{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"Security Overview","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"security-overview","__idx":0},"children":["Security Overview"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Understanding the security model of the Onboarded™ application is essential for proper configuration and compliance. This section covers key security concepts administrators should understand."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"security-model-summary","__idx":1},"children":["Security Model Summary"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["USER_MODE Operations:"]}," Most operations respect the running user's permissions"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Permission Set Based Access:"]}," Access controlled through Onboarded™ Admin and Onboarded™ HR Representative permission sets"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Secure API Communication:"]}," OAuth 2.0 authentication with encrypted credential storage"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Error Logging:"]}," All sync errors are logged for troubleshooting and accountability"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"user_mode-vs-system_mode-operations","__idx":2},"children":["USER_MODE vs SYSTEM_MODE Operations"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The Onboarded™ application primarily operates in ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["USER_MODE"]},", which means:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["All database operations (queries and DML) respect the running user's object-level and field-level security"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Users can only access records and fields their profile/permission sets allow"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["CRUD (Create, Read, Update, Delete) permissions are enforced automatically"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["FLS (Field-Level Security) restrictions are applied to all queries and updates"]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["What This Means for You:"]}," The user account performing sync operations must have the appropriate permissions on all objects and fields being synchronized. If a user lacks access to a field, that field will not be updated even if data exists in Onboarded™."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"system_mode-exceptions","__idx":3},"children":["SYSTEM_MODE Exceptions"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In limited circumstances, the application operates in SYSTEM_MODE (bypassing user permissions). In every case, SYSTEM_MODE is scoped to internal tracking records owned by the application — never to your business data:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Error Logging:"]}," Error records are written to the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Onboarded_Error_Log__c"]}," object regardless of user permissions, so that diagnostic information is always captured even when the running user lacks Create access to the log object."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Internal Configuration and Status Tracking:"]}," System timestamps, sync status flags, and last-sync markers on the Custom Settings and Custom Metadata records use SYSTEM_MODE to maintain data integrity across users and contexts."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Onboarded™ Sync Queue Records:"]}," When invocable methods need to defer work to an asynchronous queueable (to avoid Flow queueable limits and to satisfy Salesforce's callout-after-DML rules), the application inserts, updates, and deletes ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Onboarded_Sync_Queue__c"]}," tracking records in SYSTEM_MODE. The records and fields being synced for the user (read from your source objects) are not affected by this; those reads continue to honor the running user's CRUD/FLS in USER_MODE."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["These SYSTEM_MODE operations are limited to internal system management. Your business data reads and writes still respect the running user's CRUD and Field-Level Security — meaning fields a user cannot see will be silently excluded from outbound payloads, and fields a user cannot write will not be updated from inbound payloads. See the Execution Context page's Flow and Trigger Context section for a practical example."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"key-security-considerations","__idx":4},"children":["Key Security Considerations"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"integration-user-access","__idx":5},"children":["Integration User Access"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The user who configures the API authentication will be used for making calls to the Onboarded™ API. This user must have:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The Onboarded™ Admin permission set assigned"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Access to all Salesforce objects where Onboarded™ data will be stored"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Field-level access to all fields that need to be synchronized"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Appropriate sharing rules to access records that need updating"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"batch-job-context","__idx":6},"children":["Batch Job Context"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Scheduled batch jobs run as the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["user who scheduled them"]},", not the user who installed the package. This is critical because:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The scheduling user's permissions determine what records can be queried and updated"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["If the scheduling user loses access to certain objects/fields, sync operations for those objects/fields will fail"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["If the scheduling user is deactivated, scheduled jobs will fail"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Best Practice:"]}," Use a dedicated integration user or system administrator account to schedule batch jobs. Ensure this account remains active and retains necessary permissions."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"credential-security","__idx":7},"children":["Credential Security"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["OAuth credentials (Client ID) are stored securely:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["OAuth credentials are stored in protected org configuration"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Access tokens are managed securely by the application"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"data-privacy","__idx":8},"children":["Data Privacy"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Consider these data privacy aspects:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Field-level security can restrict access to sensitive synced data"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Sharing rules control record-level visibility"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Error logs may contain field values — ensure appropriate access to the Error Log object"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":4,"id":"encrypted-field-requirements","__idx":9},"children":["Encrypted Field Requirements"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If a mapped field uses ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Classic Encryption"]}," (Encrypted Text field type), the user who scheduled the batch operation must have:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Edit"]}," permission at the Object level"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Edit"]}," permission at the Field level for the encrypted field"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If your organization uses ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Shield Platform Encryption"]},", the user running the batch must also have:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["View Encrypted Data"]}," system permission"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["In addition to the Object and Field Edit permissions listed above"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"strict-custom-permission-gating-for-pii-buttons","__idx":10},"children":["Strict Custom Permission Gating for PII Buttons"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The Employee Onboarded and Workflow Onboarded components expose optional Custom Permission gates for the View Document and Employer Task buttons. When configured, these gates require BOTH the Onboarded™ HR Representative permission set AND a named Custom Permission — neither the Onboarded™ Admin permission set nor the System Administrator profile alone bypass them. See the Components page's Custom Permission Button Gating section for setup details."]}]},"headings":[{"value":"Security Overview","id":"security-overview","depth":1},{"value":"Security Model Summary","id":"security-model-summary","depth":2},{"value":"USER_MODE vs SYSTEM_MODE Operations","id":"user_mode-vs-system_mode-operations","depth":2},{"value":"SYSTEM_MODE Exceptions","id":"system_mode-exceptions","depth":3},{"value":"Key Security Considerations","id":"key-security-considerations","depth":2},{"value":"Integration User Access","id":"integration-user-access","depth":3},{"value":"Batch Job Context","id":"batch-job-context","depth":3},{"value":"Credential Security","id":"credential-security","depth":3},{"value":"Data Privacy","id":"data-privacy","depth":3},{"value":"Encrypted Field Requirements","id":"encrypted-field-requirements","depth":4},{"value":"Strict Custom Permission Gating for PII Buttons","id":"strict-custom-permission-gating-for-pii-buttons","depth":3}],"frontmatter":{"seo":{"title":"Security Overview"}},"lastModified":"2026-05-29T01:46:02.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/onboarded_for_salesforce/security_overview","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}