Search Results
70 items found for ""
- Tools I Love: DLRS (the Declarative Lookup Rollup Summary tool)
Let me introduce you to my friend, DLRS, pronounced either “dee-el-arr-ess” or, my preference, “Dolores.” That’s not its real name. It’s really the Declarative Lookup Rollup Summary tool. I think it’s more fun to call it Dolores because it helps me feel closer to this amazing, free, and powerful resource. DLRS was originally created by Andrew Fawcett to fill some gaps in Salesforce functionality. 🎂 DLRS is turning ten years old this month! That's something to celebrate! DLRS gives you rollup summary superpowers that no nonprofit admin should be without. But before I get into the superpowers, let me help you with some DLRS context, like what it means: Declarative This is the easy part. In fact, what it really means is “this tool is for everyone, it’s easy to use.” Declarative means that something can be done with clicks, not code. So from the start, we know that DRLS is built to allow you to do things that before would have required you to write code. (Quick side note: With the incredible growth in power of flexibility of Flow you could accomplish most of the functionality of DRLS now with Flow, which is technically a declarative tool. But that ability comes from the fact that flow has grown to straddle the declarative vs. development line. I consider it more work to build and maintain rollups via Flow than with DLRS, so I wouldn’t recommend that route. More on that below.) Lookup Lookup refers to the fact that DLRS can perform rollup summary operations across a lookup relationship in Salesforce. This is a simple relationship between records, where one has a reference to the other. Without getting too deep into it right now, there are times when a lookup makes more sense than the tighter relationship of master detail, often known as “parent/child.” Master detail relationships are not generally “reparentable,” usually involve cascade delete (if the parent is deleted, so are all the children), and also have implications for Salesforce record privacy (anyone that can see the parent can see the children). Standard Salesforce rollup summary fields (“RUS fields”) can only be built across a master detail relationship. DLRS allows rollups across the less-close lookup relationship. Rollup Summary Out-of-the-box Salesforce can make rollup summary (“RUS”) fields that show summarized information about child records, such as counting them, finding the largest (MAX) or smallest (MIN), summing, averaging, or the like. RUS fields generate some of the most interesting insights about your data, such as number of people enrolled in a program, attendance percentages, number of people in a household, etc. OK, that’s what it means. But the most important thing to know about DLRS is that it gives you rollup summary superpowers. And those are powers you might want to focus on master detail relationships as well. 🔋 Powers DLRS Has that RUS Do Not Whereas standard Salesforce RUS fields are limited to count, sum, mix, and max, DRLS adds quite a few operations you might want to do, including the ability to concatenate text. Two of DLRS’s powers that I think are worth calling out separately: Relative Date Filters One of the most common things people consider making a rollup summary about is to have a relative date filter such as “this year.” Perhaps you want to count applications “this year” or purchases “last month.” You can do that in a Salesforce report easily. And you can include relative date filters in formulas as well. But you can’t filter the records you’re going to summarize in a standard RUS field with relative date language. Averages Standard RUS fields can count or sum, but average is not an option. This means that the out of the box way to calculate a rollup summary average in Salesforce requires the admin to build three fields. (One to count child records, one to total the value in the child records, and the third is a formula that divides the total by the count.) Obviously this isn’t the end of the world, but DLRS allows you to accomplish an average with just one field, saving time and effort. So even if you are dealing with rollups across master detail relationship, DLRS is a great addition to your toolbox. Why DLRS and Not [fill in the blank]? There are two other tools people often suggest to meet a similar need as DLRS. Rollup Helper Rollup Helper is a freemium AppExchange tool. Nonprofits can have up to three free rollups permanently with Rollup Helper. Also, being a commercial product, Rollup Helper has a user friendly interface and, like DLRS, it can work across lookup relationships and do more kinds of calculations. Honestly, I have nothing bad to say about RollupHelper. I just prefer to save money for nonprofits, so I’ll go with DLRS every time. Flow As I mentioned above, Salesforce Flow has become a very powerful tool, with most of the capabilities of code. It’s not that hard to build a record-triggered flow that loops through related records to summarize them. One major limitation here is that if you want results in realtime you will have to build at least two flows: one on create or update of a “child” record, and one on delete. As of now (and I don’t think there is any roadmap for change any time soon), record-triggered Flows can have either a create/update context or a delete context, but not both. I also think that building and testing a flow (or modifying an existing flow) each time you find a new rollup summary need is significantly more cumbersome than building a DLRS rollup. Things You Might Want To Roll Up 🗞️ If you aren’t already brimming with ideas of things you want to roll up using DLRS or standard rollup summaries, let me try to jump start some thoughts: If you have students applying to colleges (or high schools) you’ll probably want to know: - How many applications does this student have? - How many acceptances does this student have? - How many students have applied to this school this year? - How many applied last year? - How many were accepted/waitlisted/rejected this year/last year? If you rescue animals you might need to know: - How many cats/dogs/rabbits are at each shelter? - What is the average length of stay in shelter? - What percentage of animals are awaiting urgent veterinary care? If you train teachers, you might want to count: - Enrollments in your mentorship program. - Completed/incomplete mentorships. - Teachers at each school that have completed your program. If you raise money for environmental causes you might need to know: - How many donations have gone to each nonprofit partner? - How many unique donors have given to each partner? If you run a women’s shelter you’ll probably need to know: - How many times has a client been in shelter? - What is her average length of stay? - How many services did she access while in shelter? This list barely scratches the surface, of course. Your own program is going to determine the fields you need. If you want even more inspiration, look at the DLRS Cookbook, which has example rollups and instructions for building them. [Full disclosure: I helped write that cookbook.] One More Thing To Love: DLRS is now part of Open Source Commons Andrew Fawcett and a handful of helpers kept DLRS up to date entirely on a volunteer basis for many years. We all owe them a huge debt of gratitude! "This tool was initially a solution looking for a problem and in part a technical demonstration of the Metadata API," says Andrew Fawcett. "And wow did it ever find its place as a solution for many of its users! At its heart at the very start was a desire to continue to do what the platform does best: democratize capabilities—and that continues to make it so popular today." In order to ensure the continued development and support of DLRS, in 2022 Andrew asked if people could step in to take over DLRS. Now it's become part of the Open Source Commons program. That means this app has a formal structure to support it, expand it, and ensure that it will forever be free for nonprofits and anyone else that wants to use it. "Thank you everyone for your support and encouragement over the past 10 years, I cannot wait to see what it looks like in 10 more years!" - Andrew Fawcett I’m proud to volunteer my time for the DLRS project, helping with writing and editing documentation. It’s one of the ways I try to give back to the amazing community of Salesforce professionals that have helped me so much. Go Out and Try It! I hope I’ve convinced you that DRLS is a tool you want in your toolbox. Be warned: as with any tool, you’re going to have to learn how to use it. (Even wielding a hammer is not as simple as just grabbing it and swinging!) I think it’s beyond the scope of my blog to make this or a future post into a full scale How To Build Your First DLRS. But don’t worry—the DLRS documentation is extensive and the documentation team is constantly working to expand it! Need further help? Just ask in the Community Project: DLRS group on Trailblazer Community.
- Rollup to Relationship: A Cool DLRS Trick
I’ve already written about DLRS, or Dolores, one of my favorite free tools that gives you rollup summary superpowers. Today I want to tell you about a cool trick you can do with DLRS that kinda’ isn’t a “rollup” at all. Most of us, when we think of a “rollup summary field,” start thinking in terms of math operations like average, or count, or min, or max. Makes sense. If you think about rolling up information about a group of related records (also called “child” records) onto one that they’re all related to (the “parent”), those are the main uses. I could count the number of support cases that go with an account. Or I could count the number of sessions a student was late for, then count the number of total sessions, then divide the former by the latter to get an attendance percentage. Or maybe I want to sort through all the memberships a family has purchased and roll up the date of the most recent one to know when their membership is going to expire. Or you could count the number of memberships that family has purchased over the years… But here’s some outside-the-box thinking: You can make a rollup summary field that itself creates a special relationship to just one of the child records. (I know it’s generally frowned upon to single out one of your children for special treatment, but…) Perhaps your database tracks a price each year: Campbell Scholars Program wants to be able to give solid college choice advice to their students. So they want to know the tuition cost of any college or university their students are applying to each year. PA Virtual Charter School is paid by school districts for each student enrolled. But districts have different rates from each other and those rates (of course) also change each year. In each case we have a custom object,Tuition Cost, that holds child records to Account (representing the college or the school district). For each account for each year there is a tuition cost record. (We also know that there must be just one for each year, so we take other steps—that I won’t outline here—to make sure there is only a single record per account per year.) We have a “year” field on that record that is either itself a date field or it can be translated into a date by a formula field. It’s now very easy to make a DLRS rollup that finds the last tuition record ordered by the date field. That’s not where the magic comes in. The magic is what we’re doing with what we’ve found. We're not looking at a number field (like the tuition cost) and doing math on it. Nothing of the sort, in fact. We take the Id of that record and we put it into a target field that is, itself, a lookup relationship field. In the Salesforce user experience when you see a lookup field it shows as a link to the related record. But under the hood that field actually holds the unique Id of the related record, which is 15 characters of text. So by using DLRS to put an Id in that field, we have actually created a relationship–a link to the “most recent child tuition rate.” Once you have a relationship field like that, you can make formulas that span that relationship. That means that if a Campbell scholar is interested in a particular school, as soon as we create a college application record (to track that interest) we can show the school’s current cost just by putting a formula field on College Application. When PAVCS wants to generate an invoice to a school district, the invoice record (child to school district) already knows what the current tuition cost is for that district. I think that’s very cool and there are lots of ways to use it. Can you think of nifty examples in your org?
- FormAssembly’s Price Increase
It’s been a couple of months but I haven’t had a chance to talk about the fact that FormAssembly has raised their prices. By a lot. It makes me sad. And I think they should be ashamed of themselves. I’m saying this as someone that is still a huge proponent of FormAssembly and while I continue to be a FormAssembly partner and likely to recommend it when clients are looking for a form tool. I don’t get anything personally as a FormAssembly partner. Other than access to the partner site (which I basically never used in the past, but now have to use to find the prices), the benefit to being a partner is the ability for clients I refer to get a discount on their pricing. I assume those clients could negotiate essentially the same discount on their own if they worked at it, but I can save them a step. Given the inflation of the past couple of years and the reality of the marketplace, I’m not actually that surprised or concerned when prices go up in the normal course of things. My own consulting rates go up, for example, and I don’t apologize for that. (I like to think I also give more value with each passing year as my knowledge grows, but maybe that’s another blog post…) But FormAssembly has basically tripled their pricing for nonprofits. I suppose a small caveat is in order: FormAssembly for anyone with a current account is not going up in price. They are all grandfathered at their current pricing and feature level and FormAssembly has said that is “forever.” [Surely it can’t be forever, but it’s at least for the foreseeable future.] Opacity To make matters even worse, they’ve also made their pricing less transparent. Wait–did I say “less transparent”? They’ve made prices practically a secret. They don’t seem to realize just how much that skeeves out nonprofit people and will hurt their business among this community. Not that long ago you could go to the FormAssembly website and find a nice clear pricing page that showed about four tiers you might choose among with their costs in black and white. Now all you see on the “pricing” page is links to start a trial, get a demo, or compare features. If you’re anything like me, it feels uncomfortably like this is going to be an experience like buying a car. Blech. 🤮 It’s slightly better for FormAssembly partners because we can log into their partner site and actually see something resembling a pricing grid. I’ve pushed them hard to make that grid available publicly. I think they’re concerned that the pricing is now confusing so they don’t want to make it public. (They’re right that it’s confusing, by the way. But I still think transparency is better for business, particularly among the nonprofits that have always been strong champions for FormAssembly.) I should note at this point that FormAssembly’s competitors are equally opaque about their pricing, so the transparency issue isn’t my main beef. What I’m really concerned about is that FA has become so much less affordable. What Does It Cost Now? I noted, above, that FormAssembly doesn’t want to make pricing transparent because they’re concerned that it’s confusing. I think they are afraid that potential customers will be scared off if a higher bottom line is the first thing they see when they might be comparing FormAssembly with a lot more features to a competitor’s tool at a bargain basement price that can’t do any of the amazing things FA can do. OK, I can understand that fear, I’m just not that sympathetic because at an apples-to-apples level the rise in FormAssembly cost is still outrageous. In one of my very first posts I noted that I recommended clients get FormAssembly’s Premier level (now discontinued). Premier for nonprofits was about $1,700/year but was worth it because of the amazing prefill connector. In FormAssembly’s new pricing structure, if you want the same features that most of my clients use you’re going to have to pay more like $5,000 per year for their Essentials plan! I’m actually of two minds about that: I think it’s an utterly absurd price rise, not to mention a pretty steep annual cost. I still think it’s probably worthwhile for a whole lot of nonprofits. My clients that already have grandfathered prices are probably getting that level of value out of FormAssembly with the prefill connector. Complexity in Pricing If we want to get into that complexity that FormAssembly thinks you might not be able to handle, Essentials comes with a few features that Premier did not, such as Dynamic Picklists and multiple users on your FormAssembly account. So from FA’s perspective they’re providing more value. But other features are á la carte. So, for example, you’ll have to pay $600 more per year if you want credit card processing, which was included in Premier. In fact, the Salesforce connector is already an add-on to Essentials, but I’m counting it in the baseline because from my perspective a form tool without a Salesforce integration isn’t very useful. (See also: Google Forms.) Dynamic Picklists and multiple FA Users are features with which I have a love/hate relationship. (That’s a topic for another post.) But suffice it to say that I’m not sold on paying so much more to have those features, at least not with their current challenges. Essentials is not the cheapest FormAssembly plan. You can get as low as $2,800 for “Basic” (with a nonprofit discount—there is no additional partner discount on Basic). Basic, of course, does not have the prefill connector (not even as an add-on), so you lose what I always think is special about FormAssembly. Basic also doesn’t allow CSS, so you probably can’t make your forms look as branded as you would like. (They won’t be as ugly as Google Forms, but that’s a low bar.) In my opinion they have crippled Basic enough that you might be just as well off with another form tool. What Do I Recommend? It’s a whole lot harder now to know what to recommend for a client that’s just looking at getting a webform tool. I think I still come down on the side of FormAssembly, but it’s much less of a slam dunk at four thousand dollars than it was under two. If you are going to have more than just one form and you know your forms are going to get a lot of use, then the prefill connector is going to allow you to do things to reduce duplicates, improve your users’ experience, and save you money in the long term. In that case, FormAssembly Essentials will be worth it for you. Even without prefill, FormAssembly’s connector after the form is submitted can do a lot more than just insert a single record into Salesforce. So Basic might be worthwhile because I assume FormAssembly priced it to compete with the others in the marketplace. But there are other form tools to consider, some cheaper than FormAssembly, that may be able to do what you need. If you have only basic form needs, you probably have a lot of options to sort through. (The nonprofit Salesforce community is working on reviving a project to help with this kind of decision. But that effort is not at fruition quite yet.) There is also the possibility of using a screen flow exposed on a public Site that has gotten a good amount of discussion in the community recently. I think the complexity of building and maintaining this puts it out of reach for most organizations. But if you’re that organization that was just going to have a single form, it could be worthwhile to invest the time in building this and then have something that is completely free. Even if you have to pay a consultant to change or maintain it every so often, that’s going to be cheaper than a recurring form tool cost. I guess the best I can recommend is: It depends.
- Always Build in a Sandbox. (Except When You Don't. Or can't.)
It’s a mantra oft-repeated: “Never build directly in production.” If you’re an admin you should be building new automation, new objects and fields, or otherwise messing with your metadata only in a sandbox environment. And I agree. I regularly admonish my clients and my mentees to build only in a sandbox and to test thoroughly before deploying to production. It takes extra time but it’s an important safeguard. And yet... I’ve already argued that keeping some test data in production makes sense. I might as well lose the rest of my credibility right now: There are times to build directly in production. Honestly, we all do it. Except in the strictest and most regulated organizations/industries, it’s not even that uncommon. Sometimes “building” in production is reasonable, or perhaps even necessary. What Constitutes “Building” Anyway? I don’t think anyone would argue that it’s wrong to make a new report directly in production. [Would you???] It’s already a constant battle to get users to learn to edit and build their own reports. If you’re going to insist they be built in a sandbox you’re mandating that reports are only built by your Salesforce admin team. I believe in teaching my users to fish. Of course anything one might say about building reports is going to apply to dashboards as well... I can see an argument that reports and dashboards fall into a strange gray area where they, themselves, are metadata but they’re so dependent on data that maybe they’re a different category. Plus reports and dashboards are about showing the data that’s in the org, they’re not automation, or changes to the user interface, or the like. But the Lightning Report Builder has the ability to make row-level formulas. (In the past that would have required an admin to build a formula field for a specific reporting need, so bring ‘em on!) If it’s OK to process a formula in the context of running a report, that seems a very short distance from actually creating a formula field, no? That's why I would say that creating a formula field directly in production seems fairly reasonable. [Brief aside: If you’re doing this, take steps to test and validate before you let users see the new field: Uncheck the box that adds the field to page layouts. Maybe restrict field level security until it’s ready. You can look at the field in the meantime using a report. And note that modifying an existing field probably is a category of its own because that has potential spillover effects. Then again, if you find that a formula field is broken, I’d say working on a fix directly in production is fairly reasonable.] Here are a bunch of purely metadata modifications that I’m going to argue are safe to do directly in production: Edit page layouts and compact layouts Modify Lightning Record Pages Make a new Quick Action Those are all changes to the user interface but don’t impact data itself. Sure, depending on how extensive the page modifications are, you could confuse users a bit. Try to make things obvious or else give a heads-up. It’s OK to “move people’s cheese” as long as it’s still somewhere in the same fridge they last saw it. In the same vein, modifying a display-only screen flow should be safe. Or, for that matter, editing the display portions (only!) of a flow that also runs data operations. Go ahead and fix that typo you noticed. Similar to my argument for formula fields, I think you could make a new rollup summary (traditional rollup summaries, DLRS rollups, or NPSP Customizable Rollups). You’re going to learn more testing the rollup against the messy real data that’s in production than what you have to work with in a sandbox. As above: keep the field hidden from users until you've perfected it. And here's a good tip from Stephanie Foerst for a good time to build directly in prod: “When there's a production issue and you can easily resolve it.” Modifying Metadata in Production So we’ve determined that the difference between “data stuff” and metadata is not going to provide a bright line guideline. Sorry. If it’s a matter of degree not type, I think we’re going to have to start considering the impact of your actions. I know: Bummer. Considering the consequences of our actions is sooooooo haaaardddddd. If you’re going to modify metadata directly in production—and I think we all know you are—the best advice I can give is to think about when it’s OK and when it’s not. Ask yourself: 1. Is it gonna break stuff? Things that can break stuff include: Validation rules They don’t just stop users from getting things wrong–they stop integrations and Apex code, too. Automation But here you really have to consider what the automation is doing. 2. Is it going to escape the environment? Anything that sends an email. Integrations (though sometimes you don’t have a sandbox option on the other end of the integration) 3. Do I need to do a lot of testing that will result in records users might stumble upon? New integrations Automation (again) 4. Am I building new and/or self-contained functionality? New object? I would normally say that a new object is so self-contained that it makes perfect sense to build in a sandbox. But I asked around and others were pretty OK with building new objects in prod exactly because they are self-contained... New fields? Most of the time, work in sandbox. But just one field…? Go for it. 5. Experience Cloud I feel like this is almost a topic of its own (that should be written by someone that knows Experience Cloud/Communities better than I do). It’s a pain to deploy a built out Site from sandbox. Making changes in prod (but waiting to publish them) is pretty common. 6. [Special Case] Record Types This is a very specific use case that Peter Churchill pointed out to me: If you create a record type in production “they maintain their Ids in each environment, but Sandbox to Prod will create a new Id.” Sometimes it’s easier to build automation based on record type Ids, so this will save you some hassle. Personally, I prefer to have my automation look up record types by API name rather than rely on the Id being constant. Don’t Punk Yourself! Here’s the thing about making any modifications in production: They’re not likely to flow down into sandboxes—you’re going to forget to do that. In any environment where there is simultaneous development happening in sandboxes—even if you are the one doing the building in both environments—if you make a modification in production there’s a chance of undoing your work later when you deploy from the sandbox. Say I have an active sandbox named “mbkdev” where I’m building a child object to contact. In that sandbox I modify the contact page layout to add the related list for this new object. I make no other changes to the contact layout. My work in this sandbox is taking some time, so I haven’t deployed my new object and contact page layout yet. Meanwhile, I get a request for a formula field on contact to translate from Birthdate to display the contact’s age. (I know, you probably forgot there isn’t a standard field for this!) This is an eminently reasonable request and one that I want to deliver quickly. So I throw together the formula field and I drop it onto the page layout. While I’m at it, I decide to move demographic fields together into their own tidy section. Three weeks later we finish testing the work in the mbkdev sandbox and we’re ready to deploy our new object. Since we modified the contact page to include the new object’s related list, we put that layout in our change set. But the Age field doesn’t even exist in mbkdev and the demographic fields are in their (haphazard) positions from the moment the sandbox was first created. As soon as our deployment goes live, the contact layout has reverted to its state from three weeks back, with only the addition of our new related list. Oops. I’ve just undone my own work. How foolish do I feel? [This is a purely hypothetical situation. I have never allowed this to happen IRL.] It’s a challenge to keep sandboxes in sync. If you have deployment procedures, use them.
- Test Data in Production
Raise your hand if you have fake or test records in production. 🙋🏽♀️🙋🏾♂️🙋 You, in the back—Really? You don’t have a single record that you use when you want to try out a new field, test an automation, or troubleshoot? Uh huh. Let’s get that hand in the air, then. 🙋 I’m not too proud to admit that I put test data in production. I even do it in my client’s orgs. I think that’s OK. No–I actually think it’s necessary. It’s Efficient I don’t see how you can efficiently get by without test data in production. Even when you are scrupulously meticulous about never building in production (And you are…right?) You’re going to have new things you’ve deployed that you want to see. You’re going to get users that have trouble and you need to quickly reproduce the issue And you’re going to have quick training and enablement moments that you want to take advantage of without having to go through the rigamarole of setting up sandbox data. So, yes, I do put test data into production. What Data It comes down to what data and how much data? I have two rules of thumb: Is it obvious? Is it fun? Clearly, the second one is optional. (But is it...?) If you want to have contacts Test Test and accounts Account1, Account2, and Account3, go for it. But remember that contact Test Test in the Nonprofit Success Pack is going to end up with a household account Test Household. I think there are people with the last name “Test.” It’s not actually obvious whether it’s real or fake, is it? Why not put Harry Potter in your middle school? (He should be enrolled at Hogwarts, of course.) Or set up King T’Challa as one of your young professionals. (He probably works for the Kingdom of Wakanda.) I suppose there’s some chance one of your users won’t get the joke. But it’s also possible there is a real person out there named First Last. (There are people whose last name is Null…) Easily Identifiable My point is that if you have these records you might as well be able to identify them. Plus you’re set up for success later on when you need to spin up a quick report or show someone how to make a related record. Working with test records that fit a theme makes it easy for you and everyone else to remember which are the fake records and filter them off reports or ignore them in list views. And you do want to filter them off 99% of the time. Get into the habit of adding a filter to every report that will remove your fake records, whether it’s donations from the T’Challa Household or students whose Primary Affiliation includes “Hogwarts.” Let your users know why you’re doing it as well so that they don’t fake themselves out when making their own reports. Have Some Fun I already mentioned that I use Harry Potter and Hogwarts. In fact most of my education instances have Harry, Hermione Granger, and Ron Weasley at the very least. (It’s a joke that can appeal to most ages.) The beauty of using those characters is that we also know their relationships with a bunch of other contacts and accounts we might want to work with, such as their parents, their teachers, and even some businesses and institutions. I don’t put that whole panoply of records into production but I most certainly like to use it as data in my training sandboxes! When I need some more students outside the Potterverse, but easily recognizable, I’ve turned to superheroes. The Marvel Universe is nice because you can find characters in a variety of age categories and still stay pretty obvious and mainstream. People might not have seen the latest movie in the franchise, but they’ll know the names Black Panther and Captain Marvel. More often than not people will even recognize their secret identities, if you want to use them. DC characters will work as well, if you’re into them, but you might choose to create Super Man instead of Superman because: Required Fields. Star Wars characters are fun, too. When I worked at Spark my Go-To kids were Luke Skywalker, Han Solo, and Chewbacca Wookie. (He had to have a last name: Required field.) Again, I figured I could be pretty confident nobody would think they were real students. And I had so much fun setting up their mentorships with Darth Vader and his colleagues at Death Star Demolitions Company. Contacts don’t have to get all the love, either! When my education clients need school and college records I have, among others: Idyllic New England Liberal Arts School (my alma mater) Big Southern Football University Ivy League University Metropolis University (also good for superheroes to attend) Hogwarts School of Witchcraft and Wizardry The Bronx High School of Science and Superheroes (Peter Parker’s alma mater) When we were creating the original package for Ombudsman Cloud Care we needed test and training data. Props to my wife, Jen, for taking the Navy theme to its logical conclusion. I’d originally created Popeye and Olive Oyl. Jen added several characters from Star Trek and The Next Generation as well as delightful Cases to go with them! That gave us some fun Easter Eggs for people to notice as they went through training. It’s not that I actually think it’s ideal to have test data in production. I just think there’s almost no way around it. So given that reality, let’s make it enjoyable!
- The TL;DR on the “New Nonprofit Cloud”
⚠️ Warning: Cynicism ahead. I’m going to cut through marketing and spin to call it as I see it. (I hope you already were expecting that from me.) On Tuesday Salesforce.org announced the “New Nonprofit Cloud.” Lori Freeman also posted about the post in the Trailblazer Community. Here’s the TL;DR, IMHO: Over the next few years Salesforce.org is coming out with an entirely new technology suite of solutions for nonprofits. These collectively will be known as “Nonprofit Cloud.” These will not be based on, nor compatible with, the current solutions, including NPSP. You need not concern yourself with “Nonprofit Cloud” for the time being. Nonprofit Pricing does not change. (Ten free licenses, etc…) Except Nonprofit Cloud licenses cost more than standard licenses for your 11th and up. There is quite a lot to unpack about this announcement, not all of it actually included in the announcement itself. I think it’s worth making this a relatively long post to go bring all the parts together. Pricing In my opinion, the two important things that make Salesforce valuable for nonprofits are the Power of Us program (donating the first ten licenses free to nonprofits) and the additional discounts that apply to all other Salesforce product SKUs. This is not changing. Though I had been assured this would not change before TrailblazerDX, I still felt it was important to hold Salesforce’s feet to the fire. I asked a question during True To The Core, seeking commitment at the highest and most public level. (My question, followed by Parker Harris’ answer, starts at 21:20.) Parker’s answer, Lori’s post about today’s announcement, and other communications give me confidence that we can count on Salesforce’s ongoing support for nonprofits. (As much as we can count on anything a business may say or do.) Pricing after your free licenses is also not necessarily going to be simple, which may partly have to do with Salesforce.org’s inclusion under Industries. I don’t even know if Salesforce.org’s people know all the ins-and-outs of how the licensing–and, therefore, the pricing–works yet. What I understand is that Nonprofit Cloud will be its own SKU that, essentially, bundles a Sales Cloud license, a Service Cloud license, and something-that-gives-access-to-the-Industries-based-functionality. [I don’t know the right term for that thing. I don’t think the name matters right now.] All ten licenses granted to new orgs on the new Nonprofit Cloud will have that entire bundle. So in that sense, the P10 License Grant has expanded with this new announcement, as that bundle is more expensive than what we have been getting to date and comes with extra tech. (Yay!) For the 11th license and above, organizations will be able to choose what they want to purchase: Nonprofit Cloud licenses (the whole SKU bundle) will cost $720/year. A Lightning Enterprise Edition license (a “Sales Cloud license,” like we usually purchase today) is $432/year. (Neither of these represents any change to current pricing, by the way. What the Nonprofit Cloud SKU encompasses is changing, but the name and price stay the same.) The uncertainty that I mentioned is that I don’t know what functionality users with “just” a Lightning Enterprise Edition will be unable to accomplish compared to those on a Nonprofit Cloud license. By extension, I know even less what users on Platform licenses would be able or unable to do. We don’t know what “Industries” functions such users will lose, much less what parts of the as-yet-unseen Nonprofit Cloud application. The Technology News flash: What has just been announced is not yet ready for Prime Time. I know that you may be surprised to hear that an announcement of a new product from a tech company is not actually ready yet. 😜 You should not plan to migrate your current org to the new Nonprofit Cloud any time soon. There would be no immediate benefits and that migration is going to be a big undertaking. I fully expect most organizations to put it off as long as possible, upwards of five years, probably more. If your system ain’t broke, don’t fix it. If you are about to embark on a net new implementation, you have a tough choice to make: You can implement using NPSP, which Salesforce.org has committed to supporting, but is not being additionally developed and will eventually be “the old version.” You can implement the new Nonprofit Cloud, which will be version 1.0 at best, and might feel more like beta 0.9 for some time. You’ll be on the leading edge. (Or possibly the bleeding edge.) Or you can split the difference, implementing on Nonprofit Cloud but building much or all of your functionality custom. That might make it easier to adopt features as Nonprofit Cloud gets more mature. For now you’d be out of step with almost all other nonprofits using Salesforce, who are on NPSP. That’s not an easy choice. I’d be torn between one and three. To the extent that you can buy “it” yet, nobody’s really seen what “it” is. And when it actually comes out, it’s going to be a “minimum viable product.” This is going to be the first release of a new product from a software company. Some cynics might even refer to it as a “paid beta.” One can hope they’ll release a “minimum loveable product,” but I’m not going to hold my breath. What initially rolls out will be program management, then impact measurement, with fundraising not even being released until the fall. I think it’s safe to assume none of those releases will have full feature parity with their equivalent current products. (Though they should have some new cool features of their own.) And Salesforce has said that they are not planning a new payment processing platform (like Elevate.) I honestly just don’t know what to expect out of the actual Nonprofit Cloud product offering. It’s barely even available for anyone to get their hands on. There’s some way partners can get a learning org or… something… (I haven’t even tried.) Anway, as noted above, what comes out in the next few releases is going to be minimum viable, so I feel no urgency around it. (I’m sure I would feel urgency if I worked for an independent software vendor (ISV) that had an AppExchange product that I’d need to rebuild to be compatible with the new model.) The only thing we really know is that Nonprofit Cloud will use Person Accounts. That’s a pretty big data model shift, but it doesn’t bother me. I used person accounts for one project and thought they were fine. There’s a bit we'll all have to learn about how they work (always act like an account, sometimes like a contact) and they use a bit more storage (because every contact is also an account). But since storage was increased several years ago I don’t think this is likely an issue for most organizations. Also, person accounts are apparently the state of the art for things like Financial Services Cloud and have gotten quite a bit more love since Industries became a thing. I’m firmly planning to ignore Nonprofit Cloud for at least a year, probably two or three. Eventually I hope to look back and find that it’s grown up a bit and then I’ll start–only start!–thinking about adopting it. Timing of Announcements (what we knew and when) Full disclosure here: Lots of people–including I–did not just learn of this when it was announced on 3/14. Salesforce.org held embargoed meetings with Salesforce MVPs, partners, and presumably some larger nonprofit customers starting in late fall, 2022. (I assume there were people with better access than I have who learned things farther back than that.) Salesforce.org made missteps in the communication that caused a great deal of panic. First there were questions about whether the Power of Us donation would go away, or if some things would be no-longer free, or become more expensive, etc. Then there was the technical question of what would be compatible and worries over the cost that organizations will have to bear when/if they migrate to the new thing, not to mention uncertainty over whether or when they would be forced do so. The layoffs at Salesforce (that at least seem to have impacted Salesforce.org disproportionately, though no hard data is available on this) added significantly to the uncertainty and the anxiety. And, as you may have noted if you listened to my question from True To The Core, the absorption of Salesforce.org two years ago, the folding of the Power of Us Hub into the wider Trailblazer Community, switching technologically to using the Industries core architecture, a complete changeover to a new product, and then the layoffs, definitely opened the question of whether nonprofits are being viewed as “just another industry vertical” by Salesforce. I hope that all of my discussion, above, makes clear that I think those fears/questions have been laid to rest. I did not come to this level of detachment right away, so I think it’s OK for you not to as well. This was one of the most difficult NDA’d pieces of information I’ve ever held, mainly because it wasn’t so much “information” as the opening of a discussion that we were unable to actually discuss. I’m very glad to finally be able to talk about this openly! What Does this Announcement Signal About Salesforce.org? I have never thought that Salesforce–or even Salesforce.org–was some kind of altruistic actor. Read Marc Benioff’s books or listen to any one of his keynotes: That man is A Capitalist. I think he actually believes himself when he says, “business is the greatest force for good.” Salesforce is a capitalist enterprise, a multi-billion dollar corporation that exists only to make money. Do not kid yourself that it is anything else. (Capitalism would not allow it to be anything else. That's what the ism part means.) I applaud the 1-1-1 model and appreciate all that Salesforce does to support nonprofits. But I am under no illusion that this is anything more than noblesse oblige. I know that Salesforce.org used to be a “social enterprise,” but maybe I just came along too late in the evolution to be all that impressed by the term. At least by the time I was learning about it, Salesforce.org seemed to be a strange kind of hybrid creature that granted some licenses but sold others, had a sales operation that acted exactly like car dealers, and supported interesting events like Open Source Sprints but was completely opaque when it came to organizational structure and goals. So when .org was reabsorbed into .com two years ago, I mostly just shrugged. And it’s actually been quite interesting to see how being “internal” has clearly given better access to technology, decisionmakers, and even resources. (Sprints, for example, now take place in Salesforce’s offices, usually known as "Towers." That ensures a much better wi-fi environment than hotel conference rooms could be counted on for, makes single day events do-able, and gives us access to great free snacks and beautiful city views.) Salesforce.org built and supported some interesting technical products that have been good for nonprofits. They’ve also built some things my clients haven’t bothered to pay for. I’ve heard criticism that .org builds for the market of larger and better-resourced nonprofits that can pay for things. Well, “Duh!” (It’s amusing to me that some of the people leveling that particular criticism are consultants at medium or large consultancies that survive financially by working with those size organizations. Consultancies can’t make a profit working with the tiny orgs that are most of my clients, for example.) Nobody expects Ford to donate a Fiesta to any nonprofit anywhere in the world just for asking. Salesforce does the equivalent of exactly that every single day! Apple donates some hardware to schools, but that’s through a formal grant program, it’s not available to every school every year. Schools can buy through the Apple Store for Education at about a 10% discount. Salesforce gives ten licenses in perpetuity to any organization that can waive a 501c3 (or national equivalent) and then discounts 50-80% beyond that for everything else. Neither the automobiles that nonprofits drive nor the computer hardware they use are customized for how those nonprofits do business, at least not unless they pay for such custom work. But Salesforce.org gives nonprofits the NPSP/EDA/Nonprofit Cloud/Education Cloud to customize the platform for our needs. If only the Power of Us Grant and the discounts remained, I would still consider that a pretty great support of nonprofits. So long as Salesforce.org in some form is alive and kicking, creating software, supporting Open Source Sprints, bringing nonprofits and educational organizations together, etc, that’s a bonus that I am thrilled to benefit from.
- Setting Up the Free Integration Users
A couple of weeks ago I was excited to write about the free integration users that Salesforce has granted to all organizations. As of that writing the licenses were still rolling out, so nobody had really had a chance to use them. Now that they’re available, there’s been a great deal of discussion/confusion about how to actually make them work. If you wade through the Trailblazer Community thread in that link, you can figure it out for yourself. But I thought it would probably be helpful if I wrote up clear instructions. As it turns out, the free integration user licenses are free like a beer. But it’s like they’re a beer bought by your high-maintenance friend. Perhaps after you’ve helped him assemble Ikea furniture. Or helped him move. Or both. That is to say, it’s a bit of work to use these free licenses. The steps you have to take are: Create a user with the Salesforce Integration user license and the only profile that you will have an option for once you have selected that license: Salesforce API Only System Integrations. (Or modify an existing user to have this license and profile.) In that user record, under Permission Set License Assignments, assign the Salesforce API Integration PSL. (I do not understand what a permission set license is or does. But without it you can’t assign a permission set in step 3 that grants the access you are going to need. I know you have to do this because of the Help article about the integration user licenses.) Create a permission set (or permission set group) that grants access to the right objects and fields. Assign that permission set to the user. That sounds pretty simple in black and white right there. But Step 3 is going to feel like assembling the worst Ikea project ever. Permsets are the Future What makes using the new Salesforce Integration user a challenge really comes down to the fact that integration user licenses come from a future in which permissions no longer reside on profiles. So you have to assign a permission set in Step 3 or else the integration user can’t access any objects or fields. But you and I don’t yet live in Salesforce orgs where all permissions are granted via permission sets ("permsets"), so we don’t have a permission set ready. In January 2023, Salesforce announced, via a blog post from Cheryl Feldman, that permissions on profiles will “end of life” at the Spring ‘26 release. We’ve known for a couple of years already that permission sets and permission set groups were the future of user management but Cheryl’s announcement put a deadline on the transition to focus our minds. The simple summary of that transition is that in the future every user will have a profile that grants basic login rights and a small handful of deep system privileges but all permissions related to object and field visibility will be layered onto users via permission sets. (Probably, users will get one or more permission set groups, which allow you to group permsets and then grant them all to a user at once. But it’s easier to discuss just in terms of permsets.) This is a better way to be able to manage user access by the principle of least privilege, in which you only give people access to those parts of Salesforce they need to do their job. Most organizations today, particularly the smaller nonprofits that I’ve worked with, have a couple of profiles that grant wide permissions. Even if they are given different profiles, program users and development users can see all the same objects and fields. The difference in the profiles may be that their page layouts or app defaults are different, but fundamental permissions are the same. Honestly, I suspect that most organizations probably use just a single profile (other than sysadmin). And for most of the rest, that have two or three profiles, a side-by-side comparison would show very little difference between them. It’s just rarely worth the effort to make the profiles very different in a small org, as there’s most people will need to see both program and development data. Since users can have only a single profile, what would you make someone that needs to see both program and development data? (Please don’t say, “We just make them a sysadmin.”) You would need either a “program and development profile” or you would have to manage both the profiles and some permsets for granting the other set of permissions. There just isn’t enough time in the day to put a ton of effort into ensuring that we have profiles with minor differences in object and field permissions. And as of right now, Salesforce is still mostly built to accommodate using profiles as the main differentiator. Permsets have existed for a while, but they’ve generally been secondary to profiles that have the bulk of permissions. (For example, when you install from the AppExchange the installer offers to "install for all profiles," with no options relating to permsets.) Even if you want to be forward thinking about using permsets, it’s still a little harder to manage. That was my long way of saying that in my experience most orgs manage user permissions through profiles primarily, if not exclusively. Even those of us that are interested in moving toward the future probably have only taken baby steps along that path. Licenses from The Future So, back to the free Integration User licenses. It’s not really just the licenses that appeared in orgs last month, there is also a profile to go with them, called Salesforce API Only System Integrations, which is the only profile you can assign to the integration user. And this is a profile from The Future: It can’t have object permissions. If you clone that profile and try to add, say, Read and Edit on Accounts, you’ll find that object settings for Account simply aren’t there. The new Integration User license can only take the Salesforce API Only System Integrations profile and that profile can’t be given access to any of the objects and fields you need it to see. That’s because, like I said, it’s from the future. (Just be glad it’s not here to assassinate us to prevent a future rebellion.) Fortunately, the user profile from the future can be granted permission sets. So all you need is a permission set that grants access to the objects and fields your integration user is going to need. Depending on what that integration user does, that might be a short or a very long list. If I’m setting up the integration user for a form tool, for example, I expect that it’s eventually going to need access to most, if not all, of the same objects that power users need. Just think about it, I could make a form for: Donations, which, depending on the complexity of the need, could require access to Account, Contact, Opportunity, Payment, Campaign, Campaign Member, GAU, GAU Allocation, Product, Pricebook, Task, User (to assign the task) and probably several more. Program Registration, which would require access to our custom objects for Program, Enrollment, etc… Surveys, which would require access to Contact, Survey, and possibly several more. So you can see that for some integration users you’re going to need a permset that grants a lot of access, as much as (or possibly more than) some users need. Even if you are super-conscious of security and only add iteratively to the form tool integration user’s permissions as you build each form, the final result is going to be a pretty extensive permset. And it's probably not one you already have. Prepare for the Future Today So we have the reality that at least one of your integration user’s permissions are going to be quite wide. Let me add the other consideration that a whole lot of orgs today have integrations logging in as sysadmins (either an integration user on a sysadmin profile or—worse!—sharing the login of a person who is a sysadmin). I would, therefore, argue that anything we do to grant permissions to the integration user granularly is going to be a security upgrade, even if “granularly” still starts from a large pile of permissions. So as you set up your permission set to make the integration user work, think about it as preparing your org for the user management regime of Spring 2026 and beyond. That means you’re going to make a permset for the integration user that serves as the foundation of your permset for human users. Permission to Build in Production [Temporarily] Granted I think I’m pretty consistent in reminding people to only build in sandboxes, never directly in production. (Though I also am realistic and think there are certain changes that it’s perfectly reasonable to make directly in production. I should probably write a future post on that...) Unfortunately, you simply can’t realistically work in sandboxes for this purpose because of the way profiles and permission sets deploy. When a profile or permset is deployed via a change set (or other deployment management tools), the only parts of it that actually deploy are those that relate to the other metadata that is deploying with them. That’s pretty interesting, if you think about it, because it means that Salesforce doesn’t just deploy a file for the profile or permset, but actually compares what it’s uploading to what is already there and only edits inserts, leaving the rest of the file alone. This interesting functionality supports deployments coming from people working in different sandboxes. If it didn’t work that way, for example, then Jodi would deploy her new custom object, Cars, and a modification to the Program Manager profile granting access to Cars and its fields. An hour later, when Aaron deploys the flow he’s been working on (in a different sandbox) that works with fields only on Contact and Account, his Program Manager profile is coming from an environment that doesn’t have Cars. Aaron’s deployment would overwrite what Jodi deployed, removing access to Cars for the Program Manager profile. So it’s usually quite handy that Salesforce deployments of permissions relate only to the metadata that comes along. But if you are trying to build a permission set that grants access to all objects, all fields, all tabs, and all record types, you would have to build up a change set that also includes all of those things. First, good luck ensuring that you get every relevant object and field into your change set without missing something. Second, the changes you send with all that metadata may overwrite or revert things that have changed in production and are out of sync with the sandbox you were working in. (I know you should have procedures for deployments to avoid that kind of overwrite, but it’s a lot harder to ensure it doesn’t happen when we’re talking about every object and field, which includes all descriptions, all help text, etc.) Copado Essentials, formerly ClickDeploy, my deployment tool of choice, has a “profile only deployment” option. As I understand it, that means that you add all the other metadata to your deployment to indicate the parts of the profile to send. But when it actually is sent, it’s only the profile that moves over. Interesting. But there is no such thing as a “permission set only” deployment. I hear that Gearset has the ability to do a permission set only deployment, but I couldn’t figure out how. I don’t think Salesforce’s native Change Sets allow for either of these options. Besides: Have I mentioned my skepticism that you would manage to add all the relevant related metadata to your change set without missing something? Copado Essentials makes it pretty easy to Select All and I’m still paranoid that something would be missed. Adding all the metadata into a change set via the native Salesforce change set tool is too painful to even contemplate. So...you’re going to build your new permset in production. Building the Standard User Permset Now I have bad news for you: It’s going to take hundreds of clicks to build out your permission set. Maybe more than a thousand. If you work in just one org, at least you can take comfort in only clicking hundreds of times once over. A solo consultant like me gets to do it for each of my client orgs. Ouch. Worse yet, I determined that you have to do this work directly in production the hard way. By “the hard way,” I mean that I did the hundreds of clicks in a client sandbox, with the intent of testing that the integration user had all the permissions it needed before I moved to production. Then I found that I couldn’t deploy the permset and had to hand rebuild it in their production org! Double ouch. Hopefully sometime in the next few years Salesforce will put out tooling that makes this easier. (I know that Cheryl Feldman and her team are already working on some of it.) But unless you want to wait for better tools before you use the integration licenses you’re going to have to go through this pain now. (And having done so, you might not even need the better tools later. Womp womp. 😞) As noted above, I think at least one of your integration users is going to need similar permissions to a standard user (or possibly a little bit more), so I’m going to write these instructions on the assumption that you are building out a single base permset that actually has quite a lot of object and field permissions. If you have only integrations that have limited permission needs, you should build them very limited permsets (again: the principle of least privilege). But if you have at least one integration user (like your form tool) that needs a lot, this is the time to build a wide baseline permset. It’s easier to clone that permset and edit down to make less-privileged versions later. Here’s what you need to do: 1. Make a new permission set. (Setup>Users>Permission Sets>New) You can call it something like “MyOrg Standard.” I always recommend a Description. (Help Future You remember how this permset is used.) Do not associate it with a license type—leave that picklist blank. 2. In the permission set, go to Object Settings. (I’m assuming you’re using the Enhanced Profile User Interface. If you are not, go immediately to Setup>Users>User Management Settings and move the slider to Enabled. I don’t know how anyone works with the classic profile/permset editor!) Here you will have a list of all the objects in your org. (You'll also see a bunch of things such as “App Analytics Query Requests” that are listed as objects but maybe aren’t quite? I don’t understand it. Just ignore those.) 3. Open one of the objects, perhaps in a new tab. Let's take Accounts as our example, since it's at or near the top. This profile is going to need at least Read access for every object the integration user might touch, including Accounts. Given that the integration probably inserts and/or updates data, I think you probably want to grant Create, Read, and Edit (“CRE”) for each of those objects. (Most integrations and most standard users probably don’t need to delete, so we’re not going to grant that permission.) You are also going to need to grant edit for most fields on each of those objects. And for those fields that aren’t editable (like formula fields) you need the integration user to have read access for that field. This is where the enormous amount of clicking comes in, as there is no Select All button. Sigh. [And to make things worse, the field level security boxes are tiny and low contrast, so it’s hard to tell which Edit boxes are grayed out and which you want/need to click. It's hard enough for me. I have no idea how people with vision problems are able to use this interface.] I’m going to be honest here: I just checked every single box on every single object. In theory I should consider the purpose of each field and decide whether this permission set needs read or edit access to it. But that would take forever. It’s just not reasonable in this context. It’s one thing to carefully consider field level security by user persona as you create a new field or three, but it’s exponentially more difficult when you are talking about all fields on all objects at once. 4. Don’t forget to also give visibility into the object’s tab, if applicable. Admittedly, the integration user probably doesn’t need the tab visibility, as it doesn’t use the UI, but I think it’s worth the click now, while you’re already here, in order to make this a permission set you can use for people in the future. 5. Similarly, assign all record types to this permset. Again, any given integration might need only one or two record types, but if this is going to be the basis for a permset used by humans later, they’re probably going to need them all. Save clicks later by making this The Big Full Access Permset. It will be easier later to narrow things. 6. When you’ve done this for every object your integration user (or future humans) might need, you can stretch out your mouse hand and reward yourself. 🧁 My method was to open the Object Settings and option-click a dozen or so objects into new tabs. Then I went through the tabs clicking Edit on each. Then I worked my way down the line of tabs doing all the clicking, saving, then closing that tab. When I ended up back at the objects list, I refreshed, then started again from the bottom-most object that needed access but didn’t have it yet. You may want to listen to a podcast or music while you’re doing this mostly-mindless clicking work. 🎧 Pro Tip: Work on a permset that is not yet part of a permission set group. That will allow you to save much faster. Permsets that are in groups need extra time to process a save because the permset group also recalculates. I found that if my permset was in a group I couldn’t really work in different tabs because I was faster than the recalculation. Further discussion: I just described creating a single master permission set. In theory it would be better to create permission sets either for single objects or at least clusters of objects that go together for individual bits of functionality and then to group those into a permission set group. But as I think I’ve said multiple times, “Who has the time?” Building permsets up like that is great in theory and may be workable as you are implementing a brand new org, but it’s unrealistic when you’re talking about an org that’s already in use and a small Salesforce admin team. If you want to just get integration user licenses working, this is the baseline for how you can do it. It's Worth It This is clearly a ton of work to get set up the first time. But remember that you're laying the groundwork for a user management and security transition you have to make in 2026. Plus you're getting to use free integration users and save your paid (or granted) licenses only for people!
- Actual Free Stuff! Five No-cost Integration Users Announced at TDX23
Good news nonprofit Salesforce users: We’re getting more free stuff! Actually, everyone’s getting this free stuff, not just nonprofits. 🎊 In response to a question at True to the Core during Dreamforce 2022, Salesforce has granted five free integration user licenses to every Enterprise Edition org. And just so nobody’s confused, let me stress that these are free like a beer! 🍻 If you’re integrating more than five systems and need additional licenses they are very cheap, costing just $120/year (list price). Nonprofits will get the regular 75% nonprofit license discount, bringing these down to just $30/year. Why is this important? I mean, any time we’re getting more for less, I would consider it important news, considering my personal inclinations. But this announcement in particular means that all orgs can improve security and auditability for integrations without cost being a factor. I think that’s something to celebrate! 🎉 What is an Integration User? An integration user is simply a dedicated login account for an external system that is going to integrate with (“talk to”) your Salesforce instance. It's going to communicate only using the API, not the user interface for humans. Think: Fundraising Platforms (GiveLively, Click&Pledge, Classy, etc…) Webform providers (FormAssembly, JotForms, GetFeedback, FormTitan, etc… Middleware (Zapier, Workato, etc…) Email Marketing Platforms (Mailchimp, Constant Contact, etc…) Event Registration Platforms (EventBrite, etc…) Let’s use a fundraising platform like GiveLively as our example. Once you set up your GiveLively account, you are going to have it log into Salesforce to add new users and donations. I (and others) strongly encourage that you do not have GiveLively log into Salesforce as you. And I don’t want GiveLively to log in as your development director either. I want GiveLively to log in using an account specifically dedicated for GiveLively. (Usually First Name “GiveLively,” Last Name “Integration,” or something like that…) There are many benefits to this, among them: Don’t make me guess whether that record created at 3:13am was actually the development manager working in the middle of the night! Probably not, but why work on assumptions? If a record is created or modified during the workday it’s really hard to be sure it was the integration and not the user whose account it had logged in as! You can set up the integration user with the “principle of least privilege,” meaning that the GiveLively integration user should only have access to the objects and data that it needs, and no more. When someone leaves the organization you won’t be deactivating the account that makes the integration work. When you are no longer using the integration you can shut down its user access and know for certain that it won’t be touching your data anymore. I hope you’re convinced that having an integration user is a best practice. And it should be equally clear why the true best practice is to have a single user for each integration. You want to be able to distinguish between the data changed by a person, by GiveLively, and by FormAssembly, even if they all made edits to the same contact around the same time! Credit Where Credit Is Due Kudos to Salesforce for their response to the question from Alon Waisman at True To The Core during Dreamforce 2022. Alon noted that having a dedicated integration user is a clear security best practice. But by requiring a full license for those users, Salesforce was making organizations balance security with cost. And when that’s the situation, security doesn’t win. Co-CEO at the time, Brett Taylor, agreed that should change. What’s in it for me? How much this is actually going to save you depends on the size of your Salesforce instance and on the timing of your contract. Salesforce generally does not allow you to reduce your contract size mid-year, so if you are going to see savings, that won’t happen until your contract renewal. And at that point you will have to directly ask to have the number of licenses reduced before the renewal date. By default Salesforce is going to renew all the licenses you currently have active (whether they are currently being used or not). For Small Nonprofit Instances (P10 Licenses Only) If you currently are not paying for any Salesforce licenses at all (you have just the ten licenses granted under the Power of Us program), this might not mean any dollar savings. But it does mean that you can now have more human users before you will have to pay Salesforce any money. You’ll be able to have up to ten human users and up to five integration users, for a total of 15 licenses, before you need to buy anything. For Nonprofits Over the P10 If you are paying for a handful of licenses right now (your 11th and up), this should save you up to five licenses (that you’re paying $432/year for). For most nonprofits I would expect a savings of two or three licenses. Yay! For Organizations That Do Not Get License Grants If you work for an organization that doesn’t qualify for the Power of Us grant, this could save you quite a lot of money. Let’s assume you have just three integrations and that you are paying list price ($1,800/year) for all of your licenses. That’s $5,400 that just came off your Salesforce bill with no effort! Most organizations pay a bit below the list license price, but probably also have more than three integrations. The savings add up pretty quickly. It's a Pi Day Gift! 🥧 The licenses are set to go live on 3/14, the same day I’ve set this blog to publish. Happy Pi Day everyone! Enjoy some of the delicious baked kind. 🥧
- My First Einstein Prediction
[This turns out to be the third in a series of posts. Not that I meant to have a series in the first place. Or if I did, I hoped it would be about the cool things I learned from AI predictions, not a deep dive into installing and licensing... Anyway, this post should stand alone, but if you want the background, read “Cheap (or free?) AI for Nonprofits?, and Still Trying to Try Einstein.” I’ll have more detail and some updates here, but I’m not going to rehash everything I wrote before!] I finally got Einstein Prediction Builder (EPB)/Einstein for Nonprofits to work in a real client production Salesforce instance! Actually, true confession: I pulled that off at the end of November, three months ago. Then I promptly didn’t do anything with it (or even write this blog post) because I was lazy. But that, I think, is part of the learning journey we’re on together! How to Install Einstein for Nonprofits Though there is help documentation, I think it’s worth listing out the steps to install while we’re at it. 1. Go to Setup>Einstein Prediction Builder, review the terms and conditions, and turn it on. Eventually, you'll have this: You need to already have Einstein Prediction Builder (EPB) turned on before you can install Einstein for Nonprofits (EFN). 2. Install Einstein for Nonprofits via Salesforce.org Metadeploy (https://install.salesforce.org/products/efn/latest) More on this down below, but it’s possible you won’t be able to install if you don’t have Nonprofit Cloud. 3. Navigate to the Einstein for Nonprofits app (see this help page) and click “Setup and Train Models.” 4. Navigate back to Setup>Einstein Prediction Builder. You should see three predictions installed now. Now’s your chance to [try to] activate one of them. Quick Sidebar into My Experience Activating Predictions As I noted in Still Trying to Try Einstein, the installed predictions refused to activate for me in one of my client orgs (the one that has interesting and plentiful data). They were stuck in Pending status. Support eventually suggested that I clone them and activate the clones. I procrastinated on that for a while because it seemed like it would be a pain, but it actually turned out to be easier than I expected. Einstein takes care of creating a target field for holding your prediction results. You don’t have to create a field before you start the prediction builder wizard. Nice! It was a bit of a "gotcha" that the Description field on a prediction can only hold 128 characters. (You don't find that out until you try to save.) Of course, if you have to clone a prediction that failed to activate, you’re going to have the target field for the failed one cluttering up your org. Not a big deal, but this kind of thing annoys me. Support tells me that my cloned predictions will use the Einstein for Nonprofits backup models if there isn't enough data in my org. (I have absolutely no way to evaluate whether this is true.) A Working Prediction! With my cloned prediction active, let's look at the scorecard EPB provides: It appears that EPB thinks that having a value in Preferred Email (home, work, alternate email selection) is the single most relevant field for predicting if someone is likely to become a first time donor. I have...opinions...on that. (But what do I know? Maybe the machine learning has spotted something interesting that we humans wouldn't assume. That's the whole point of this exercise, so I'll give it the benefit of the doubt.) I then enabled the prediction and went away for the weekend while it churned through the data. On Monday, a contact report showing my target field had results! In the image, I have grouped the report by the result values of the target field, so the Record Count is how many contacts have that number in the result field. What threw me at first was that a Yes/No prediction ("Is this contact likely to become a first time donor?") results in numbers, rather than true/false. The numbers are the percentage likelihood (of becoming a first time donor.) That totally makes sense now, but it had been a while since I completed the Einstein Trailhead modules, so I needed a moment to understand it. The real problem is that I’m not sure what to do with this now that I have a distribution. I suppose we could target outreach and fundraising efforts to the 29,000 people that are at least 31% likely to become first time donors, but that’s a lot of people. Far too many for individual outreach efforts... This is the point at which I found myself really stuck. I'm still not sure it's worth showing this to the client in whose org I tried it out because I don't think they have the staff bandwidth to use the information. And I'm not sure how I feel about the quality of the prediction. Other Predictions With Try Einstein, the freemium trial, you can have only one prediction activated at a time. My understanding is that you could deactivate this one and activate another one and the values in the target field (what's showing on my report) will persist. So you can switch back and forth to learn from any or all of the predictions you have in your org (those installed by Einstein for Nonprofits, those you create by cloning, or those you build from scratch). However, the inactive predictions won't update as new data comes in. That's probably OK depending on what you might do with the predictions. I haven't actually tried out activating the other two predictions that EFN installs. Partly that's because I would have to go through the rigamarole of cloning them first, due to the activation issue I experienced. But also, in that org I am unsure of to evaluate the quality of—or what we might do with—predictions about who is likely to become a Top Donor or a Recurring Donor. Now Let's Get Into Licensing Yes, we're going to have to get into the weeds of Salesforce licensing and pricing. It turns out that Einstein for Nonprofits isn't exactly "free" and isn't exactly available to every nonprofit. Shocking, I know. First of all, according to the person I spoke to at Salesforce.org, Einstein for Nonprofits should not install into an org that does not have the Nonprofit Cloud SKU. What constitutes that SKU is hard to pin down (and is probably going to change multiple times). But the quick-and-dirty is that organizations with just the P10 donated licenses do not have Nonprofit Cloud. A Nonprofit Cloud license is more expensive than a regular "11th" Sales Cloud license for a nonprofit, though I haven't been able to learn how much more. The Nonprofit Cloud SKU comes with Einstein for Nonprofits, Accounting Subledger, and Insights Data Platform Integrity, so doing the math from the crowdsourced pricing table, I think it's a good chunk of change. One strategy might be to buy CRM Analytics+ (CRMA+) [formerly known as "Wave Analytics" and then "Tableau CRM"]. That bundle is reasonably priced, is discounted for nonprofits, and would give you Einstein Predictions and Einstein Discovery. (Einstein Predictions would allow you to build and activate more EPBs at a time.) But CRMA+ should not actually allow you to install the EFN predictions. I'm told that Discovery (which is to say, "Tableau") may actually be more insightful for nonprofits than EPB because it allows them to see more of the "why" behind information. Moving more toward selling CRMA+ and helping nonprofits do more with visualizing their data is likely part of Salesforce.org's future direction. Your Installation Mileage May Vary (Mine did.) Finally, let me note that I was able to install EFN into two orgs that absolutely do not have the Nonprofit Cloud SKU. You might be able to as well... but Salesforce's intention is to fix that. (Maybe they already have.) Consider grabbing EFN while you can! You also might want to clone the predictions in case they disappear if/when Salesforce fixes the licensing tie-in.
- Naming Convention Flows
Salesforce has two options for object records: they can either have a text Name field or be auto-numbered. Accounts, of course, have an Account Name field. Contacts, technically, only actually require LastName, which is obviously text. Opportunities are named. Payments (an NPSP object) are auto-numbered. Auto-numbering is nice because nobody has to think about it, but it’s kinda’ impersonal. Text fields, however, can be the Wild Wild West. If you’ve spent any time in Salesforce, I bet you’ve already encountered this with Opportunities. Some organizations train people to stick to a standard, but more often than not even adherence to a policy is spotty. You can end up with an opportunities list that is just impossible to sort through, whether it’s opps that all have extremely similar names or each has a very specific name that somebody painstakingly typed in, whether or not it gives all the information you might want at a glance. (And these were examples from Opportunities, which already lend themselves to some structure around naming!) We Need Naming Conventions Sometimes we need records where the name tells us something but where it would be annoying to make your users type it in. We need naming conventions. For example, I have clients creating records of students applying to colleges. Wouldn’t it be great to be able to glance at a list view and know most of the important information about that record? Something like: Harry Potter - Wizarding U - SY24 - Waitlist Hermione Granger - Wizarding U - SY24 - Accepted It would be bad enough trying to get users to type all of that. They would never be consistent with school names or school years. And they would definitely not keep the stage up to date! But thanks to Flow, it’s also not very hard to do it for them. Build a Naming Convention Flow These are some of the easiest flows you’ll ever build. Take the example of the college application tracker: You can actually just have one step: This is a Before Save flow (the setting in Flow Builder is “Fast Field Updates”), which means it runs before the record is even saved to the database and it runs very fast. In this case all you have to do is assign a new value to the Name field of the record. It’s going to overwrite whatever value was there with the most up-to-date information. This kind of naming convention is really easy and helpful for all sorts of objects. I use it regularly for applications, report cards, test scores, financial aid awards, and the like. If you want to impose a naming convention for opportunities, you might want to build in more logic, perhaps distinguishing between naming for individual gifts, corporate gifts, recurring donations, etc. That takes a slightly more involved flow, but there’s really nothing too complex here. It’s just a handful of decisions to decide the type of gift and then use the right naming based on that. So we’re done! Build a quick flow that updates the name–probably in a before save context–activate and move on. One Small Gotcha - The New Button I do have one pet peeve related to this: The Name field is still going to be required when you click New. 🤦 A really conscientious user (my favorite kind!) is going to see the required New College App field and type out something that matches what they’ve seen in other records of this kind. And they’re going to hate that they have to type so much. A not-conscientious user, of course, is just going to put the name of the school, or the student, or the year, but definitely not all three. You can teach people they can just put anything in the field and it will be overwritten, but that offends my sensibilities on more than one level. (Not how it works in other places. Not a good habit to get people into. Unnecessary extra typing...) And you can’t even give any sort of on-screen hint about this. (You can't put help text on a Name field. Probably nobody would read it if you did.) So you have a few choices here, none of which make me happy. Training - Just tell people that for the object in question the name field is going to be overwritten and they should put any character in that field and move on. I don’t love this option because it relies on them knowing to ignore the field in this case but you probably don’t want that kind of behavior in other places… You can make things slightly better by setting the record Name to be “_object name_ (filled by flow)” or the like. But then "(filled by flow") is also going to show up in the headers of your reports and list views, which I kinda' hate. A Quick Action - It’s very easy to make an object-specific Quick Action and then remove the standard New button on related lists. The benefit of an action is that you get a custom mini Page Layout for the action and you can remove the name field from that layout (which you can’t do from a regular page layout that would be used for the New button. You can also remove other fields that are perhaps not relevant at the moment of first record creation and can prefill fields to save your users time. My disappointment with this approach is that you can’t actually have this new action override the New button in related lists. This new action will show up at the top of the page on the parent object, next to the Edit button and the like. You have to remove/hide the New button on the related list. I think it’s confusing for users that some related lists have New right in context on the list and for others you have to look elsewhere on the page. Is this a huge deal? No. Is it poor user experience and user interface design, yes! And by the way: Your Quick Action will be used when creating a record from the related record’s page. But not if you click New on a List View… A Screen Flow - If you want to get really fancy you could make a screen flow for creation of new records. Like with a custom Action, you don’t have to ask users for the Name in your screen flow. It’s then possible to create a new list button and reference the flow’s API name as a URL. (/flow/FlowAPIName?InputVar1={!Mergefield1}&InputVar2={!Mergefield2}etc…) Then you can use that list button to override the New button both in list views and related lists. By default a screen flow isn’t going to redirect to the created record. (There are ways to fix this using UnofficialSF components, but still…) The screen flow is going to look different than other New button behavior. And the screen flow is also going to run more slowly. Let's also not forget that building a screen flow takes more than a little work, even for a simple one, and leaves you with yet one more custom thing to maintain. In real life I’ve usually gone with option #2, but sometimes just lived with #1. Option #3 just feels bad all around.
- One Form To Rule Them All
One of my favorite ways to bring the programmer’s mantra of Don’t Repeat Yourself! (DRY) into my Salesforce work is to build the One Form To Rule Them All. By playing with URL parameters you can take a simple form and use it more than once. A single Field Trip Form that can be used for any and all field trips throughout the year. A single Pre/Post Survey A multi-purpose Waiver form And so much more. The trick here—the little mental shift that can really open up possibilities—is that “questions” on the form can be used as the text or content. Let me say that again: Questions on the form can be text, instructions, or content of the form, rather than something you are asking the user to fill out. Then you put the values you want in those questions into the URL that you send out and—BAM!—the form is customized. Saves time (and time is money) building and managing webforms. Works with Any Form Tool You should be able to do this with just about any form tool because all you’re using is URL parameters. My tool of choice is usually FormAssembly. But URL prefill is pretty standard functionality and should be available with most form tools. (I’ve written here about FormAssembly’s prefill connector and the amazing powers it can bring to bear. But that’s not what we’re doing here.) The Master Field Trip Form Let me use The Academy Group to show an example. They take their students on lots of field journeys and they want to get consent each time, notifying parents/guardians about where the kids will be and what they’ll be doing. It was such a pain to create a whole new form for each trip. But now they have the Master Field Trip form. All they have to do is customize the URL they’re sending out and the form works for every trip. I have a simplified example form for us to look at in my FormAssembly account. If you go to the form without anything added to the URL it’s not very useful. But if you use this format to customize the URL you can do all sorts of things: https://www.tfaforms.com/5037437?tfa_1=[reason for trip]&tfa_23=[location] Replace the bracketed sections with your desired text and it goes into the fields. (The tfa_# references tell the form which questions to put the text into. You’ll have a similar syntax for other form tools.) You can fill more than just two fields if you need to. (URLs do have a maximum length of 2,048 characters, so don’t write a novel in your prefill. But if you’re being reasonable you can do quite a lot.) Here’s an awesome field trip that I would highly recommend based on my own recent travels. The URL is: https://www.tfaforms.com/5037437?tfa_1=To see the ice cave, learn about the unique geology of Iceland, and get an introduction to the Northern Lights. We will eat lunch in the rotating cafe with a view overlooking the city.&tfa_23=Perlán Science Museum, Reykjavik, Iceland But you can use the same form for a more realistic trip. This URL is: https://www.tfaforms.com/5037437?tfa_1=To visit a local business.&tfa_23=Mike’s Sandwich Shop, 123 Main St. ) You can create all sorts of waivers, permission slips, and notifications this way. Pre/Post Survey In One Now let’s look at one more example that can really save time: Use the same form for both a pre- and a post-program survey. To measure program effectiveness you usually want to ask program participants the same questions before and after, in order to measure the effect of our intervention. You might think you would want to build two different forms for this. But Don’t Repeat Yourself! If you have two forms and then you decide to add a question, you have to modify two forms. Instead, if at all possible, I want to use the same form for both pre and post. All that’s going to take is: A dropdown menu question for Pre or Post. (You can probably hide this question.) Setting the value of that question via the URL. (Optional) Conditionally hide or display different instructions or even questions that are used only in the pre or post context, questions based on the value of Pre/Post. See what I mean here. Don’t Repeat Yourself in the Connector Either I don’t want to go too deeply into the step of sending your form data to Salesforce. In fact, this trick doesn’t necessarily assume you’re doing anything more with your form data than having the responses sit on your form provider’s server. But if you are building a connector to send the data into Salesforce, keep the same DRY principles in mind. You can map the question that you prefilled into the created record, for example, as the name of the field trip this permission was for. Or if you need a more succinct name, you could use an hidden prefilled field (“Perlán Trip, Iceland.")
- Sprinty's Community Resources
I'm excited to share with you that a new resource launched today, created and maintained by Open Source Commons volunteers. Sprinty's Community Resources is an online library of crowdsourced community content for nonprofits and educational organizations using Salesforce. It's a fast way to find articles and How Tos that others have found useful in the past. Resources submitted by the community are searchable and sortable so you never have to wonder "Is there are good article about the true cost of Salesforce for nonprofits? Where could I find that link?" Of course, you can also just browse through the listings to learn all sorts of things. And best of all, you can contribute more resources to the list! Simply click on the submission tool and fill out a quick form with a link to whatever podcast, blog post, article, or video you've found helpful. Each resource is reviewed by a volunteer "curator" to ensure quality content is featured on the site. Sprinty's Community Resources has a Trailblazer Community Group if you want to stay in the loop on updates and ask questions. This project wouldn't have been possible without the vision of Jodi Nemser-Abrahams and Rebecca Tasetano and the input of a team of dedicated volunteers I'm proud to call my colleagues and friends: I hope you, too, will add to the resource collection and even consider getting involved with the team!