Increasing securityThe user installing and connecting S-Drive in the portal must have Modify All Data and Customize Application permissions. This is typically an Admin user. To increase security, we recommend setting up a special user with its own profile that will have Modify All Data and Customize Application permissions, and after installation those permissions will be removed. You can clone the System Administrator profile and remove permissions after installation. The steps to do this are described briefly here, but are in the instructions on this page in more detail.
NOTE: Any time your org is disconnected from the portal for any reason, you will need to restore Modify All Data and Customize Application Permissions to the service user, reconnect in the portal, then remove the permissions again. |
Login to Salesforce as Admin or as a special service user you’ve set up for S-Drive. (See “Increasing Security” above.) If using a service user, it’s best to clone the System Admin profile and use it only for the service user.
Go to the AppExchange S-Drive listing and click “Get it Now.” Follow the prompts to install S-Drive in your sandbox or production org.
After the installation is finished, go to S-Drive Configuration in your Salesforce instance:
In Classic, click on the “+” and click on S-Drive Configuration
In Lightning, click on the “App Launcher” menu which is on the left corner of the Salesforce page.
Then click on “S-Drive: Simple Secure Storage for Salesforce Users” app.
Click on S-Drive Configuration
The S-Drive Configuration tab will take you to a list of instructions as follows:
Step 1: Configure Remote Sites:
If Remote Site Settings are configured correctly, you'll see "Your remote site settings are configured correctly" message. If you see an error message in Step 1, resolve the issue by following the on-screen instructions.
Step 2: Configure Amazon S3 Credentials:
This step is required to connect your Amazon S3 account with S-Drive. You need to enter a valid "Amazon Access Key" and "Secret Key". After providing keys, if you see "Amazon S3 Credentials are configured correctly," continue with the next step.
Important Note: IAM users whom assigned individual security credentials, must have some permissions to activate and use S-Drive. The minimum policy example can be seen in https://cyangate.atlassian.net/wiki/spaces/PS216D/pages/1695809968/GETTING+SET+UP+-+AWS+and+Portal+Accounts#Identity-and-Access-Management-(IAM)-Policies-and-Minimum-Policy-Example Please apply this policy if you are planning to use this kind of user for the activation. |
Step 3: Configure Amazon S3 Bucket Name:
This is the bucket that will be used to store your files in your Amazon S3 account. Bucket name must be unique and must comply with DNS naming conventions. Bucket names cannot have capital letters or underscores or contain dots (“.”)
You can select "Use existing bucket" or "Create a new bucket" option. We recommend creating your bucket here in the S-Drive Configuration, rather than directly in AWS or using a bucket previously created here.
Create new bucket:
provide a valid bucket name
select the region name to create the bucket on this endpoint location
Click “Check Remote Sites.” You will be taken to a Remote Site Setting and need will need to save it.
When complete, click “Configure Amazon S3 Bucket Name”
You will see the page refresh and show your bucket name and the default File Upload Encryption, which is SSE-S3. This can be changed later. See S-Drive Authentication Settings for more information.
Your bucket access settings will be public by default when it is created. After it is created and you have finished the configuration process, there will be a button on the S-Drive configuration page under Authentication Settings called “Block Bucket Public Access” on the configuration page. Simply click the button to make your bucket private. This is recommended.
Use existing bucket:
Select one of the bucket name from the list (that is retrieved from your Amazon S3 account).
Important Note: If you are using and existing bucket and are planning to use S-Drive Versioning feature, we strongly suggest you use a "versioning never enabled bucket". To ensure versioning status of your bucket, sign in to your amazon console, find your bucket from S3 service and check bucket properties.
Select the File Upload Encryption Type. This can be changed later. See S-Drive Authentication Settings for more information.
Click “Check Remote Sites.” You will be taken to a new Remote Site Setting and will need to save it.
When complete, click “Configure Amazon S3 Bucket Name”
Security: Your bucket access settings will be public by default when it is created. After it is created and you have finished the configuration process, there will be a button on the S-Drive configuration page under Authentication Settings called “Block Bucket Public Access” on the configuration page. Simply click the button to make your bucket private. This is recommended. |
Step 4: S-Drive Authorization:
Go to https://portal.sdriveapp.com and login into the S-Drive portal account you created earlier. Authorize S-Drive to connect to your organization:
Click Connected Organizations link on the menu (Figure 4‑6). Then under "Connect Salesforce.com Organizations", click either “Production Instance” or “Sandbox Instance” based on where you installed S-Drive. This redirects the salesforce.com login page. Login, and you’ll see your organization on the list of “Connected Salesforce.com Organizations.”
Step 5: If you used a service user to install S-Drive:
Login to Salesforce as Admin
Go to S-Drive Configuration--General Settings Tab
Scroll down to Other Settings
Click “Reschedule” to start our payment calculation job.
Edit the profile for the service user used to install S-Drive
Remove Modify All Data permission
Remove Customize Application permission
Congratulations! You are now ready to configure S-Drive to suit your needs.