Site Setup and Access Settings

Using the JustOn Self-Service Extension you set up a public web application based on Force.com Sites. This section describes how to set up the site and the required security settings.

Your business may require different feature scopes:

Self service without payment provider integration,
Complete self service, including payment provider integration,
Payment provider integration only.

Depending on the intended feature scope, the setup steps to take or their complexity may differ. This documentation indicates the scope-related specifics when applicable.

Info

The JustOn Self-Service Extension requires at least the Salesforce Enterprise Edition.

Contact the JustOn support team to have the add-on installed in your org.

Usually, the extension is installed using the security option Install for Admins Only. Depending on your business, this may require configuring additional user and object permissions after installation. For details, see Installing Packages in the Salesforce Help.

Site Setup

The extension is designed to use a Force.com site exclusively. JustOn recommends not to use it together with other Visualforce pages. You can reuse an existing Force.com site or create a new one.

Creating Site

Irrespective of the intended feature scope, you need a dedicated site.

In Setup, open the Sites page.

Type Sites in the Quick Find box, or navigate to User Interface > Sites and Domains > Sites.
If necessary, register a domain name.
Click New.

Apply the following settings, then click Save to complete the site creation.

Field	Value	Notes
Site Label	`Self Service`
Site Name	`Self_Service`
Active
Active Site Home Page	`Login`
Site Template	empty
URL Rewriter Class	URLRewriter	Required for the proper functioning of the payment page.

For the proper functioning of the payment page, you must define the new site's URL as the home URL.

Copy your new site's URL.
In Setup, open Custom Settings.

In Salesforce Lightning, navigate to Custom Code > Custom Settings.

In Salesforce Classic, navigate to Develop > Custom Settings.
Click Manage in the row of Global Settings (for the JustOn Self-Service Extension).
Click Edit in the Default row.
Paste the copied URL into the field Home URL.

Make sure to end the Home URL entry with a trailing slash /.
Click Save.

Assigning Pages

You must add a number of Visualforce pages to the new site.

Open the Site Details of your site.

In the Sites list, click the label of the site to open its details.
In the Site Visualforce Pages section, click Edit.

Modifying Visualforce page assignments
Remove the following pages.
- ForgotPassword
- ForgotPasswordConfirm
- SiteLogin
- SiteRegister
- SiteRegisterConfirm

Add the following pages.

Page	Self Service	Payment Integration
ONB2.InvoicePDF
ONBSE1.AmazonLoginHandler
ONBSE1.GoogleLoginHandler
ONBSE1.Invoices
ONBSE1.PaypalLoginHandler
ONBSE1.Products
ONBSE1.Profile
ONBSE1.Subscriptions
ONBSE1.Payment
ONBSE1.PaymentPayeezy
ONBSE1.PaymentStripe
ONBSE1.PaymentResult
ONBSE1.PaypalBuyerReturn
ONBSE1.PaypalIPN
ONBSE1.CyberSourceBuyerReturn
ONBSE1.CyberSourceNotification
ONBSE1.SalesforceLoginHandler

Leave the following default pages enabled.
- BandwidthExceeded
- Exception
- FileNotFound
- InMaintenance
- Unauthorized
Click Save.

Public Access Settings

The extension needs access to a number of standard objects and custom objects in order to work correctly. To this end, you must allow/restrict access both on object and field level.

Note

Make sure to grant the access rights as restrictive as possible to avoid inadvertent information disclosure or modification.

Configuring General Object Permissions

Open the Site Details of your site.

In the Sites list, click the label of the site to open its details.
Click Public Access Settings to open the site profile.
In the Original Profile User Interface, click Edit.

If you use the Enhanced Profile User Interface, click Object Settings > Object > Edit.
Apply the following object permission settings, then click Save.

Standard Object Permissions

Object	Permissions	Notes
Account	Read Create	For the payment integration, Read access is sufficient.
Contact	Read Create
Price Book	Read	Required when using master products.
Price Book Entry	Read	Required when using master products.
Product	Read	Required when using master products.

Custom Object Permissions

Object	Self Service	Payment Integration	Permissions
Balance			Read Create Edit
Invoice			Read
Invoice Line Item			Read
Item			Read Create
Number Range			Read Create Edit
Payment Entry			Read
Session			Read Create Edit Delete View All Modify All
Style			Read
Subscription			Read Create
Template			Read
Tier			Read Create
Trigger Helper			Read Create Edit Delete View All Modify All

Note

All other objects must not be selected.

Configuring Field-Level Security

Open the Site Details of your site.

In the Sites list, click the label of the site to open its details.
Click Public Access Settings to open the site profile.
In the Original Profile User Interface, scroll to the Field-Level Security section, click View next to the object you want to modify, and then click Edit.

If you use the Enhanced Profile User Interface, click Object Settings > Object > Edit.
Specify the required access levels.
Click Save.

Field-Level Security for Standard Objects

Object	Self Service	Payment Integration	Permissions
Account			Self service: Edit access for `Billing Address` and all fields to be modified by users, no access for other fields Payment integration: Read access for all fields
Contact			Edit access for `Account Name`, `Email`, `External User Id`, `Identity Provider`, `Phone` and all fields to be modified by users, no access for other fields
Price Book			Read access for all fields Required when using master products.
Price Book Entry			Read access for all fields Required when using master products.
Product			Read access for all fields Required when using master products.

Field-Level Security for Custom Objects

Object	Self Service	Payment Integration	Permissions
Balance			Edit access for all fields
Invoice			Controlled by the general object permissions
Invoice Line Item			Controlled by the general object permissions
Item			Controlled by the general object permissions
Number Range			Controlled by the general object permissions
Payment Entry			Controlled by the general object permissions
Session			Controlled by the general object permissions
Style			Controlled by the general object permissions
Subscription			Controlled by the general object permissions
Template			Controlled by the general object permissions
Tier			Controlled by the general object permissions
Trigger Helper			Controlled by the general object permissions

Configuring Apex Class Access Permissions

Your business may decide to use Stripe as a payment provider. If you do so, you must enable the Apex class ONBSE1.StripeWebhookHandler for your site in order to completely support the integration.

Open the Site Details of your site.

In the Sites list, click the label of the site to open its details.
Click Public Access Settings to open the site profile.
In the Original Profile User Interface, scroll to the Enabled Apex Class Access section, and then click Edit.

If you use the Enhanced Profile User Interface, click Apex Class Access > Edit.
Add ONBSE1.StripeWebhookHandler to the Enabled Apex Classes list.
Click Save.

Configuring Additional Permissions for Payment Provider Integration

Info

To apply this configuration, your site must be set active.

To successfully finish a payment, the site guest user needs additional permissions for a number of objects and fields. Due to restrictions in Salesforce, a part of the required permissions must be configured manually, others are already bundled in the permission set PaymentGuest, which is shipped with the JustOn Self-Service Extension.

Hence, enabling access for the site guest user usually involves the following tasks:

Creating a custom permission set to allow accessing the Balance object as well as the Account and Contact objects
Assigning the site guest user the custom permission set and the permission set PaymentGuest

Creating Custom Permission Set

To create a custom permission set to allow accessing the Balance object as well as the Account and Contact objects:

Create a new permission set.

You can, for example, clone the PaymentGuest permission set, and then add the required additional permissions to the created copy.

For details, see Create Permission Sets in the Salesforce Help.

Configure the additional object settings in the new permission set.

Click Object Settings > Object > Edit, and apply the following object permission settings.

Object	Permissions	Notes
Account	Read
Balance	Read Create Edit
Contact	Read
Invoice	Read	Required for invoice-specific payment configurations. Make sure that `Read` access to the `PaymentProviderOverride` field is enabled.

Assigning Permission Sets

To assign the required permission sets to the site guest user:

Open the Site Details of your site.

In the Sites list, click the label of the site to open its details.
Click Public Access Settings to open the site profile.
In the Original Profile User Interface, click View Users.

If you use the Enhanced Profile User Interface, click Assigned Users.
Open the details of the Site Guest User, and scroll to the Permission Set Assignments section.
Click Edit Assignments.
Select both the permission set PaymentGuest and the custom permission set created before, and click Add.
Click Save.

Assigning JustOn License

The user of the Force.com site needs a JustOn license.

Open the Site Details of your site.

In the Sites list, click the label of the site to open its details.
Click Public Access Settings to open the site profile.
In the Original Profile User Interface, click View Users.

If you use the Enhanced Profile User Interface, click Assigned Users.
Open the details of the Site Guest User, and scroll to the Managed Packages section.
Click Assign Licenses.
Select the JustOn package, and click Add.