Salesforce.com is a CRM package as well as a Platform as a Service (PaaS). PaaS means the Salesforce platform can be used to build custom applications apart from a CRM. Salesforce.com is a SaaS plus PaaS. Software as a Service (SaaS) is used because of its ability to provide an out-of-the-box ruleset to manage CRM core functionalities, and PaaS is used because of the platform that can be used to build business logic through the provided components. The core of any CRM package is the ease with which it provides its administrators the ability to manage a user's profile. As we walk through this chapter, we will explore how easy it is to create, manage, and profile users in the Salesforce.com CRM.
The first common task of an administrator in Salesforce is to create users who will be the end users for the applications. An application in Salesforce is developed by developers, with the help of a design provided by an architect depending on the business requirement gathered by a business consultant. The scope of this book is to discuss the admin capabilities provided by the platform for an administrator and the day in and day out activities of a Salesforce administrator.
For a better understanding of the topics, I would recommend readers to sign up for a free developer account with Salesforce at Salesforce Developers (https://developer.salesforce.com/en/signup) and get hands-on with the concepts explained in this book.
As an administrator, I used to wonder where exactly could I find the count of licenses that are currently available and the number of licenses that have been consumed by an organization.
The following screenshot will help us figure this out in our developer instance:
As an administrator, you will find that the Setup option (shown in the preceding screenshot) available in the drop-down menu on clicking on your name is very helpful.
Click on your name and navigate to Setup | Company Profile | Company Information. Please note that in some production or sandbox instances, the Setup link is given next to your name (when logged in using a user's name).
Let's explore the various licenses that your organization can purchase from Salesforce with the help of the following table:
The complete comprehensive list can be referred to at https://help.salesforce.com/HTViewHelpDoc?id=users_license_types_available.htm&language=en_US.
It's important to understand the key differences between the Featured and User licenses.
The User license types are assigned to profiles when creating a profile. (We will discuss a profile soon. Until then, let's assume a profile consists of a set of users with the same look and feel for the app and the same functionalities and access).
In Salesforce, a user is required to have a profile. You cannot have a user without a profile. Once a user is assigned a profile, they will inherit the license assigned to that profile. The license that we are referring to here is the User license type.
The Featured license is in addition to the normal User license. You will see a small checkbox on the user's record, which means that the user is assigned a Featured license. Common examples of a Featured license are knowledge, content, service cloud, Site.com publisher, and so on. We will explain the functionalities that these licenses provide as we move on.
Let's find out how we can create users in Salesforce. Just navigate to Setup | Manage Users | Users.
The New User button will open a form, as shown in the following screenshot, to fill in some details. The fields in red are mandatory, and you won't be able to save the information unless and until you fill in these details.
Activating or deactivating a user in Salesforce is just a matter of ticking a checkbox on the user's record.
As an administrator, you will often have e-mails from your application's users to reset their passwords. In the user records page, Salesforce provides a Reset Password(s) button to reset a password.
In some cases, you can't immediately deactivate an account (such as when a user is selected in a custom hierarchy field). To prevent users from logging into your organization while you perform the steps to deactivate them, you can freeze the user's accounts. You will learn more about what a custom hierarchy field is as soon as we explore the database relationship concepts in Chapter 2, Configuring Salesforce.
There are often chances when the e-mail address of your user changes. As an administrator, you can edit a user's record and change it to a new e-mail address. The key point to note here is that the user will have to confirm this once their e-mail address has changed. Salesforce sends an e-mail to the new e-mail address of the user, and the user will be required to confirm the new e-mail address via a link.
An administrator is not only responsible for creating users but one of the common tasks of an admin is to also maintain the security of the application.
Click on your name and then navigate to Setup | Security Controls (under Administer) | Password Policies.
You will see some self-explanatory fields on the form to set a password policy.
This is a very sensitive step and one must think twice before expiring every user's password. You can find this option by navigating to Setup | Security Controls | Expire All Passwords.
Salesforce provides some mobile applications out of the box for its users, which can be installed from the App store (for Apple devices) or the Google Play store ( ) (for Android devices). Some of the commonly provided applications are as follows:
Salesforce 1: This app can access most of the functionalities built for a desktop on a mobile and can be customized by your developers. As an admin, you can enable its access to your users and organization.
Salesforce For Dashboards: This app displays dashboards on an iPad or a mobile device that is built for your applications by either an admin or a developer.
Salesforce Classic: This app is a client application that allows access to Salesforce.com data from BlackBerry, iPhone, and Android devices.
A subset of the user's Salesforce information is stored locally on the device, providing access to the user's most critical information even in the absence of a wireless signal.
In addition, the mobile application periodically (and automatically) polls Salesforce.com for new and updated records, ensuring that the device data is always kept up to date. Salesforce Classic provides the user with the ability to view and edit data, track activity history, log calls and e-mails, and view dashboards.
Note
Salesforce Mobile is highly configurable. A custom mobile configuration dictates the overall mobile experience and what objects/tabs, records, and fields are available on the mobile device. If you are asked to configure this application, you can refer online to https://help.salesforce.com/HTViewHelpDoc?id=mobile_install.htm&language=en_US.
Let's explore where we have to configure all this as an administrator. Click on your name and navigate to Setup | Mobile Administration.
Navigation refers to the navigation tabs for Salesforce 1 applications. Salesforce 1 settings help you configure a new logo and branding for the Salesforce 1 mobile application for your organization. Salesforce Classic is the settings option for the Salesforce Classic app. The Mobile Dashboards settings are for a mobile dashboard application.
Administrators can monitor the successful and failed login attempts for their organization and enabled portals. The columns on this page provide information about each login attempt. The login history page displays the most recent 20,000 entries in the login history database. If you need to see more records, you can download the information to a CSV or GZIP file.
You will find this login history in the user record-related list, as shown in the following screenshot:
To understand this topic, let's explain with the help of the following flowchart how authentication in Salesforce.com works once the user logs in. Under Profiles, we can set the Login Hours and Login IP Ranges options. Similarly, by navigating to Setup | Security Controls (under Administer) | Network Access, you have the option to whitelist some of the IPs.
This flowchart is self-explanatory and as you can see, if the restriction is at the profile level, then Salesforce won't allow you to log in.
If your IP range is mentioned in the Network Access page, you don't need a security token, which is a self-generated token specific to a user that is needed along with the password to access Salesforce from external client applications (such as Dataloader, Soap UI, and so on).
The first question that we must answer and be clear about is "What are profiles in Salesforce?". In the User Management section, we explored how to create users in Salesforce. Now, this section will deal with how we profile these users. So, a set of users who will need the same type of object access, tabs, applications, permissions, and user interfaces are categorized into a common profile. This is described in the following screenshot:
The profiles can be viewed and created by navigating to Setup | Manage Users | Profiles.
When a new profile is created, it has to be cloned from the existing profiles. When your organization (org) is purchased from Salesforce, it will already come with some profiles known as standard profiles. One can use these profiles but they are pretty much fixed, and hence we clone them if we need to customize profiles as per our need.
Before I move on, we need to understand applications, objects, fields, tabs, page layouts, and field-level security.
Just like any other database, Salesforce has its integrated database that comes with the organization once you purchase it. You have the ability to create objects and form fields related to an object through point and click, and hence this eliminates the need for separate database administrators such as PL/SQL.
The creation of these objects and fields can be done via simple clicks and not through any code, and this makes life simpler.
To create objects, you will need to click on your name and navigate to Setup | Create | Objects. The sample form to create objects is shown in the following screenshot:
Once you create objects, you can associate fields to them again through point and click. You can assign data types to fields by selecting an option through the radio buttons.
Fields have field-level security that decides whether a profile has API access to a field or not. We will explore this more in the Configuring a profile section when we dive deeper.
On the same screen, you will see the Edit Record Name Label and Format section. This defines how you want to address your data for an object. For example, if you create an account, it will definitely be addressed by a name, but if you create a transaction receipt, it should be an autogenerated number.
The optional features available on this screen are as follows:
Tabs provide a UI to access objects and fill data or records into objects. Objects are like tables in conventional databases and filling data (a layman's language term) is equivalent to inserting rows or records into the objects in Salesforce. For a standard object, we will have default tabs, while for custom objects, tabs have to be created by navigating to Setup | Create | Tabs. Again, when we explore more about profiles, we will see how we can hide a tab, keep the default on, or keep the default off for various profiles.
Flexi tabs can be used in Salesforce 1. For more information, refer to https://help.salesforce.com/HTViewHelpDoc?id=creating_flexipage_tabs.htm&language=en_US.
An application will involve a collection of tabs that can be controlled for each profile. Profiles can be configured to give access to only the selected application. You can create apps by navigating to Setup | Create | Apps.
The fields that we created for objects are organized to be viewed for various profiles with the help of page layouts. For each profile, we have the option to configure page layouts for that profile.
A page layout is edited with the help of the edit layout link on the page block, which helps us to organize fields and sections. This is shown in the following screenshot:
Let's navigate to one of the profiles in order to explore the settings that are provided by the profiles, which govern the application.
Click on your name and navigate to Setup | Manage Users | Profile. So, let's scan from the top page of the profile to the bottom and understand the importance of each of the sections.
The Profile Detail section consists of the User license that a profile holds. Any user assigned to this profile will inherit the license specified in the profile.
The Page Layouts section helps in the page layout assignment. Each profile needs a page layout assignment, and this section helps in assigning the page layout.
The Console Settings section is for the console assignment of profiles.
A Salesforce console is designed to boost productivity for users in a fast-paced environment. The console's dashboard-like interface improves the Agent console by eliminating time-consuming clicking and scrolling, so you can quickly find, update, and create records.
The Salesforce console streamlines access to the data and features you need the most. For example, service agents can use multiple applications at once and preserve the context of cases as priorities change. Using the sales console, sales reps can easily contact leads, assess companies, identify key contacts, and access sales intelligence.
1: Select an object to view in the Salesforce console navigation list. For example, select Leads to view leads. The administrator can choose which objects are available.
2: Records are displayed in a list, which you can pin on the left or the top of the screen. Select one or more records to be displayed in the primary tabs.
3: Selected records appear in primary tabs. You can work with multiple tabs simultaneously.
4: The highlight panel can be configured separately for each object to show the key information related to the record in the primary tab.
5: Open more than one subtab to quickly switch between multiple related records.
6: View and interact with the subtab content in the detail area.
For each object, standard or custom, the page will consist of various fields. This section will help us configure which fields are visible and which fields are read only at the profile level. Please note that if a field is not visible, it implies that it can't be read only as well. Read only implies that the field cannot be edited even through an API. If the Enhanced Profile User interface is enabled, it will be displayed in Objects Links under Apps, and then we can select the individual object from there.
For each profile's details page, you will see the custom app and connected app settings option, and it makes sense not to expose each application to all the profiles. So, this option allows the admin to select the application that should be visible to a profile, and one application can be made default for the profile. The applications that are not checked imply that the users belonging to those profiles won't have access to the unchecked applications at all.
Connected apps provide access to the Salesforce data for external systems (generally for OAUTH 2.0 for mobile apps or external third-party apps). These can also be configured at the profile level similar to the custom app settings:
Tab settings for a profile allow us to control whether the profile has access to the tab or not. There are three selectors: Default On, Default Off, and Tab Hidden.
If the Enhanced Profile User interface is enabled, it will be displayed in Objects Links under Apps, and then we can select the individual object from there.
Record types allow you to offer different business processes, pick-list values, and page layouts to different users. Record types can be used in various ways. They are as follows:
You can create record types for opportunities to differentiate your regular sales deals from your professional services engagements and offer different pick-list values for each
You can create record types for different cases to display different page layouts based on if they are customer support cases or billing cases
The settings at the profile level decide which record types among the available record types should be allocated to the profile. If the Enhanced Profile User interface is enabled, it will be displayed in the Apps section.
The administrative and general user permissions of profiles provide the capability and access rights for some significant functionalities of the platform. For example, the View Setup and Configuration setting will allow users of profiles to view the Setup menu. Similarly, View Encrypted Data will allow a profile user to view the encrypted fields. The settings are shown in the following screenshot:
Since the aim of this book is to just explain the concepts, I recommend users to further explore the topic with the help of the Help & Training documentation of Salesforce.
For the time being, as we have not discussed the security of the platform, we will not worry much about the View All or Modify All option. For the objects that we build in Salesforce, we can set whether the profile users can edit the record (Edit), have only read access to a record (Read), create a record (Create), or delete a record from the database (Delete). In short, we call it CRUD access.
Apex and Visualforce are used to customize the business process with code. As an admin, you don't have to go deep into this if you are new to the platform. At the profile level, we can allow these classes and pages if they are needed for a profile.
Note that the login IP restriction and login hours options we discussed are profile-specific. The options for Apex and Visualforce are shown in the following screenshot:
Delegated administration involves making non-admin users administrators with limited capabilities. Delegated administration will be supported where the users have a role assigned; this means it will support Salesforce Standard and Chatter Only profiles. It will not support Chatter Free and Chatter External profiles as they don't have roles.
The primary functions of a delegated administrator include:
Creating and editing users and resetting passwords for users in specified roles and all subordinate roles. This also includes setting quotas, creating default opportunity teams, and creating personal groups for those users.
Unlocking users.
Assigning users to specified profiles.
Logging in as a user who has granted login access to the administrator.
Managing custom objects created by an administrator.
The process starts by navigating to Setup | Security Controls | Delegated Administration. The steps are as follows:
Create a group and give it a name that is applicable to your business need. If the Enable Group for Login Access option is checked, it means that if a user grants login access, the delegated admin can log in on behalf of that user.
Assign users who will act as delegated administrators.
Specify the roles and subordinates for which the delegated administrators of this group can create and edit users.
Specify the profiles that the delegated administrators of this group can assign to the users they create and update. The delegated administrators cannot modify the profile. They can only assign users to these profiles.
Specify the custom objects that the delegated administrators of this group can administer. The delegated administrators can manage every aspect of the custom object, except for setting the custom objects' permissions on profiles. All the options are shown in the following screenshot:
Salesforce A is a mobile application available on the App Store or the Google Play store on Android devices to administer common admin-related activities from a mobile client.
The Salesforce A mobile app offers greater flexibility for Salesforce administrators. With Salesforce A, you can perform essential user management tasks—including editing user details, resetting passwords, assigning permission sets, and unlocking, freezing, and deactivating user accounts—all from your mobile device. The following is a screenshot of the app:
The following explanation helps us figure out how to use the Salesforce A app:
1: Tap on the search box to search for users in your organization. In the search box, type a few letters of a user's name, and then select it from the list that appears.
2: Tap on Frozen Users or Locked Out Users to open a list of frozen or locked user accounts. From the list, tap on a user to view and edit the user's details.
3: Tap on Recently Viewed Users to open a list of users you most recently accessed.
4: View the date, time, and type of the next scheduled maintenance.
5: Verify your username, organization name, and the type of organization you're logged into. Tap on Log Out to log out of your account.
6: Tap on Release Notes to view the latest release notes in HTML format (The HTML format release notes are currently in beta stage.)
7: Tap on Feedback to take a short survey.
The aim of this chapter was to get acquainted with the profiles and user concepts in Salesforce. The motivation of this chapter was that as an administrator, we understand the platform capabilities provided to profile users, and manage licenses for a user, provide the right access to users, and maintain application access. The topics explained in this chapter included explaining profiles, roles, delegated administration, and the Salesforce A app fundamentals.
If you have not understood the concepts such as record types, page layouts, and so on, there is nothing to worry about as our next chapter will dive deep into these topics with examples. The next chapter will teach you how to build the blocks of Salesforce applications, such as page layout, workflows, approval process, formula fields, building relationships, and so on.
