Salesforce FAQ

Common questions related to Salesforce features or capabilities

Does GRAX use Salesforce Platform Events? No

Salesforce Platform Events don't support all objects needed by GRAX and Event Allocations are VERY limiting (when backing up ALL objects). Currently, GRAX Auto Backup captures Salesforce objects, Binary Files (Attachment, Content, Chatter Files, etc), and Salesforce system-tables. Data and binary files MUST be captured at the same rate/time or you risk damaging referential integrity or completeness of data. To fulfill our customers backup needs Salesforce Platform Events aren't an option due to incomplete object support. If you have questions please reach out to the GRAX team.

Does GRAX support Salesforce Private Connect? Yes

Salesforce Private Connect routes SFDC traffic via Salesforce-managed public cloud VPCs instead of letting egress traffic cross the public internet. This is a network-layer configuration; if configured correctly, the GRAX app won't be able to tell the difference between a public or private connection. GRAX isn't responsible for configuring or maintaining Private Connect. Private Connect requires additional Salesforce licensing. Private Connect is only available for non-standard GRAX deployments.

Does GRAX support Salesforce Hyperforce? Yes

Salesforce Hyperforce is a new architecture that allows customers to run Salesforce applications on public cloud infrastructure providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure. Hyperforce was announced by Salesforce in December 2020 as part of its Dreamforce event.

The Hyperforce API is the same as the Salesforce API. From a developer's perspective, this means that you can continue to use the Salesforce API to build and customize your applications, and the API remains the same regardless of whether you are running your Salesforce applications on Hyperforce or on Salesforce's own infrastructure.

Therefore GRAX works with Hyperforce deployments with no changes.

If you do use:

  • Hyperforce
  • GRAX LWC in Apex (non-iframe) mode
  • Non-standard GRAX deployment

your AWS deployment has a Web Application Firewall (WAF), which may block the LWC API requests coming from your Hyperforce Apex servers.

In this case, Salesforce publishes a list of Hyperforce external IPs, and you can add the right IP range for your Hyperforce region to the ClientSideIPSet CloudFormation Parameter.

This configuration is uncommon, and a simpler solution is to use the GRAX LWC in IFrame mode.

Does GRAX support Enhanced Domains? Yes

Enhanced domains meet the latest browser requirements and are now being used in all Salesforce orgs. As long as you're using OAuth to login to your Salesforce environments, the Enhanced Domain Enforcement impact to GRAX is minimal. After making the domain change, you'll need to take the following steps:

  • Login to your SFDC environment
  • In a separate tab navigate directly to your web app URL and append /web to the end and select Sign-in with Salesforce or Connect with Auto Config - if you don't know this URL, you can also navigate to the web app by clicking on the 'Schedule' tab within the GRAX managed package
  • Click on the Allow button on the Allow Access pop up window if it appears (there are some orgs that do not require this step)

These steps should give you access back to GRAX. Once you have access, double check the Salesforce connection within GRAX (in the 'Settings' section) and that the Integration User is connected to confirm the change.

Can GRAX be configured so users don't need to allow GRAX OAuth access the first time they login? Yes

By default the GRAX OAuth connected app is configured to allow all users to self-authorize and start the OAuth handshake. This means that when a user logs into GRAX for the first time, they will be prompted to allow identity service access to the GRAX OAuth connected app. If you would like to avoid this prompt, you can configure the GRAX OAuth connected app to only allow access to users the admin has pre-authorized. To enable pre-authorized users only, follow the steps:

  1. Login to the GRAX application as an Admin user
  2. In Salesforce, open Setup
  3. In the Quick Find box, search for OAuth and select Connected Apps OAuth Usage
  4. Find the GRAX OAuth connected app
  5. If there is an Install button under Actions, click it to complete the installation and allow Manage App Policies access
  6. Click the Manage App Policies link
  7. Click the Edit Policies button
  8. Change the Permitted Users setting to Admin approved users are pre-authorized
  9. If a warning message appears, read the warning and click the OK button
  10. Click the Save button
  11. Return to the GRAX Application and open the Settings page
  12. Open the Salesforce panel
  13. Click the more button in the top right of the connected org panel
  14. Click the Auto Config Org for GRAX option

The GRAX Auto Config option will pre-authorize the GRAX OAuth app for each of the GRAX Console permissions sets, this can be done manually if you prefer.

Can GRAX be used with Salesforce Shield Platform Encryption? Yes

Salesforce.com's Shield Platform Encryption should not impact your ability to use GRAX, as GRAX is designed to work seamlessly with Salesforce's native encryption.

Salesforce provides various encryption options for data at rest and in transit, such as Shield Platform Encryption and Transport Layer Security (TLS). These encryption options are designed to protect data from unauthorized access and breaches, but they do not affect the functionality of third-party applications like GRAX. You can encrypt certain fields on standard and custom objects, data in Chatter, and search index files. With some exceptions, encrypted fields work normally throughout the Salesforce user interface, business processes, and APIs.

GRAX operates through the Salesforce API, which allows it to access data regardless of whether it is encrypted or not. GRAX creates backups of your data, and these backups are stored in a separate, encrypted data store. When you need to restore data, GRAX decrypts the backup and restores it to Salesforce.

Helpful Links
GRAX Compliance
Salesforce Shield Platform Encryption
What You Can Encrypt
Try out Shield Platform Encryption at no charge in a Salesforce Developer Edition orgs.

Does the Salesforce Winter '24 Release Affect the GRAX Application? No

There should be no effect on any GRAX functionality due to the latest Salesforce release. You can read more about this release here. Additionally, the RFC 7230 Validation for Apex RestResponse Headers that will be enforced in Spring '24 will also not impact GRAX.

Does an instance refresh impact my GRAX connection? No

A Salesforce instance refresh/migration occurs when SFDC upgrades the infrastructure supporting your instance in their data centers. Following this maintenance, your instance will move to a new data center, and the name of your instance will change.

Prior to an instance refresh/maintenance, SFDC will provide customers a date/timeline when the refresh will occur, specifying a maintenance window where their instance will be down. GRAX will be available during this SFDC maintenance period but GRAX will not be able to perform any backup or archive operations until the SFDC org is back up and available.

GRAX uses OAuth to access SFDC, so you may need to reauthorize the integration. Once the instance refresh/migration is complete, you’ll want to re-authenticate the GRAX integration user by navigating to the GRAX Application and logging in with the integration user.

After the integration User has been authenticated, GRAX will resume all activities (backup, archive, etc.) from the point where the service was disrupted.

Please review SFDC Instance Refresh Maintenance best practices for additional information.