About this document
This document provides a step-by-step guide on how to get started with the three-model package supporting the restriction, redaction, and UI-based replication models.
Before installing the package, you need to check and enable the following prerequisites:
- This is a required feature for the package installation. Enable Orders only if you need to regulate this object.
For the details on package installation, please 📃 check our documentation.
Log in to your Salesforce instance.
Create the installation URL for the InCountry Data Residency for Salesforce package by combining the following:
Address of your Salesforce instance:
Package URL path:
Install the InCountry Data Residency for Salesforce packages for Salesforce administrators.
Contact your Technical Account Manager to get the installation URL to the latest package version.
The resulting URL address for package installation should be similar to the following pattern:
Assigning permission sets
For the details on management of permission sets, please 📃 check our documentation.
Navigate to Setup > Administration > Users > Permission Sets.
InCountry Adminpermission sets to appropriate Salesforce users.
Registering certificates for request authorization
Certificate configuration is only required if your country does not support the InCountry portal self-service and, as a result, does not support OAuth2 configuration. If you plan to use OAuth2, you can skip this step.
For the details on management of certificates, please 📃 check our documentation.
Import the certificates into Salesforce:
incountry- the generic certificate for performing data requests to the InCountry Platform. This is a required certificate.
serverless- the certificate to perform resident functions. This is an optional certificate.
batch- the certificate to perform batch data operations (for data migration). This is an optional certificate.
For each certificate, please follow the next steps:
Navigate to Setup > Settings > Security > Certificate and Key Management.
Click Import from a Keystore.
Select the *.JKS certificate.
Enter the password for the imported certificate.
Enabling Identity Provider
Please enable the identity provider only if you encounter the Data Not Available error. Skip these instructions if the error does not occur.
Navigate to Setup > Settings > Identity > Identity Provider.
Click Enable Identity Provider. This action will generate a self-signed certificate.
Select the recently created self-signed certificate and click Save.
Upon confirmation in the prompted dialog box, you will see details of the identity provider setup.
Now you can proceed with the registration of the certificate.
Please do not share details of the identity provider setup with InCountry or any third party.
Configuring Remote Site settings
Navigate to Setup > Security > Remote Site Settings.
Click New Remote Site.
Enter the provided REST endpoint (for example,
https://sa-restapi-mt-01.api.incountry.io/) into the Remote Site URL box.
Please consider that the REST endpoint differs depending on the country where your regulated data is stored.
Setting up OAuth2 authentication and authorization
Before configuring OAuth2 authorization for the package, you need to create an account on the InCountry Portal.
Please follow these steps:
Configure an authentication provider for a Salesforce organization.
Create a custom metadata type for a REST API endpoint.
Register named credentials in a Salesforce organization.
Configure a custom metadata type for a Salesforce organization.
Create a self-signed certificate.
Upload the public certificate into the Salesforce service.
Registering CSP Trusted Sites
For the details on registering CSP trusted sites, please 📃 check our documentation.
Registering InCountry endpoints
For the details on management of endpoints, please 📃 check our documentation.
Click the App Launcher icon.
Locate the InCountry Endpoints section.
Click Create New Endpoint.
In the Create New Endpoint form, fill out the information about the REST endpoint and select the registered certificates.
Configuring data regulation policies
For the details on configuration of data regulation policies, please 📃 check our documentation.
Select the Salesforce object.
Select the data regulation policy.
Select the restriction type for the Salesforce object.
Specify the country for storing regulated data of the current Salesforce object.
Configuring protected fields
For the details on the configuration of protected fields, please 📃 check our documentation.
Select the Salesforce object.
Click Add Field.
Select the field that will be treated as protected, select the hash function, and adjust optional parameters if needed.
Swapping Salesforce components with InCountry UI components
To show records with protected fields according to the redaction data regulation policy, you need to swap Salesforce components with InCountry UI components. This can be achieved in the following way:
Register custom objects within the InCountry Data Residency application.
Configure the search bar to look up records in Salesforce.
Using the application
Once you have configured the application correctly, you can proceed with the management of records containing regulated data in Salesforce.