Important Note - This checklist builds on the Set Up Checklist for SendSafely Administrators. We recommend you complete those steps prior to starting on the items below. 

1. Bookmark SendSafely Salesforce Integration Resources

The SendSafely Online Help Center provides numerous Salesforce integration setup resources, along with a recorded demo of the SendSafely Salesforce integration for reference.

The SendSafely Blog & Developer Center also provide updates on new features as they are released, as well as proof-of-concept code examples that may be useful in your environment. Please also review the Set Up Checklist for SendSafely Administrators.

Lastly, you can also email support@sendsafely.com with any questions or issues. 

2. Install the SendSafely Salesforce Sidebar App

The Salesforce Sidebar App allows agents to view and download received files associated with individual cases within the Salesforce Agent Console. The App also allows agents to securely send files outbound to customers.

The sidebar app can be installed from the Salesforce Marketplace, and installation instructions can be found here.  Note - files up to 10GB in size can be sent by agents via the SendSafely Salesforce Sidebar App.

3. Configure your Inbound Workflow

SendSafely provides several options for collecting sensitive files from customers and other external parties, all leveraging the SendSafely Dropzone.

• SendSafely Dropzone Widget: Our Dropzone widget integrates SendSafely’s secure file upload capabilities with a Salesforce customer or partner portals. Installation instructions are here.
• SendSafely Hosted Dropzone to Salesforce: The SendSafely Hosted Dropzone is a turn-key, standalone web page for secure file submission. Hosted Dropzone setup instructions are located here, and you can connect your Hosted Dropzone to Salesforce using one of our pre-built connectors (see step 6 below). Submitted files will either open a new case, or be attached to an existing case.
• Custom Form / Dropzone to Salesforce: You can also build custom forms that use the SendSafely API to securely receive files for tracking via Salesforce tickets.

Most organizations use several of the different methods described above. Note - your customers can submit very large files (> 10 GB) via a SendSafely Dropzone. 

4. Salesforce Quick Text and Template Setup

The Quick Text and Template features of Salesforce allow your agents to easily generate ticket-specific links to Hosted Dropzones that customers will use for file submission. You can find information on how to create these Quick Texts or Templates in this article under Hosted Dropzone with Salesforce Connector.

5. Ensure Dropzones are Production Ready

For any system integration, we recommend setting up a Dropzone under a Service Account, using a team alias such as support@company.com. SendSafely Administrators can then manage the Service Account Dropzone via the SendSafely Enterprise Console. 

Be sure to add your Salesforce agents to the Dropzone recipient list by following the steps outlined under "Initial Dropzone Setup - Step 3 - Configure Additional Recipients".

SendSafely provides many configuration options on the Dropzone Profile that may be useful within your workflow:

• Custom Form Input Label (for Hosted Dropzone)
• Expiration Settings - for inbound files
• Restrict File Download (view only mode)
• Only allow files with certain extensions

Lastly, if you are not using a Service Account to host your Dropzone, we recommend backing up the initial Trusted Browser Key for the Dropzone Owner account. This initial key can be used to access all historical packages received via that Dropzone - which is especially useful if you choose to automate the download/export of received files in the future.

6. Finalize your Dropzone Connector Production Configuration

For customer pilots, SendSafely may host the connector on your behalf for ease of setup and to facilitate testing. For production rollouts, however, SendSafely recommends that connectors be hosted within your own Google or AWS environment. As part of the pilot process, plans should be put in place for transitioning the connector to self-hosting.

Resources for hosting your own SendSafely Salesforce connector can be found here:

• Google Apps Script Connector
• AWS Lambda Connector
• Zapier 

7. Configure SendSafely Data Retention Settings

Determine your organization’s data retention requirements with regard to the Salesforce case attachments and messages protected by SendSafely. By default, all secured attachments and messages sent or received via SendSafely are subject to the expiration and deletion settings configured for your SendSafely portal. SendSafely does provide several additional options for long-term storage of data for historical record keeping, compliance, and/or regulatory requirements. Please review the following available options described in the Set Up Checklist for SendSafely Administrators:

• SendSafely Platform Expiration Settings 
• Master Key Setup
• Using your own AWS S3 Bucket
• API Export Options

Additional Salesforce Integration file expiration information: 

• Inbound Files Received by Agents: The file expiration configured in the Dropzone Profile controls the lifetime of inbound files and is managed within the SendSafely web portal.
• Outbound Files Sent by Agents: The lifetime of outbound files sent by an Agent using the Sidebar App is controlled by the default expiration configured in the Agent’s individual SendSafely User Profile and/or the Organization Wide Expiration Settings. 

Expiration Settings Administration - SendSafely Administrators can set a default, min and max expiration for all Agents in the SendSafely Enterprise Console. Please note - Dropzone expiration settings are not controlled by the min/max values set in the Enterprise Console. Instead, they are managed individually by portal Admins.

8. Do your Agents need Email Address Masking?

The SendSafely Masking feature is useful for organizations who do not want to disclose the real email address of agents that send files using SendSafely. The masking feature replaces externally displayed email addresses with the text configured in the user profile First Name, and the first character of the Last Name field. (Users can edit their SendSafely profile from the Account Icon Badge in the top righthand corner -> Edit Profile option). 

You can read more here: Masking User Email Addresses

Please Note - Using the “Email Address Masking” option automatically disables the Reply feature, since it would otherwise expose the Salesforce Agent email address to the external user.

9. Disable Reply Feature

By default, customers receiving secure files from an agent have the option to reply to that agent via SendSafely. However, to keep all communications associated with a Salesforce case we recommend requesting that support@sendsafely.com disable the Reply function in your SendSafely portal, and encourage customers to perform all replies/secure file uploads via the connected Dropzone.

10. Assess if you need the SEG to keep PII out of Salesforce

The SendSafely Serverless Email Gateway (SEG) can be used to shield your Salesforce instance from inadvertently collecting and storing unsolicited Personally Identifiable Information (PII) submitted by customers via plain text email to your support email address. 

The SEG intercepts and encrypts these inbound email attachments before they touch Salesforce. When combined with the Sidebar App and Dropzone, the SEG provides an end-to-end solution for protecting sensitive information in Salesforce.

• Keeping Unwanted PII out of your Service Desk

11. Plan for Agent Onboarding

SendSafely recommends preparing and providing internal guidance to your team with regard to how to register their SendSafely accounts as part of the new Salesforce Agent onboarding process.

Note - The exact instructions to onboard your new Salesforce agents will depend on the authentication mechanism configured for your SendSafely platform. SendSafely always recommends using your Single Sign On (SSO) infrastructure to authenticate your employees whenever possible. We provide support for multiple providers as part of our base subscription. Importantly, Salesforce also supports SAML SSO, so if you are using their implementation for your agents, you can also configure your SendSafely platform to use the same IdP (or vice versa).

Typically, the best way for your Salesforce agents to register their SendSafely account is via the SendSafely Sidebar App installed in their Salesforce Agent Console. They should be informed to use the “Activate new Account” button, which will then automatically take them to your company SendSafely instance. Depending on the user Authentication method implemented by your SendSafely Admin, the guidance instructions should inform them which option to choose next (i.e., use either the "Login using Single Sign-on" or "Register Now" button). 

Remember to add your Salesforce agents to the Dropzone recipient list so that they are authorized to decrypt files.

We also recommend that new Salesforce agents watch this recorded demo of the SendSafely Salesforce integration as part of their onboarding training.