce instance: https://{your-salesforce}.lightning.force.com/.

    2. Package URL path: packaging/installPackage.apexp?p0=04t3R000000c4QQQQI (example)

  3. Install the InCountry Data Residency for Salesforce packages for Salesforce administrators.

note

Contact your Technical Account Manager to get the installation URL to the latest package version.

The resulting URL address for package installation should be similar to the following pattern:

https://{your-salesforce}.lightning.force.com/packaging/installPackage.apexp?p0=04t3R000000c4QQQQI

Assigning permission sets

note

For the details on management of permission sets, please πŸ“ƒ check our documentation.

  1. Navigate to Setup > Administration > Users > Permission Sets.

  2. Assign InCountry User and InCountry Admin permission sets to appropriate Salesforce users.

Registering certificates for request authorization

warning

Certificate configuration is only required if your country does not support the InCountry portal self-service and, as a result, does not support OAuth2 configuration. If you plan to use OAuth2, you can skip this step.

note

For the details on management of certificates, please πŸ“ƒ check our documentation.

  1. Import the certificates into Salesforce:

    1. incountry - the generic certificate for performing data requests to the InCountry Platform. This is a required certificate.

    2. serverless - the certificate to perform resident functions. This is an optional certificate.

    3. batch - the certificate to perform batch data operations (for data migration). This is an optional certificate.

  2. For each certificate, please follow the next steps:

    1. Navigate to Setup > Settings > Security > Certificate and Key Management.

    2. Click Import from a Keystore.

    3. Select the *.JKS certificate.

    4. Enter the password for the imported certificate.

    5. Click Save.

Enabling Identity Provider

warning

Please enable the identity provider only if you encounter the Data Not Available error. Skip these instructions if the error does not occur.

Data Not Available

  1. Navigate to Setup > Settings > Identity > Identity Provider.

  2. Click Enable Identity Provider. This action will generate a self-signed certificate.

  3. Select the recently created self-signed certificate and click Save.

  4. Upon confirmation in the prompted dialog box, you will see details of the identity provider setup.

Now you can proceed with the registration of the certificate.

note

Please do not share details of the identity provider setup with InCountry or any third party.

Configuring Remote Site settings

  1. Navigate to Setup > Security > Remote Site Settings.

  2. Click New Remote Site.

  3. Enter the provided REST endpoint (for example, https://sa-restapi-mt-01.api.incountry.io/) into the Remote Site URL box.

warning

Please consider that the REST endpoint differs depending on the country where your regulated data is stored.

Setting up OAuth2 authentication and authorization

Before configuring OAuth2 authorization for the package, you need to create an account on the InCountry Portal.

Please follow these steps:

  1. Create a new account.

  2. Log in to the InCountry Portal.

  3. Create a new environment.

  4. Create a new Salesforce service.

  5. Configure an authentication provider for a Salesforce organization.

  6. Register an authentication endpoint.

  7. Register a REST API endpoint.

  8. Create a custom metadata type for a REST API endpoint.

  9. Registering remote sites.

  10. Create an authentication provider.

  11. Register named credentials in a Salesforce organization.

  12. Configure a custom metadata type for a Salesforce organization.

  13. Create a self-signed certificate.

  14. Register a self-signed certificate in REST API endpoint.

  15. Upload the public certificate into the Salesforce service.

Registering CSP Trusted Sites

For the details on registering CSP trusted sites, please πŸ“ƒ check our documentation.

Registering InCountry endpoints

note

For the details on management of endpoints, please πŸ“ƒ check our documentation.

  1. Click the App Launcher icon.

  2. Select Settings.

    Settings

  3. Locate the InCountry Endpoints section.

  4. Click Create New Endpoint.

    Create New Endpoint

  5. In the Create New Endpoint form, fill out the information about the REST endpoint and select the registered certificates.

    Create New Endpoint form

  6. Click Create.

Configuring data regulation policies

note

For the details on configuration of data regulation policies, please πŸ“ƒ check our documentation.

  1. Select Settings.

  2. Select the Salesforce object.

    Settings

  3. Select the data regulation policy.

  4. Select the restriction type for the Salesforce object.

    Add Policy Form

  5. Specify the country for storing regulated data of the current Salesforce object.

  6. Click Add.

Configuring protected fields

note

For the details on the configuration of protected fields, please πŸ“ƒ check our documentation.

  1. Select Settings.

  2. Select the Salesforce object.

  3. Click Add Field.

    Add PII Fields form

  4. Select the field that will be treated as protected, select the hash function, and adjust optional parameters if needed.

  5. Click Save.

Swapping Salesforce components with InCountry UI components

To show records with protected fields according to the redaction data regulation policy, you need to swap Salesforce components with InCountry UI components. This can be achieved in the following way:

  1. Replacing tabs within apps.

    1. Configuring restrictions to tabs in user profiles.

    2. Replacing standard tabs with customized tabs.

  2. Adding a custom component.

Additional configuration

  1. Register custom objects within the InCountry Data Residency application.

  2. Configure the search bar to look up records in Salesforce.

Using the application

Once you have configured the application correctly, you can proceed with the management of records containing regulated data in Salesforce.

AccountsDetailsRedacted

← OverviewQuick start guide for legacy package β†’
  • About this document
  • Prerequisites
  • Package installation
  • Assigning permission sets
  • Registering certificates for request authorization
    • Enabling Identity Provider
  • Configuring Remote Site settings
  • Setting up OAuth2 authentication and authorization
  • Registering CSP Trusted Sites
  • Registering InCountry endpoints
  • Configuring data regulation policies
  • Configuring protected fields
  • Swapping Salesforce components with InCountry UI components
  • Additional configuration
  • Using the application
InCountry logo blue
Β© InCountry 2022.
All rights reserved. InCountry, Inc
  • PRIVACY POLICY
  • TERMS OF SERVICE
  • Social share
    • YouTube logo
    • Facebook logo
    • Twitter logo
    • LinkedIn
  • Column 1
    • Products
      • Products
        • InCountry for Salesforce
        • Data Residency-as-a-Service
        • Alibaba Cloud InCountry Service
        • Compliance and security
      • Gateways
        • Email
        • Payment Vault
        • Web Forms
        • HTML
      • Developers
        • REST API
        • SDK
  • Column 2
    • Solutions
      • Automotive
      • Energy
      • Financial services
      • Healthcare
      • Retail
      • Technology
    • Integrations
      • Cegid
      • Intertrust
      • MuleSoft
      • PayPal
      • Salesforce
      • ServiceNow
      • Stripe
      • Veeva Systems
      • Yandex
  • Column 3
    • Resources
      • Country compliance
      • Documentation
      • Library
      • Partners
      • Pricing
    • About
      • News and Blog
      • Careers
      • Contact Us
      • FAQ
      • Leadership