Salesforce FAQ

Does GRAX use Salesforce Platform Events? No

Salesforce Platform Events don't support all objects needed by GRAX and Event Allocations are VERY limiting (when backing up ALL objects). Currently, GRAX Auto Backup captures Salesforce objects, Binary Files (Attachment, Content, Chatter Files, etc), and Salesforce system-tables. Data and binary files MUST be captured at the same rate/time or you risk damaging referential integrity or completeness of data. To fulfill our customers backup needs Salesforce Platform Events aren't an option due to incomplete object support. If you have questions please reach out to the GRAX team.

Does GRAX support Salesforce Private Connect? Yes

Salesforce Private Connect routes SFDC traffic via Salesforce-managed public cloud VPCs instead of letting egress traffic cross the public internet. This is a network-layer configuration; if configured correctly, the GRAX app won't be able to tell the difference between a public or private connection. GRAX isn't responsible for configuring or maintaining Private Connect. Private Connect requires additional Salesforce licensing. Private Connect is only available for self-managed GRAX deployments.

Does GRAX support Salesforce Hyperforce? Yes

Salesforce Hyperforce is a new architecture that allows customers to run Salesforce applications on public cloud infrastructure providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure. Hyperforce was announced by Salesforce in December 2020 as part of its Dreamforce event.

The Hyperforce API is the same as the Salesforce API. From a developer's perspective, this means that you can continue to use the Salesforce API to build and customize your applications, and the API remains the same regardless of whether you are running your Salesforce applications on Hyperforce or on Salesforce's own infrastructure.

Therefore GRAX works with Hyperforce deployments with no changes.

If you do use:

Hyperforce
GRAX LWC in Apex (non-iframe) mode
Self-managed GRAX deployment

Your AWS deployment has a Web Application Firewall (WAF), which may block the LWC API requests coming from your Hyperforce Apex servers.

In this case, Salesforce publishes a list of Hyperforce external IPs which will need to be allowed to communicate with your GRAX app.

This configuration is uncommon, and a simpler solution is to use the GRAX LWC in IFrame mode.

Does GRAX support Enhanced Domains? Yes

Enhanced domains meet the latest browser requirements and are now being used in all Salesforce orgs. As long as you're using OAuth to login to your Salesforce environments, the Enhanced Domain Enforcement impact to GRAX is minimal. After making the domain change, you'll need to take the following steps:

Login to your SFDC environment
In a separate tab navigate directly to your web app URL and append /web to the end and select Sign-in with Salesforce or Connect with Auto Config - if you don't know this URL, you can also navigate to the web app by clicking on the 'Schedule' tab within the GRAX managed package
Click on the Allow button on the Allow Access pop up window if it appears (there are some orgs that do not require this step)

These steps should give you access back to GRAX. Once you have access, double check the Salesforce connection within GRAX (in the 'Settings' section) and that the Integration User is connected to confirm the change.

Can GRAX be configured so users don't need to allow `GRAX OAuth` access the first time they login? Yes

By default the GRAX OAuth connected app is configured to allow all users to self-authorize and start the OAuth handshake. This means that when a user logs into GRAX for the first time, they will be prompted to allow identity service access to the GRAX OAuth connected app. If you would like to avoid this prompt, you can configure the GRAX OAuth connected app to only allow access to users the admin has pre-authorized. To enable pre-authorized users only, follow the steps:

In Salesforce, open Setup
In the Quick Find box, search for OAuth and select Connected Apps OAuth Usage
Find the GRAX OAuth connected app
If there is an Install button under Actions, click it to complete the installation and allow Manage App Policies access
Click the Manage App Policies link
Click the Edit Policies button
Change the Permitted Users setting to Admin approved users are pre-authorized
You will see the following warning message appear: Enabling this option will result in all users currently using this app being denied access. Please reference the Connected Apps OAuth Usage Report if you are unsure who is using the app. This means users who have self-authorized won't have access to the app until the steps below have been completed. Once you understand the warning, click the OK button
Upon clicking Save you'll be directed to the GRAX Connected App Detail page. Scroll down the Profiles section and click Manage Profiles
Choose all of the profiles that you want to be pre-authorized and click Save

Can GRAX be used with Salesforce Shield Platform Encryption? Yes

Salesforce.com's Shield Platform Encryption should not impact your ability to use GRAX, as GRAX is designed to work seamlessly with Salesforce's native encryption.

Salesforce provides various encryption options for data at rest and in transit, such as Shield Platform Encryption and Transport Layer Security (TLS). These encryption options are designed to protect data from unauthorized access and breaches, but they do not affect the functionality of third-party applications like GRAX. You can encrypt certain fields on standard and custom objects, data in Chatter, and search index files. With some exceptions, encrypted fields work normally throughout the Salesforce user interface, business processes, and APIs.

GRAX operates through the Salesforce API, which allows it to access data regardless of whether it is encrypted or not. GRAX creates backups of your data, and these backups are stored in a separate, encrypted data store. When you need to restore data, GRAX decrypts the backup and restores it to Salesforce.

Helpful Links
GRAX Compliance
Salesforce Shield Platform Encryption
What You Can Encrypt
Try out Shield Platform Encryption at no charge in a Salesforce Developer Edition orgs.

Does the Salesforce Winter '24 Release Affect the GRAX Application? No

There should be no effect on any GRAX functionality due to the latest Salesforce release. You can read more about this release here. Additionally, the RFC 7230 Validation for Apex RestResponse Headers that will be enforced in Spring '24 will also not impact GRAX.

Will the upcoming depreciation of third party cookies for certain browsers affect Salesforce or my GRAX Application? No

The Cookies Having Independent Partitioned State (CHIPS) change that Google will be making will not have any effect on your GRAX connection in Salesforce or your GRAX application; you can read more about this here.

Does an instance refresh impact my GRAX connection? No

A Salesforce instance refresh/migration occurs when SFDC upgrades the infrastructure supporting your instance in their data centers. Following this maintenance, your instance will move to a new data center, and the name of your instance will change.

Prior to an instance refresh/maintenance, SFDC will provide customers a date/timeline when the refresh will occur, specifying a maintenance window where their instance will be down. GRAX will be available during this SFDC maintenance period but GRAX will not be able to perform any backup or archive operations until the SFDC org is back up and available.

GRAX uses OAuth to access SFDC, so you may need to reauthorize the integration. Once the instance refresh/migration is complete, you’ll want to re-authenticate the GRAX integration user by navigating to the GRAX Application and logging in with the integration user.

After the integration User has been authenticated, GRAX will resume all activities (backup, archive, etc.) from the point where the service was disrupted.

Please review SFDC Instance Refresh Maintenance best practices for additional information.