Data Security
The Salesforce Platform and the integrated applications offer numerous security features and configuration options that provide for a comprehensive data security. This covers topics like user and tenant authentication, permission assignment, data access control and sharing models, including
Organization security: Salesforce protects an organization's data from all other organizations by using a unique identifier that restricts access at every level to the data from anyone outside of the organization – including Salesforce employees.
User security: User authentication combined with network-level security by IP address, session restrictions, and audit trails provides control and visibility into what users are doing in the system and their field history.
Programmatic security: Configurable, authenticated sessions secure access to logic, data, and metadata. In addition, Salesforce offers a source code scanner that analyses the code of the apps developed on Salesforce Platform and produces a report that documents its security.
Trust and visibility: Salesforce displays real time information on system performance and security (see trust.salesforce.com), and offers tips on best security practices.
Please find further information about app and data security in the Salesforce Security Guide.
The authorization procedures, which ensure access protection and, consequently, data security (that is, the protection of master and transaction data against manipulation in JustOn software), include
User Authentication
Basically, companies secure the access to their Salesforce org – and hence, to their data – through maintaining a list of authorized users, setting password policies, and limiting logins to certain hours and locations.
Each time users log in to Salesforce, they must enter their unique username and password. Depending on their organization's requirements, administrators can set custom login and password policies for their org. JustOn software provides the following default settings:
Setting | Default Value |
---|---|
Password validity period | 90 days |
Password length | 8 characters |
Password complexity | Must mix alpha and numeric characters |
Password question requirement | Cannot contain password |
Maximum invalid login attempts | 10 |
Lockout effective period | 15 minutes |
JustOn's default password policy
For more details, see Set Password Policies in the Salesforce Help.
Salesforce provides additional identity verification tools that enhance an org’s security by requiring a second level of authentication for every user login. Depending on their requirements, companies that use JustOn software can apply these tools to protect their master and transaction data from unauthorized access. The tools include:
Salesforce Authenticator Mobile App: Using the Salesforce Authenticator app for mobile devices, users can verify their Salesforce account activity. Salesforce sends a push notification to the mobile device, and the user can verify and approve the activity details.
U2F Security Key: Users can register a U2F security key with their Salesforce account. Salesforce then prompts the user to insert the security key into the computer’s USB port.
One-Time Password Generator: If users have connected an authenticator app (like Salesforce Authenticator or Google Authenticator) to their Salesforce account, the mobile app generates a verification code, which is used as a "time-based one-time password".
SMS Text Message: If users have a verified mobile number associated with their Salesforce account, they receive a verification code in a text message sent to their phone. Salesforce then prompts the users to enter the code upon login.
Email: Salesforce sends a verification code in an email to the address associated with a Salesforce account.
For more details, see Two-Factor Authentication and Salesforce Security Guide.
Permissions and Roles
The Salesforce platform provides a flexible, layered data sharing design that allows to expose different data sets to different sets of users. This way, users can do their job without seeing data they do not need to see, which helps to minimize the risk of abuse and loss of data.
Organization: Organizations allow accessing authorized users only, if required, limited to specific times and locations.
Objects and fields: Permissions and permission sets allow accessing objects and object fields. That is, they control which data users can see and edit.
Records: Using roles and sharing rules, you can limit the access to specific records.
JustOn software ships with default permission sets.
Default permission sets in JustOn Billing & Invoice Management
Permission Set | Description |
---|---|
JustOn Billing Full Access | Read/write access to JustOn objects, irrespective of any role-based restrictions. Can be used only in combination with the Read/Write permission set. |
JustOn Billing Read Only | Read-only access to JustOn objects. |
JustOn Billing Read/Write | Read/write access to JustOn objects. Required for creating/modifying as well as emailing/exporting records. |
Payment Guest | Specific permission set for using payment service integrations. |
Default permission sets in JustOn Cash Management
Permission Set | Description |
---|---|
JustOn Payments Full Access | Read/write access to JustOn Payments objects, irrespective of any role-based restrictions. Can be used only in combination with the Read/Write permission set. |
JustOn Payments Read Only | Read-only access to JustOn Payments objects. |
JustOn Payments Read/Write | Read/write access to JustOn Payments objects. |
Default permission sets in JustOn SCHUFA Inquiries
Permission Set | Description |
---|---|
Schufa Full Access | Read/write access to the Schufa Inquiry object. Enables users to create Schufa inquiries, irrespective of any role-based restrictions. Can be used only in combination with the Read/Write permission set. |
Schufa Read Only | Read-only access to the Schufa Inquiry object. |
Schufa Read/Write | Read/write access to the Schufa Inquiry object. Enables users to create Schufa inquiries. |
Default permission sets in JustOn Connector for DATEV
Berechtigungssatz | Beschreibung | Hinweis |
---|---|---|
DATEV Read-Only |
|
Kann ohne andere JustOn Connector for DATEV-Berechtungungen zugewiesen werden. |
DATEV Read/Write |
|
Kann ohne andere JustOn Connector for DATEV-Berechtungungen zugewiesen werden. |
DATEV Manage Accounting Jobs | Erlaubt alle Aktionen durchzuführen, die eine DATEV-Authentifizierung benötigen:
|
Zusatzrecht (nur für Benutzer:innen mit Berechtigung DATEV Read/Write zuweisen). |
DATEV Full Access (disable sharing) | Falls in der Organisation Sharing Rules verwendet werden können Sie mit diesem Recht für Benutzer:innen für JustOn Connector for DATEV die Sharing Rules überschreiben, d.h. die Benutzer:innen sehen dann alle JustOn Connector for DATEV-Datensätze der Organisation. | Zusatzrecht (zusätzlich zu allen anderen JustOn Connector for DATEV-Berechtigungen vergebbar). |
Customize Application |
|
Berechtigungssatz mit Salesforce-übergreifender Systemberechtigung "Anwendung anpassen" ("Customize Application"), der es dem Anwender erlaubt, benutzerdefinierte Einstellungen zu hinterlegen. |
Operators create organization users, roles and sharing rules individually on a project-specific base.