Enable SSO between 2 salesforce communities





Hello Everyone ,
I hope you all have read my recent post. Recently I have implemented SSO between 2 salesforce communities. Let’s start how I did this using salesforce’s out of the box functionality.

Use Case: one organisation was using the salesforce and salesforce community(let's name it cloudkicks) , later they acquired another organisation another company and that company was also using the salesforce and salesforce community(name it iCourier).  Now the stakeholder of the parent organisation wanted that users of their community can login directly in the acquired company’s community portal.

So in this case cloudkicks will act as Identity provider (Source organisation) and iCourier will act as service provider (Target community where we want to login).

Following steps we need to take :
1.     Enable Identity provider in source org.
2.     Enable Single Sign on in the target org.
3.     Create a connected app in the source org.

Let’s see them step by step how that will be working.
1.     Enable Identity provider in source org:
a.     If identity provider is not already enabled in org then first enable it.
 
Once we click on the enable identity provider button we will be asked to select a certificate, you can select existing one or also can create new.
 
b.     Download metadata and certificate: Once we have enabled identity provider in our source org we need to download metadata file, which will be used for enabling single sign on in the target org.
           



2.     Enable Single Sign on in the target org
a.     SAML Enabled:
b.     Create SAML Sign-On Settings: We can click on a new button and fill all the details manually,or we can use metadata file by clicking on the ‘New from Metadata file’  button. We will use a metadata file which we used from step 1.

All details will be filled automatically. We would need to make the following changes for red highlighted fields.

Request Signature Method: RSA-SHA1
Service Provider Initiated Request Binding: HTTP POST
Identity Provider Login URL: Keep it blank for now , we will come back to it later.


3.     Create connected app in the source org: We will create a connected app in the source org (cloud kicks) .
In the connected app , enable SAML, we need some information here that will be provided by target org when they enable single sign on setting.
Lets see where we can get entity url and ACS URL from the target org.Both details are available on the detail page of single sign on setting which we created in step 2.

Entity Id :

ASC URL: Is the endpoint of login url where we need to provide login access.

Once we save connected app , click on manage button and assign profiles who will be using this connected app (cloudkicks community user profile)


Now we need to copy ‘IdP-Initiated Login URL’ and put it on the single sign on settings, remember we put 1 blank value there.
Copy from the connected app

Paste on the single sign on setting page in target org.

Now we are done with the setup. We can call this url on any button click from target community (Cloudkicks) and it will allow us to login into source org community (iCourier).

Note: We can set federation Id on user detail page, make sure federation id should be same in both orgs for a user, this will be used to authenticate the user.



Connect Blogger to Salesforce - CMS


Hello All,

Before starting on the connecting blogger with salesforce I would like to highlight about what actually salesforce cms and some of its use cases.

Salesforce CMS is very simple and powerful tool.With the help of salesforce CMS user can create,manage and deliver content. It also help translation and mutlilanguage. Salesforce CMS is hybird cms, which enables us to centeralize content on a location. And embed other cms system (wordpress,drupal,blogger) data into salesforce. These systems data will be managed on the respective system itself and will reflect into salesforce.

How to connect Blogger with Salesforce:  We will use CMS connect with JSON here to connect Blogger with the salesforce.

Whitelist URL: CMS connect use CORS (Cross origin resource sharing) to access external data. we need to whitlelist public api url in the CORS and CSP both.

base url for google apis: https://www.googleapis.com

Open CMS Content for the community in which we want to show blogger data.



Click on the CMS connect and then click on the new button to create new connection.


Enter following information in the connection details section:

Name : This will be used to identify the connection, like name of any record in salesforce
CMS Source: Other (we can select any other available to make connection with them)
Connection type: Public (we are using public api with a public key)
Server URL: https://www.googleapis.com  (Make sure you have added it in the CORS and CSP)

Click on the add JSON button below in the popup. And give it a readable name.

Enter following information in the content item section. This will be used to read individual content item in the community.


Name: Blog Item
Path: blogger/v3/blogs/5011517723534616475/posts/{component}?key=AIzaSyA0ykuQ9XoVr1Q1rLYuWV8g4VUGVNJoC9E
Id Path: Field Name or Path to use as unique identifier of the content item.
Titile Path: Filed Name or path to display as title for this content item.

In the path url '5011517723534616475' is the blog id from where I will fetch my content.
{component} is used to pass component url dynamically, to make relative url in the community
key is provided by the google.  Click here to get your key from google.


Enter following information in the content list section. This will be used to fetch list of all content items.


Name: Blog Feed (It can be any relatable name)
Path: blogger/v3/blogs/5011517723534616475/posts?key=AIzaSyA0ykuQ9XoVr1Q1rLYuWV8g4VUGVNJoC9E&fetchBodies=true&maxResults=50&fetchImages=true
Node Path: items

Click on the save button. Now we need to put our dynamic content on the community.

Go to builder and drag and drop CMS connect (JSON) component on the community page where we want to display content.
Configure the following properties to display dynamic content list.


Below this we need to configure some JSON keys to display data. We can check public key by hitting the below url in the browser. This url is combination of server url (https://www.googleapis.com) and the path we put in the content list section.


Configuration for content list item layout.


Click on the save button and you can see dynamic data in component you dropped. You can publish or preview community and see all dynamic data from blogger to salesforce.

See the live demo here.



If you have any suggestion feel free to reach me out on twitter or linkedin.


Regards,
Arpit vijayvergiya
Certified Salesforce Consulant


Lightweight LWC Data Table

Hi All,
Whenever we need to show many records to user with client side filtering, sorting and pagination, most of us use the jQuery Data Tables (Which is very popular).
But in Salesforce lightning, if we are working with LWC then using jQuery gives a lot of issues for us. We need a Vanilla based Data Table which gives all these features.

  1. Client Side search on records
  2. Client Side pagination
  3. Client Side sorting
  4. Client Side page size changes


To overcome this problem in LWC, we have made one Light weighted LWC Data Table, which works similar to jQuery Data Tables.

Please look the demo:



Thanks
Aslam Bari

Some highlights by Salesforce



​Hello All,

There are some recent updates by Salesforce, which i got to know in last a few days and announced in Dreamforce 19. Just sharing it with you.

1. Dynamic Forms let you migrate fields & sections from your page layout as individual components into Lightning App Builder. Then configure them just like rest of the components on page, and give users relevant info when they need. Check it out here.

2. The Salesforce Einstein Hub is your one-stop-shop for education on how to use and get started with Einstein. Go to place to learn all about the Einstein Platform. Check it out here.

3. Secure Your Sandbox Data With Salesforce Data Mask - a new tool to help you customize, build, and test on Salesforce while protecting private data. Find out more here.

4. Einstein Voice Assistant and Einstein Voice Skills (beta Spring ’20) allows every Salesforce admin to create custom versions of the Voice Assistant for every user, whether they're a sales rep or manager, service agent, marketer etc

5.  Trailhead comes to mobile devices. Salesforce has introduced the Trailhead GO app to skill up for the future on the go. Currently, this app is exclusively for iOS and iPadOS. Click on this link to download it from Apple App Store,

6.  Salesforce With Customer 360 Data Manager, admins can register their instances of Marketing, Commerce, Service Cloud & then map customer records from each one of them into one, unified view of customer.

7. Salesforce has partnered with AWS to empower learners to skill up for the future. AWS learning content is now available on Trailhead. Check it out here.

8. Permission Set Groups is a new feature that allows Admins to combine multiple permission sets into a single permission set group for user assignment. With the grouping mechanism, admins can truly apply role-based access control for managing user entitlements in Salesforce orgs.
https://admin.salesforce.com/blog/2019/introducing-the-next-generation-of-user-management-permission-set-groups

Thank you
Ranu Bari​

Winter’20 Release Highlights




I have reviewed Winter'20 release notes by salesforce. In case you have not read the whole PDF of Salesforce Winter’20 release notes, summarized some of the need-to-know or cool Winter‘20 features.

1.      Add Lightning Web Components as Custom Tabs : Now you can add LWC as a custom tab in lightning experience app and salesforce app.
2.      Increase Productivity with Local Development for Lightning Web Components (Beta) : LWC offers local development, now no need to deploy during development and continuously changes, you can see preview on local without publishing.
3.      Hitting Apex Limits in Server-Side Actions Is More Predictable : Apex limits in Lightning components are now applied per action. Previously, the Apex limits applied across all the actions batched together  in a request.
4.      Navigate Users Directly to an App : Now you can create components that link directly to your app and to a specific page in your app.
5.      Hide the Default Label for Visualforce Pages in Lightning App Builder : Lightning app builder provides a Show Label option so that you can choose your own to hide the default label.
6.      Enforce Field-Level Security in Apex (Beta) : stripInaccessible() security feature provides field level data protection. For example, If the user doesn’t have permission to read the any  field of a Contacts object, this example code removes the subquery field before reading the records. The DML operation completes without throwing an exception.
7.      Callouts Are Excluded from Long-Running Request Limit :  HTTP callout processing time is no longer included when calculating the 5-second limit. Timer paused for the callout and resume it when callout completes.
8.      Formula Class in the System Namespace : The new System.Formula class contains the recalculateFormulas method that updates (recalculates) all formula fields on the input sObjects.
9.      Community and Portal User Visibility Are Disabled by Default in New Orgs : The Community User Visibility and Portal User Visibility settings are now disabled by default for orgs created in Winter ’20 and later that enable communities or portals. External users in portals and communities can see themselves and are visible to users above them in the role hierarchy. When Community User Visibility is enabled, communities users are visible to all other users in the communities that they are a member of. When Portal User Visibility is enabled, portal users are visible to all other portal users in the same account.
10.   Set Up Email Address Confirmations for Lightning Communities :  When Lightning Communities external users changed their email address, the email address is updated immediately. For better security, you can now make sure that the user owns the new email address before the update takes effect. Salesforce recommends that you enable email confirmations from the Identity Verification Setup page. For new orgs, email confirmations occur automatically.
11.   Use Sharing Rules to Grant Record Access to Guest Users : Control which records you allow guest users without login credentials to access. A guest user sharing rule is a type of criteria-based sharing rule that can grant Read Only access to guest users. It’s the only way that you can share records with unauthenticated users when the Secure guest user record access setting is enabled.

12.   Secure Guest Users’ Record Access with a New Setting : Secure the access that unauthenticated guest users have to your org’s data with the Secure guest user record access setting. When enabled, guest users’ org-wide defaults are set to Private for all objects, and you can’t change this access level. You also can’t add guest users to groups or queues or manually share records with them. You can grant record access only with new guest user sharing rules.
13.   Make Files on Records Visible to Customers in Communities : Now you can decide which files customers can see on records that you share with customers in your communities. By default, files on records aren’t visible to customers in communities. The new Customer Access switch on a file’s sharing detail page lets you decide when customers can see the file.
14.   Remove a File from a Record Without Deleting It Everywhere : Want to remove a file from a record but not delete it from your Salesforce org? Now you can! Previously, a file owner could delete a file from Files home or a record using row-level actions. But this method also removed the file from all records and posts where it was attached. Now you can easily remove the file from a record without also removing it from other records, posts, or Files home.

15.   Require Verification When Community Users’ Change Their Email Address : Improve security by requiring external users to confirm their community email address changes. When a community user changes an email address, you can have an email sent to the new address for confirmation. After the user clicks the confirmation link in the message, the address change takes effect. Salesforce recommends that you enable email confirmations to improve security. Sending email confirmations occurs automatically for new communities and new and existing internal users.



For detail information, you can visit here,

Salesforce Data Modelling & Application Implementation

Hi All,

As a regular practice we organize "Let's Code Together" session at iBirds Software Services Pvt. Ltd. time to time. This Saturday (21 Sep, 2019), we had seminar on Data Modelling and Application Implementation seminar on Salesforce. We chose the example of implementing a sample "Recruitment Application" in salesforce. We had the following case study before starting this seminar.


Recruitment App Case Study


‘Smart Job’ company needs their recruitment application on salesforce.

Admin / HR can perform following tasks

1.       Can create jobs
2.       View all jobs by different filters
3.       Can see all candidates
4.       Can see all applications
5.       Assign application to Interviewer for taking interview of the candidates

Interviewer can do following tasks

1.       Can see all jobs
2.       Cannot edit/create/delete jobs
3.       Can see applications only assigned to him
4.       Cannot see all candidates
5.       Can edit applications assigned to him few fields.

Candidate can do following tasks

1.       Can see all jobs
2.       Can apply for a particular job
3.       Can see all his/her applications
4.       Can delete / edit self-applications anytime
5.       Can apply only after login
6.       Can upload CV
7.       Candidates cannot see each other data

Guest user can do following tasks

1.       Can see all jobs
2.       Cannot apply on jobs

It was great get together session. Here is the recording for the seminar.


Sharepoint Integration With Salesforce

Hi Folks,
In this post, I want to address how we can integrate Sharepoint with Salesforce through Microsoft Graph API. We all know that we are in the era of cloud. We may want to connect two cloud services. So, How can we do that? Through integrating one cloud service into another cloud service. Let's start the integration. (If you want to integrate Sharepoint to other applications, convert the below code into any language that you used in your application.)

What is Sharepoint?

Organizations use SharePoint to create websites. You can use it as a secure place to store, organize, share, and access information from any device. It is a very robust content management and document management platform used by all kinds of companies, mainly for storing business-related documents and content. It is mostly used as a secure document repository for intranet portals, websites, cloud-based services, and of course as an independent repository as well.

What is the Microsoft Graph API?

Microsoft Graph is the gateway to data and intelligence in Microsoft 365. You can use the Microsoft Graph API to build apps for organizations and consumers that interact with the data of millions of users. With Microsoft Graph, you can connect to a wealth of resources, relationships, and intelligence, all through a single endpoint: https://graph.microsoft.com.

All set, let’s get started!

Register Your Application in Azure Portal

  • Sign in to the Azure Portal. (https://portal.azure.com/)
  • Go to the Azure Active Directory in the left side navigation pane.
  • 1) Click App Registrations then 2) Click New application registration.
  • Follow the below steps.
          1) Enter the Name of your application. 
          2) Choose application type as "Web App/ API". 
          3) Enter Sign-on URL like "https://mycustomdomain.my.salesforce.com".
          4) Click "Create".



  • Now you will get the registered application information. Copy and keep the Application ID somewhere we will use it later.
  • Go to settings in the top menu in your application info section.
  • Go to the Required Permissions.

 
  • Click the "Add" button to add the permissions to your application.
  • Now we have two steps to do. 1) Select an API 2) Select Permissions for that API. In our case, we need to select the "Microsoft Graph" API and in the next step, we will give permissions related to this API. 
  • Currently, I am giving "Read and write files in all site collections" permission only.  We will add more permissions later. 
  • Don't forget to click the "Done" button after adding permissions.
  • It's a time to generate Private Key for our application. Go Back to the "Settings" navigation pane. Then click "Keys". Fill the description of the key and then select expires duration. Then click the "Save" button. It will provide us a private key. Copy the key value and store it in a secure place. You won't be able to retrieve the same key after. 
  • To add more permissions to your app, go to the "App registrations (Preview)" section. Then select the app that we created recently (Force Application).  Copy the "Directory (tenant) ID" we will use it later.
  • Then Click the "View API Permissions" button. 
  • Now go to "Add a Permission".
  • In "Select an API" section select "Microsoft Graph" API.
  • Go to the "Delegated Permissions" and add the listed permissions. Also, add the permissions in the "Application Permissions" section as well. 
  • The following permissions are required to create a folder and upload files in Sharepoint.
     Delegated permissions :
          Files.Read
          Files.Read.All
          Files.ReadWrite
          Files.ReadWrite.All
          Sites.Read.All
          Sites.ReadWrite.All
     Application Permissions:
          Files.Read.All
          Files.ReadWrite.All
          Sites.Read.All
          Sites.ReadWrite.All

Application Permissions - Your client application (Salesforce) needs to access the Web API (MS Graph API) directly without user context. This type of permission requires administrator consent and is also not available for Native client applications.

Delegated Permissions - Your client application (Salesforce) needs to access the Web API (MS Graph API) as the signed-in user, but with access limited by the selected permission. This type of permission can be granted by a user unless the permission is configured as requiring administrator consent.
  • After adding permissions don't forget to "Grant admin consent". (See the bottom of the API Permissions page)
Let's test our application.

Authorization

As of now, we noted three values 1. Application ID (Client Id) 2. Private Key (Client Secret) 3. Tenant ID. See the below code for authorization.  Store access_token in the public variable so that we can use it in other processes.

String clientId = 'my application id'; 
String clientSecret = 'my private key';
String tenantId = 'my tenant id';
Http h = new Http();
HttpRequest req = new HttpRequest();
req.setMethod('POST');
req.setHeader('Content-Type', 'application/x-www-form-urlencoded');
//https://login.microsoftonline.com/< tenant Id>/oauth2/token
req.setEndpoint('https://login.microsoftonline.com/'+EncodingUtil.urlEncode(tenantId, 'UTF-8').replaceAll('\\+', '%20')+'/oauth2/token'); 
String body = 'grant_type=client_credentials'+
    '&client_id=' + EncodingUtil.urlEncode(clientId, 'UTF-8') +
    '&client_secret='+ EncodingUtil.urlEncode(clientSecret, 'UTF-8') +
    '&resource=https://graph.microsoft.com';                              
req.setBody(body);
HttpResponse res = h.send(req);
System.debug('Response Body: ' + res.getBody());
//Parse the response and store the access_token in public variable to use it in other methods.

I added the sample response from Postman for the above request.

Note: Below example are to upload files in the Sharepoint host/root site. If you want  to upload files to other sites your URL format Should be: 
https://graph.microsoft.com/v1.0/sites/{site-id}/drives/    (get drive list)
https://graph.microsoft.com/v1.0/sites/{site-id}/drives/{drive id}/root/children      (create a folder)
https://graph.microsoft.com/v1.0/sites/{site-id}/drives/{drive id}/root:/{folder path}/{file name}:/content (upload a file)

Get the Drive List

Below code shows how to get a list of drives available to your application. In Sharepoint, every "Document Library" considered as a separate drive. If you know your drive (Document Library) ID then skip this step. From drive list find your drive with the help of "webUrl" or "name" in the response and store the "id" in a global variable like Custom Settings in salesforce. 

String access_token= 'access_token';
Http h = new Http();
HttpRequest req = new HttpRequest();
req.setMethod('GET');
req.setHeader('Authorization', 'Bearer '+ access_token);
req.setHeader('Content-Type', 'application/json');
req.setHeader('Accept', 'application/json');
req.setEndpoint('https://graph.microsoft.com/v1.0/drives/');
HttpResponse res = h.send(req);
System.debug('Response Body: ' + res.getBody());
//Get your drive id from the response and store it somewhere.

In my case, I want to store my files in Documents. 


Create a Folder

Run the below code to create a folder in Root library.
URL format to create a child folder: https://graph.microsoft.com/v1.0/drives/{drive id}/root:/{parent folder path}:/children.
URL format to create the Folder with Parent Folder Id instead of folder path : https://graph.microsoft.com/v1.0/drives/{drive id}/items/{parent folder id}/children.
Also, @microsoft.graph.conflictBehavior have three values fail, replace, and rename.

String access_token= 'access_token';
String driveID = 'my drive id';
String folderBody = '{"name": "New Folder","folder": { },"@microsoft.graph.conflictBehavior": "rename"}';
string endPoint = 'https://graph.microsoft.com/v1.0/drives/' + 
                        EncodingUtil.urlEncode(driveID, 'UTF-8').replaceAll('\\+', '%20') +
                        '/root/children';
Http h = new Http();
HttpRequest req = new HttpRequest();
req.setMethod('POST');
req.setHeader('Authorization', 'Bearer '+ access_token);
req.setHeader('Content-Type', 'application/json');
req.setHeader('Accept', 'application/json');
req.setEndpoint(endPoint);
req.setBody(folderBody);
HttpResponse res = h.send(req);
System.debug('Response Body: ' + res.getBody());



Make sure that the folder created successfully in SharePoint.

Upload a File

Run the below code to upload the file in "New Folder" which we created previously. This method only supports files up to 4MB in size.
URL format to upload file with parent folder path: https://graph.microsoft.com/v1.0/drives/{drive Id}/root:/{parent folder path}/{file name}:/content.
URL format to upload file with parent folder id: https://graph.microsoft.com/v1.0/drives/{drive Id}/items/{parent folder id}:/{file name}:/content.

String access_token= 'access_token';
String driveID = 'my drive id';
String folderName = 'New Folder';
String fileBody = 'Hello World!';
String fileName = 'My Document.txt';
String endPoint = 'https://graph.microsoft.com/v1.0/drives/' + 
                                EncodingUtil.urlEncode(driveID, 'UTF-8').replaceAll('\\+', '%20') +
                                '/root:/'+EncodingUtil.urlEncode(folderName, 'UTF-8').replaceAll('\\+', '%20')+'/'+
                                EncodingUtil.urlEncode(fileName, 'UTF-8').replaceAll('\\+', '%20')+':/content';
Http h = new Http();
HttpRequest req = new HttpRequest();
req.setMethod('PUT');
req.setHeader('Authorization', 'Bearer '+ access_token);
req.setHeader('Content-Type', 'text/plain');
req.setHeader('Accept', 'application/json');
req.setEndpoint(endPoint);
req.setBodyAsBlob(Blob.valueOf(fileBody));
HttpResponse res = h.send(req);
System.debug('Response Body: ' + res.getBody());

Make sure that the file uploaded successfully in SharePoint.

Worried about upload large files? We have a Resumable File Upload feature.

Resumable Upload

Create an upload session to allow your app to upload files up to the maximum file size. An upload session allows your app to upload ranges of the file in sequential API requests, which allows the transfer to be resumed if a connection is dropped while the upload is in progress.

To upload a file using an upload session, there are two steps:
1.Create an upload session
2.Upload bytes to the upload session

1.Create an upload session
The response to this request will provide the details of the newly created uploadSession, which includes the URL used for uploading the parts of the file.
String access_token= 'access_token';
String driveID = 'my drive id';
String parentFolderId = 'My parent folder id';
String fileDesc = '{"@microsoft.graph.conflictBehavior": "rename"}';
String fileName = 'largeFile.txt';
string endPoint = 'https://graph.microsoft.com/v1.0/drives/' + 
                                EncodingUtil.urlEncode(driveID, 'UTF-8').replaceAll('\\+', '%20') +
                                '/items/'+EncodingUtil.urlEncode(parentFolderId, 'UTF-8').replaceAll('\\+', '%20')+':/'+
                                EncodingUtil.urlEncode(fileName, 'UTF-8').replaceAll('\\+', '%20')+':/createUploadSession';
Http h = new Http();
HttpRequest req = new HttpRequest();
req.setHeader('Authorization', 'Bearer '+ access_token);
req.setHeader('Content-Type','application/json');
req.setHeader('Accept', 'application/json');
req.setMethod('POST'); 
req.setEndpoint(endPoint);
req.setBody(fileDesc);
HttpResponse res = h.send(req);
System.debug('Response Body: ' + res.getBody());

Copy the uploadUrl from the response.

2.Upload bytes to the upload session
To upload the file or a portion of the file, your app makes a PUT request to the uploadUrl value received in the createUploadSession response. You can upload the entire file, or split the file into multiple byte ranges, as long as the maximum bytes in any given request is less than 60 MB.

The size of each chunk MUST be a multiple of 320 KB (327,680 bytes) except the last chunk. Using a fragment size that does not divide evenly by 320 KiB will result in errors committing some files.

Run the below code to upload the file in a single chunk (less than 60 MB file).  If you have large files then repeat the below request until you upload all the chunks with appropriate Content-Range.
String access_token= 'access_token';
Blob file_body = Blob.valueOf('Hello World!');
String fileLength = String.valueOf(file_body.size());
String uploadUrl = 'upload URL from create an upload session';
Http h = new Http();
HttpRequest req2 = new HttpRequest();
req2.setHeader('Authorization', 'Bearer '+ access_token);
req2.setHeader('Content-Length',fileLength);
req2.setHeader('Content-Range','bytes 0-'+(Integer.ValueOf(fileLength) - 1)+'/'+fileLength);
req2.setHeader('Accept', 'application/json');
req2.setMethod('PUT');        
req2.setEndpoint(uploadUrl);
req2.setBodyAsBlob(file_body);
HttpResponse res = h.send(req2);
System.debug('Response Body: ' + res.getBody());


If you have any other queries/issues drop me an email(rajesh@ibirdsservices.com).

Thanks,
Rajesh K