Enabling Practifi Protect



Practifi Protect is an add-on service that provides enterprise-grade encryption, usage monitoring and field audit histories to improve governance, strengthen compliance and improve transparency. This article outlines the steps for enabling Practifi Protect in your Practifi organization. 

Enablement Steps

The following enablement instructions are actionable only after Practifi Protect has been deployed to your organization. Reach out to your Client Success Manager to learn more.

Platform Encryption


Select the Setup cog icon in the upper right-hand corner of Practifi and select Setup from the drop-down menu. Use the Quick Find search bar on the left-hand side to search for Permission Sets and select this option. Create a new Permission Set called “Practifi Protect Admin” and grant it the following System Permissions:

  • Manage Encryption Keys

  • Customize Application

  • View Setup and Configuration

  • Manage Certificates

Assign the new Practifi Protect Admin permission to your user profile.

Encryption Key

In Setup, go to Key Management. Ensure that Tenant Secret Type is set to “Data in Salesforce (Deterministic)” and click Generate Tenant Secret button.

We recommend you export and securely store a copy of this key.


In Setup, go to Platform Encryption > Advanced Settings and enable the following settings:

  • Deterministic Encryption
  • Encrypt Custom Fields in Managed Packages
  • Encrypt Field History and Feed Tracking Values

Create Encryption Policies

Fields To Encrypt

Refer to the following table for fields to encrypt and their encryption types.

Please note: Field names in italics indicate fields that support only Deterministic Encryption.




  • Account Number
  • Asset/Liability Name


  • Alternate Email
  • Birth Name
  • Birth Place
  • Birthdate
  • Country of Citizenship
  • Country of Origin
  • Country of Residence
  • Date of Marriage
  • Email
  • Email (Preferred)
  • Employer
  • Home Phone
  • Location Address
  • Mailing Label
  • Middle Name
  • Mobile
  • Name
  • Other Phone
  • Phone (stores the person’s preferred phone number)
  • Postal AddressPreferred Name
  • SSN
  • Tax ID Number

Contact Point Address

  • Address

Contact Point Email

  • Email Address

Contact Point Phone

  • Phone Number

Email Message

  • BCC Address
  • CC Address
  • From Address
  • From Name
  • Headers
  • HTML Body
  • Subject
  • Text Body
  • To Address

Email Message Relation

  • Relation Address 


  • Date of Incorporation
  • Description
  • Email
  • Entity Name
  • Entity Number 1
  • Entity Number 2
  • Formal Name
  • Mailing Label
  • Member Names
  • Phone
  • Replace Mailing Name With
  • Servicing Team
  • Tax ID Number
  • Tax Number
  • Website


  • Description
  • Subject

Feed Post

  • Enabled (Check the “Encrypt Chatter” checkbox on the Encryption Policy page in Setup)


  • Enabled (Check the “Encrypt Files and Attachments” checkbox on the Encryption Policy page in Setup)

List Email

  • From Address
  • From Name
  • Reply To Address


  • Description

Noticeboard Post

  • Post


  • Policy Number

Policy Coverage

  • Policy Number

Reference Document

  • Description
  • Document Number
  • Document URL


  • Description
  • Subject


  • Email


Standard Fields

In Setup, go to Encryption Policy and click the Encrypt Fields link. Enable encryption on the desired fields and select Probabilistic as the Encryption Scheme. Then, click Save.

Custom Fields

Encryption is enabled on custom fields one at a time via the field edit page within the Object Manager. From Setup, go to Object Manager. Then, click Edit on the field you wish to encrypt object by object. On the field edit page, enable the Encrypted checkbox.

Field Audit Trail

Before enabling Field Audit Trail, ensure the Field History settings for each object are set up. Your Practifi organization already has history tracking enabled for several fields on both Standard and Custom objects. With Practifi Protect, you can track up to 60 fields per object instead of the standard 20, so any additional fields must have history tracking enabled. Determine which, if any, additional fields you want to include in history tracking.

If no additional fields are required for tracking, you can skip the optional steps below.

Set Up Additional Field History Tracking for Standard Objects (Optional)

In Setup, go to Object Manager and select the Standard Object you want to set up history tracking on. Go to the Fields & Relationships page and click Set History Tracking in the top right.

From this screen, check the fields to be added to history tracking and click Save.

Set Up Additional Field History Tracking for Custom Objects (Optional)

In Setup, go to Object Manager and select the Custom Object you want to set up history tracking on. On the main object detail page, click Edit. Enable Track Field History and click Save.

Once Field History has been enabled on the Custom Object, the process for selecting fields is the same as for Standard Objects.

Retention Policies

By default, all objects with Field History Tracking enabled will have their field history archived in the FieldHistoryArchive big object after 18 months and are retained for ten years.

Accessing the FieldHistoryArchive Big Object

You can use the REST API, SOAP API and Tooling API to work with archived data if needed. You can also query the FieldHistoryArchive object within the developer console if needed.

Changes from each History object will only be written after the 18-month time period. Before that time, field changes on object records can be accessed as normal by querying the associated History object (AccountHistory, ContactHistory, etc.).

Event Monitoring Analytics


Create a new permission set called “View Event Logs” and grant it the following system permissions:

  • View Event Log Files

  • API Enabled User

Next, from the Company Information page in Setup, ensure your user is assigned the Event Monitoring Analytics Apps license.

Lastly, ensure users are assigned the Event Monitoring Analytics Apps Admin and Event Monitoring Analytics App User permissions accordingly. The Admin permission will allow users to create custom Dashboards and Dataflows in Analytics Studio. The User permission will allow users to view them.

Enable the Tableau CRM Platform

In Setup, search for “analytics” in the Quick Find bar and select Getting Started. In the top right, click Enable CRM Analytics.

Enable Event Monitoring

In Setup, search for and click Event Monitoring Settings in the Quick Find bar. Select View Event Log Data in Tableau CRM Apps and enable the View Event Log Data in Analytics Apps setting.

Create the Event Monitoring Analytics App

In Setup, search “analytics” and click Getting Started. In the top right, click Launch Tableau CRM. Alternatively, you can launch Analytics Studio from the App Menu, as it should now be available.

From Analytics Studio in the top right, click Create > App, search for the Event Monitoring Analytics App template, and select it.

Follow the prompts, enable all available dashboards, and set each time frame to the maximum duration (typically 30 days).

Test The Event Monitoring Dataflow

In Analytics Studio, click Data Manager on the left side of the screen. You will default to the Jobs tab. Navigate to the Dataflows tab. There will be a list of dataflows that power the Analytics Studio apps. Find the pre-built Event Monitoring eltDataflows dataflow and click Run Now from the drop-down on the right. This should take a few moments to run.

Navigate back to the Jobs tab and wait for the job to complete. Once it is done, inspect the job for errors and warnings. Warnings are expected to occur and are often unimportant. Typically, it just means that the dataflow didn’t find any Event Log entries of a certain type, which in itself is not an issue.

Errors are an issue and may prevent the dataset from being created. Errors should be resolved and may require additional assistance and/or escalation.

Schedule the Event Monitoring Dataflow

Assuming there are no errors, navigate back to the Dataflows tab within Data Manager and select Schedule from the drop-down to the right of the Event Monitoring Dataflow.

Event Monitoring logs are uploaded in the early hours of the morning wherever the Practifi instance is located, typically 3 am. For this reason, we recommend scheduling the dataflow for a few hours afterwards, such as 6 am or 7 am. Check your organization’s instance and time zone to ensure your timing is accurate.


Review the Dashboards

Last, inspect the dashboards to make sure they look functional. In Analytics Studio, find your Event Monitoring app, which will likely be in a list of recent items near the bottom of the Home screen.

Inspect some of the dashboards to ensure they are populated. Logins, Reports, Report Downloads and Page URLs should be sufficient to verify the dashboards are working and populated with data.

Remember, due to the timing of the Event Monitoring Log uploads being early in the morning you may need to wait until the following day to see data.

0 out of 0 found this helpful



Article is closed for comments.