A few thoughts about Salesforce Validation Rule

 Validation rule is a good friend of admins and end-users, to avoid bad data entry. The famous quote "An ounce of prevention is worth a pound of cure", is particularly true regarding data quality. Nobody wants the rubbish data in the production org to prevent them from getting valuable insights. However, similarly to all Salesforce features, there are always considerations.

A few common ones are already listed in the documentation, such as:

a specific setting for lead conventions (Require Validation for Converted Leads),

Web2Case and Web2Lead apply validation before creating records,

Mass Transfer tool, scheduled actions won't trigger validation,

Cannot refer to auto-number field, compound field, or dependent picklist, etc.

Recently in the practice, I found another interesting behavior.

I have 4 percentage fields to split a total amount of an opportunity, namely: Share1, Share2, Share3, Share4. To ensure they always add up to 100%, I built a validation rule.

1st version: 

Share1__c + Share2__c + Share3__c + Share4__c !=1

Then I tested with all 4 numbers are entered, looked good. But when I left any of the fields blank, the error was gone!

Hmm, something went wrong with the empty field, which seems to bypass the validation.

The good side is that we have the formula BLANKVALUE() to rescue.

2nd version: 

BLANKVALUE(Share1__c,0) + BLANKVALUE(Share2__c,0) + BLANKVALUE(Share3__c,0) + BLANKVALUE(Share4__c,0) ) !=1

Seemed to be working fine until I left all 4 fields blank. This could be OK for a use case that at least one of these fields is mandatory, but I want to allow users to leave all of them blank. So I need to add more logic for checking empty fields.

3rd version:

(BLANKVALUE(Share1__c,0) + BLANKVALUE(Share2__c,0) + BLANKVALUE(Share3__c,0) + BLANKVALUE(Share4__c,0) !=1)

&&

!(ISBLANK(Share1__c) && ISBLANK(Share2__c) && ISBLANK(Share3__c) && ISBLANK(Share4__c))

Some variation, if you always populate the Share1 first when you have value for these fields, the above rule can be simplified to this:

(Share1__c + BLANKVALUE(Share2__c,0) + BLANKVALUE(Share3__c,0) + BLANKVALUE(Share4__c,0) !=1)

&&

!(ISBLANK(Share1__c) 

This may matter because the maximum length is 3900 characters, which is not easy to hit, but it's always to keep the formula as short as possible.

Another thing worth mentioning is when record types get involved, it's better to write inclusive rules instead of exclusive ones.

For example, the object has 3 record types TypeA, TypeB and TypeC, when you want to apply a rule for TypeA and TypeC, you can either use 

RecordType.Name = 'TypeA' || RecordType.Name = 'TypeC' 

or 

RecordType.Name != 'TypeB'. 

The latter one is even shorter, but I would recommend use the former. Why? It's for the future. If you use exclusive rules, when you add new record types that don't need validations, you have to go back and modify them. But if you use inclusive ones you don't need to worry about it.

Empower Normal Users with SFDX Login

 Salesforce will enforce MFA beginning February 1, 2022, which could be a big change for your users if they still don't use MFA. I hear a lot of comments regarding this, and people are looking for alternatives to make the change easier.

I have an article about the Lightning Login, which I personally think is the best option. However, some users really don't want to use their mobile for authentication. In that case, you may consider leveraging tools like LastPass or Authy which provide TOTP for desktop as well. If they are still not satisfied, then you can teach them this trick explained here.

Salesforce is enforcing MFA for logins from UI, and API logins are waived. So if you are using SFDX for your orgs, then you don't need to worry about it. Most developers, they are already familiar with this command-line tool, but if you mention SFDX to your normal users or even some admins, they may not have a clue.

SFDX means Salesforce Developer Experience, and the main component is Salesforce CLI. However, as long as you have API access on your profile or permission set, you can use it. Obviously, you need to download and install it on your computer. Then you can directly use it with the built-in command-line app on your computer (such as Command Prompt on Windows or Terminal on Mac). You can do tons of things with this tool, and the full list is here. Of cause, logging in (sfdx force:auth:web:login) is one of them.

But it can be overwhelming for normal users, and they don't want to learn the complexity at all. For the basic login function, we're only using 2 commands, which you can easily write two scripts, literally one command each.

Auth.bat (Windows) / Auth.sh (Mac)

sfdx force:auth:web:login -a org

Login.bat (Windows)/ Login.sh (Mac)

sfdx force:org:open -u org

Of cause, you can add some user-friendly messages using echo as well.

Users only need to run the first one once to authorize SFDX, when they run it, the script will open the browser with a pop-up. They will need to confirm the authorization by clicking the blue Allow button. If they haven't logged in, they need to log in as normal first.

Behind the scenes, SFDX is saving an access token for future usage. After this process is complete, users can double click to run the login script every time they need to open the org (no more password).

I also found a GUI tool for SFDX on Github.

This is a great app that encapsulates the common commands into the graphic UI, but users need to run some commands to run it, and it's a little overkill for just logging in. But for power users or admins it will be very helpful.

It's very straightforward, download it and go to the folder then. run 

npm install for the very first time. Every time you use, just run npm start.

That's it, you can enjoy the power of SFDX without writing commands.

Lightning Login for MFA

 Last year Salesforce announced that:

Beginning February 1, 2022, Salesforce will require customers to enable multi-factor authentication (MFA) in order to access Salesforce products.

If you are familiar with internet security, you know it's a good thing to enhance security and protect your business and precious data. It will require users to use more than one thing (factor) to prove their identity, such as something they know (password), and something they have (fingerprint). The geeks may be ok with it, but what about the normal users? We all know that how users hate changes and complexity.

I've been exploring options to make this process easier for enders to adapt, and a feature that seems not well known may be the best option: Lightning Login.

It was released in 2017, but not many people I know even have heard it before. I personally used it in my developer org for a long while, and it is very convenient to allow a passwordless process to log in. The only question is that does it count for MFA? The answer is "Yes!", confirmed in the official document Salesforce Multi-Factor Authentication FAQ

Let's see how to set it up.

1. System Admin makes sure that "Allow Lightning Login" is enabled in Session Settings.

2. Make sure users download Salesforce Authenticator on their phones first.

3. Ask your users to enroll in Advanced User Details in their own settings. They have to do this by themselves because it's personal : )

Then just follow the instructions to connect the Authenticator and Salesforce account, and that's it.

Make sure to tick "Remember me" when you log in the first time in a new browser. Otherwise, you have to type your password like you normally do.

After that, you will see a lightning icon next to your username when you open the login page, and click the username and you will get a notification on your phone to approve. No password at all!

This is a lifesaver for the coming MFA enforcement, and users will love it because it makes their login process easier instead of more complicated.

Convert Address into GPS Coordinates using Saleforce

The GPS coordinates are quite useful in all kinds of projects especially when you need to use any map component. You can easily get them from a street address automatically for Account, Contact, Lead, and some field service objects OOTB.

Inspired by this blog, we can do this for any object. I made some changes (using 2 Flows without Process Builder) to achieve the same goal, considering PB will retire soon.

Get Geolocation for your Custom Object in Salesforce

Using Location object as an example, which interestingly OOTB has location field (Geolocation), but nothing related to address (You need to turn on Field Service to see this object).

The first thing is to build a few fields to save the address data: Street, City, PostalCode, Country, and Address, an optional formula one combining all together like

Street__c + ', ' + City__c + ', ' + Country__c

This one is useful to show a nice formatted address on the record detail page instead of separate fields, and can be used in a URL button like 

https://www.google.com/maps/place/{!Location.Address__c}

I use Geocodes for Lead Address to get the GPS data, so I go to untick Bypass workflow rules, and activate it.

Next, I create the first flow Record-triggered after saved on the Location object. That formula address field comes in handy again because we can check it is changed or the prior record is null, so that only necessary Location records will trigger the following actions in the flow. Obviously, you need to check the address data is not null as well.

The next actions will create a temporary lead record used to get the GPS data. Simply assign the required and address fields to it and create. One important thing is to save the Location record id to the description field of the Lead, and it is used in the next step.

The last step is creating another after saved (updated) flow on Lead object. Make sure to filter down the records (temporary one and with GPS already).

Then use this record's GPS to update the location record (Id in the description field), then delete this lead record.

Simple as that, now once you enter an address on Location, Salesforce (technically a user called Data.com Clean) will grab the GPS data for you automatically!

Things to note:

The process can take a few seconds, so you need to wait a little bit before seeing the magic.

It works well with UI data entry, not sure about Dataloader bulk importing.

Of cause, you also need to enter a real address, otherwise, you may end up with some rubbish leads. You can mitigate this issue by scheduling a flow to delete them every day.