Salesforce Platform Events don't support all objects needed by GRAX and Event Allocations are VERY limiting (when backing up ALL objects). Currently, GRAX Auto Backup captures Salesforce objects, Binary Files (Attachment, Content, Chatter Files, etc), and Salesforce system-tables. Data and binary files MUST be captured at the same rate/time or you risk damaging referential integrity or completeness of data. To fulfill our customers backup needs Salesforce Platform Events aren't an option due to incomplete object support. If you have questions please reach out to the GRAX team.
Salesforce Private Connect routes SFDC traffic via Salesforce-managed public cloud VPCs instead of letting egress traffic cross the public internet. This is a network-layer configuration; if configured correctly, the GRAX app won't be able to tell the difference between a public or private connection. GRAX isn't responsible for configuring or maintaining Private Connect. Private Connect requires additional Salesforce licensing. Private Connect is only available for non-standard GRAX deployments.
Salesforce Hyperforce is a new architecture that allows customers to run Salesforce applications on public cloud infrastructure providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure. Hyperforce was announced by Salesforce in December 2020 as part of its Dreamforce event.
The Hyperforce API is the same as the Salesforce API. From a developer's perspective, this means that you can continue to use the Salesforce API to build and customize your applications, and the API remains the same regardless of whether you are running your Salesforce applications on Hyperforce or on Salesforce's own infrastructure.
Therefore GRAX works with Hyperforce deployments with no changes.
If you do use:
- GRAX LWC in Apex (non-iframe) mode
- Non-standard GRAX deployment
your AWS deployment has a Web Application Firewall (WAF), which may block the LWC API requests coming from your Hyperforce Apex servers.
In this case, Salesforce publishes a list of Hyperforce external IPs, and you can add the right IP range for your Hyperforce region to the
ClientSideIPSet CloudFormation Parameter.
This configuration is uncommon, and a simpler solution is to use the GRAX LWC in IFrame mode.
Enhanced domains meet the latest browser requirements and are now being used in all Salesforce orgs. As long as you're using OAuth to login to your Salesforce environments, the Enhanced Domain Enforcement impact to GRAX is minimal. After making the domain change, you'll need to take the following steps:
- Login to your SFDC environment
- In a separate tab navigate directly to your web app URL and append /web to the end and select
Sign-in with Salesforceor
Connect with Auto Config- if you don't know this URL, you can also navigate to the web app by clicking on the 'Schedule' tab within the GRAX managed package
- Click on the
Allowbutton on the Allow Access pop up window if it appears (there are some orgs that do not require this step)
These steps should give you access back to GRAX. Once you have access, double check the Salesforce connection within GRAX (in the 'Settings' section) and that the Integration User is connected to confirm the change.
Can GRAX be configured so users don't need to allow
GRAX OAuth access the first time they login? Yes
GRAX OAuthaccess the first time they login? Yes
By default the
GRAX OAuth connected app is configured to allow all users to self-authorize and start the OAuth handshake. This means that when a user logs into GRAX for the first time, they will be prompted to allow
identity service access to the
GRAX OAuth connected app. If you would like to avoid this prompt, you can configure the
GRAX OAuth connected app to only allow access to users the admin has pre-authorized. To enable pre-authorized users only, follow the steps:
- Login to the GRAX application as an Admin user
- In Salesforce, open
- In the Quick Find box, search for
Connected Apps OAuth Usage
- Find the
GRAX OAuthconnected app
- If there is an
Actions, click it to complete the installation and allow
Manage App Policiesaccess
- Click the
Manage App Policieslink
- Click the
- Change the
Permitted Userssetting to
Admin approved users are pre-authorized
- If a warning message appears, read the warning and click the
- Click the
- Return to the GRAX Application and open the
- Open the
- Click the more button in the top right of the connected org panel
- Click the
Auto Config Org for GRAXoption
Auto Config option will pre-authorize the
GRAX OAuth app for each of the GRAX Console permissions sets, this can be done manually if you prefer.
Salesforce.com's Shield Platform Encryption should not impact your ability to use GRAX, as GRAX is designed to work seamlessly with Salesforce's native encryption.
Salesforce provides various encryption options for data at rest and in transit, such as Shield Platform Encryption and Transport Layer Security (TLS). These encryption options are designed to protect data from unauthorized access and breaches, but they do not affect the functionality of third-party applications like GRAX. You can encrypt certain fields on standard and custom objects, data in Chatter, and search index files. With some exceptions, encrypted fields work normally throughout the Salesforce user interface, business processes, and APIs.
GRAX operates through the Salesforce API, which allows it to access data regardless of whether it is encrypted or not. GRAX creates backups of your data, and these backups are stored in a separate, encrypted data store. When you need to restore data, GRAX decrypts the backup and restores it to Salesforce.
There should be no effect on any GRAX functionality due to the latest Salesforce release. You can read more about this release here. Additionally, the RFC 7230 Validation for Apex RestResponse Headers that will be enforced in Spring '24 will also not impact GRAX.
A Salesforce instance refresh/migration occurs when SFDC upgrades the infrastructure supporting your instance in their data centers. Following this maintenance, your instance will move to a new data center, and the name of your instance will change.
Prior to an instance refresh/maintenance, SFDC will provide customers a date/timeline when the refresh will occur, specifying a maintenance window where their instance will be down. GRAX will be available during this SFDC maintenance period but GRAX will not be able to perform any backup or archive operations until the SFDC org is back up and available.
GRAX uses OAuth to access SFDC, so you may need to reauthorize the integration. Once the instance refresh/migration is complete, you’ll want to re-authenticate the GRAX integration user by navigating to the GRAX Application and logging in with the integration user.
After the integration User has been authenticated, GRAX will resume all activities (backup, archive, etc.) from the point where the service was disrupted.
Please review SFDC Instance Refresh Maintenance best practices for additional information.
Updated 4 days ago