Overview
Practifi Protect is an add-on service that provides enterprise-grade encryption, usage monitoring and field audit histories to improve governance, strengthen compliance and improve transparency. This article outlines the steps for enabling Practifi Protect in your Practifi organization.
Enablement Steps
The following enablement instructions are actionable only after Practifi Protect has been deployed to your organization. Reach out to your Client Success Manager to learn more.
Platform Encryption
Permissions
Select the Setup cog icon in the upper right-hand corner of Practifi and select Setup from the drop-down menu. Use the Quick Find search bar on the left-hand side to search for Permission Sets and select this option. Create a new Permission Set called “Practifi Protect Admin” and grant it the following System Permissions:
-
Manage Encryption Keys
-
Customize Application
-
View Setup and Configuration
-
Manage Certificates
Assign the new Practifi Protect Admin permission to your user profile.
Encryption Key
In Setup, go to Key Management. Ensure that Tenant Secret Type is set to “Data in Salesforce (Deterministic)” and click Generate Tenant Secret button.
We recommend you export and securely store a copy of this key.
Settings
In Setup, go to Platform Encryption > Advanced Settings and enable the following settings:
- Deterministic Encryption
- Encrypt Custom Fields in Managed Packages
- Encrypt Field History and Feed Tracking Values
Create Encryption Policies
Fields To Encrypt
Refer to the following table for fields to encrypt and their encryption types.
Please note: Field names in italics indicate fields that support only Deterministic Encryption.
|
Object |
Fields |
||
|
Asset/Liability |
|
||
|
Contact |
|
||
|
Contact Point Address |
|
||
|
Contact Point Email |
|
||
|
Contact Point Phone |
|
||
|
Email Message |
|
||
|
Email Message Relation |
|
||
|
Entity |
|
||
|
Event |
|
||
|
Feed Post |
|
||
|
Files |
|
||
|
List Email |
|
||
|
Notes |
|
||
|
Noticeboard Post |
|
||
|
Policy |
|
||
|
Policy Coverage |
|
||
|
Reference Document |
|
||
|
Task |
|
||
|
User |
|
||
Standard Fields
In Setup, go to Encryption Policy and click the Encrypt Fields link. Enable encryption on the desired fields and select Probabilistic as the Encryption Scheme. Then, click Save.
Custom Fields
Encryption is enabled on custom fields one at a time via the field edit page within the Object Manager. From Setup, go to Object Manager. Then, click Edit on the field you wish to encrypt object by object. On the field edit page, enable the Encrypted checkbox.
Field Audit Trail
Before enabling Field Audit Trail, ensure the Field History settings for each object are set up. Your Practifi organization already has history tracking enabled for several fields on Standard and Custom objects. With Practifi Protect, you can track up to 60 fields per object instead of the standard 20, so any additional fields must have history tracking enabled. Determine which, if any, additional fields you want to include in history tracking.
If no additional fields are required for tracking, you can skip the optional steps below.
Set Up Additional Field History Tracking for Standard Objects (Optional)
In Setup, go to Object Manager and select the Standard Object on which you want to set up history tracking. Go to the Fields & Relationships page and click Set History Tracking in the top right.
From this screen, check the fields to be added to history tracking and click Save.
Set Up Additional Field History Tracking for Custom Objects (Optional)
In Setup, go to Object Manager and select the Custom Object you want to set up history tracking. On the main object detail page, click Edit. Enable Track Field History and click Save.
Once Field History has been enabled on the Custom Object, the process for selecting fields will be the same as for Standard Objects.
Retention Policies
By default, all objects with Field History Tracking enabled will have their field history archived in the FieldHistoryArchive big object after 18 months and are retained until it is manually deleted.
Accessing the FieldHistoryArchive Big Object
You can use the REST API, SOAP API and Tooling API to work with archived data if needed. You can also query the FieldHistoryArchive object within the developer console if needed.
Changes from each History object will only be written after the 18-month time period. Before that time, field changes on object records can be accessed as normal by querying the associated History object (AccountHistory, ContactHistory, etc.).
Event Monitoring Analytics
Permissions
Create a new permission set called “View Event Logs” and grant it the following system permissions:
-
View Event Log Files
-
API Enabled User
Next, from the Company Information page in Setup, ensure your user is assigned the Event Monitoring Analytics Apps license.
Lastly, ensure users are assigned the Event Monitoring Analytics Apps Admin and Event Monitoring Analytics App User permissions accordingly. The Admin permission will allow users to create custom Dashboards and Dataflows in Analytics Studio, while the User permission will allow users to view them.
Enable the Tableau CRM Platform
In Setup, search for “analytics” in the Quick Find bar and select Getting Started. In the top right, click Enable CRM Analytics.
Enable Event Monitoring
In Setup, search for and click Event Monitoring Settings in the Quick Find bar. Select View Event Log Data in Tableau CRM Apps and enable the View Event Log Data in the Analytics Apps setting.
Create the Event Monitoring Analytics App
In Setup, search “analytics” and click Getting Started. In the top right, click Launch Tableau CRM. Alternatively, you can launch Analytics Studio from the App Menu, as it should now be available.
From Analytics Studio in the top right, click Create > App, search for the Event Monitoring Analytics App template, and select it.
Follow the prompts, enable all available dashboards, and set each time frame to the maximum duration (typically 30 days).
Test The Event Monitoring Dataflow
In Analytics Studio, click Data Manager on the left side of the screen. You will default to the Jobs tab. Navigate to the Dataflows tab. There will be a list of dataflows that power the Analytics Studio apps. Find the pre-built Event Monitoring eltDataflows dataflow and click Run Now from the drop-down on the right. This should take a few moments to run.
Navigate back to the Jobs tab and wait for the job to complete. Once it is done, inspect the job for errors and warnings. Warnings are expected to occur and are often unimportant. Typically, it just means that the dataflow didn’t find any Event Log entries of a certain type, which in itself is not an issue.
Errors are an issue and may prevent the dataset from being created. Errors should be resolved and may require additional assistance and/or escalation.
Schedule the Event Monitoring Dataflow
Assuming there are no errors, navigate back to the Dataflows tab within Data Manager and select Schedule from the drop-down to the right of the Event Monitoring Dataflow.
Event Monitoring logs are uploaded in the early morning hours wherever the Practifi instance is located, typically at 3 am. For this reason, we recommend scheduling the dataflow for a few hours afterwards, such as 6 am or 7 am. Check your organization’s instance and time zone to ensure accurate timing.
Review the Dashboards
Last, inspect the dashboards to make sure they look functional. In Analytics Studio, find your Event Monitoring app, which will likely be in a list of recent items near the bottom of the Home screen.
Inspect some of the dashboards to ensure they are populated. Logins, Reports, Report Downloads and Page URLs should be sufficient to verify the dashboards are working and populated with data.
Remember, because the Event Monitoring Log uploads are made early in the morning, you may need to wait until the following day to see the data.
Comments
Article is closed for comments.