Salesforce Winter ’23 Release Notes — The Funny Summary — Volume XII

Zakaria SEMRI

·

Follow

5 min read

·

Sep 22, 2022

--

Listen

Share

When it comes to Security, remember to always start with this

Security, Identity, and Privacy

Domains

• Enhanced Domains in sandboxes and non-production orgs are enforced in this release. You can choose to postpone until SPRING ’23, but remember at that time it will be enforced for production orgs as well. Destiny comes all the same!
• My Domain hostnames’ redirections can be logged.
• Talking about hostnames & redirections, the official documentation regarding these has been enriched.
• If it ain’t broke don’t fix it 👷 There is a new guidance in the documentation regarding the impact of changing My Domain and SSO Authentication.

• In case a custom domain uses an HTTPS certificate, include the SNI extension in the API client callers. Why? To avoid issues that could prevent the HTTPS connection. And by the way, custom domains can be tested in sandboxes 🤓.
• In Hyperforce, custom domains can be used with an HTTPS certificate 🙌.
• When it comes to using enhanced domains, remember you can also benefit from Partitioned Domains.
• WAIT? NO MORE COOKIES? C’MON! 🙀 Custom Domain Subdomains can no longer use cookies set by the custom domain. Yes that’s right, it’s time to do some testing if you have features relying on cookies. Also a friendly tip, you can use JavaScript to add a domain attribute to share a cookie to the subdomain.
• Sorry, we don’t accept c̶r̶e̶d̶i̶t̶ ̶c̶a̶r̶d̶s̶ IP Addresses. In short, IPs are no longer allowed for Certificates and you won’t be able to use or view them.

Identity and Access Management

• If your org has fewer than 100 active users, MFA is enabled for direct logins in this release.
• Multi-Factor Authentication Assistant got some updates. Use it to be fit & ready for a successful MFA rollout 🦾.
• Using the back up and restore in Salesforce Authenticator is only possible for Salesforce Users.
• You can block connected apps from using the OAuth 2.0 User-Agent Flow, but be aware of the consequences 😈.
• Meet the OAuth 2.0 Client Credentials Flow, a better secure alternative for the username-password flow. You can use it for server-to-server integrations since no user interaction is needed.
• Talking about the user-password flow, needless to say it presents security risks, therefore Salesforce is recommending to consider other alternatives.
• No more secrets 🙈 Consumer secrets will no longer appear in Metadata API responses from November 2022.
• SAML Single Sign-On Framework is getting an upgrade. This can break existing SAML-based integrations, therefore apply the new upgrade and test, test, test and test these integrations.
• I don’t always think about cybersecurity, but when I do, it’s usually t̶o̶o̶ ̶l̶a̶t̶e̶ as early as possible 🤓 The Social Login component now uses the Experience Builder site URLs for authentication providers by default.
• HTTP? (DRAKE-NO). HTTPS? (DRAKE-YES). HTTP is no longer accepted in callback URLs when setting up Connected Apps, use HTTPS instead.

Salesforce Shield

• Keep an eye logs on it 👀 Redirections from your old My Domains URLs to your current one can be logged.
• Reliability, reliability everywhere 🙌 The initial dataset uploads are now more reliable when setting up a new Event Monitoring Analytics App. Remember this comes with the append dataset configuration obviously! BETA

• Salesforce Connect adapters details for AWS are available through the External Data Source Callout event.
• No encryption? I also like to live dangerously 🤓. Encrypted fields can now be used in Einstein Apps when building predictive data models in Hyperforce, but remember this is PILOT.

Privacy Center

• The Preference Manager is now GA. In a nutshell, it’s a feature that allows to create and publish forms for your users to update their communication preferences.
• Talking about the Preference Manager, You can now customise more than ever forms created from consent templates.
• One way, to generate them all! Access tokens can now be directly generated from the Preference Manager dashboard.

Security Center

• You want more? You got more! You can now create custom report types on all Security objects.
• New Health Check settings associated with PII are added.
• Track them all! SSO & MFA logins to your tenants can now be tracked from the Security Overview panel.
• More info is available in the tenant detail page, such as if a tenant is single, married or.. wait.. 🙊 I mean, if it’s a parent tenant, child tenant or unassociated.
• WE WANT NAMES! You can now find out who installed a package in a specific tenant.

• The sandbox alias is now available next to the tenant name in the History tab.

Other Security Changes

• The documentation for Experience Cloud Cookies is enhanced with new useful informations.
• Our beloved Named Credentials have some new upgrades. In short:
  - Credentials protected by the same authentication system can be reused
  - You can grant users explicit access to a set of credentials, by linking them to a permission set
  - You are able to define arbitrary name/value pairs in the header
  - And more. Check out the details
• New territory is discovered 🌎! Private Connect support for AWS integrations is now available in new regions: Europe, Asia, and South America.
• Hmmm. That smells fishy! Content Sniffing Protection is here to help. No more bad files disguised as good files!

• You can now allow redirects only to Trusted External URLs, while previously you could only warn the users.

More Volumes?

• Salesforce Overall, Enablement and Guidance, Lightning Reports & Hyperforce
• CRM Analytics
• Salesforce Flows
• Experience Cloud, Salesforce CMS & Mobile Publisher
• Development
• Industries
• Sales Cloud & Revenue
• Service Cloud
• Commerce
• Customization
• Einstein, Customer Data Platform & Mobile
• Security Identity and Privacy

Authors

• Imane Laklaai
• Oumaima ARBANI
• Mustapha El Hassak
• Zakaria SEMRI
• Manal Outaleb