SALESFORCE #TIPS – Check where a Salesforce self-signed certificate is used

When you receive an email form Salesforce telling you a certificate is about to expire, you can see that the communication mentions the concerned instance either in the email subject (Sandbox is mentioned) and in the email body.

Here are the actions asked by Salesforce to take care of it (copied from Salesforce kind reminder) :

1. In Setup, on the Certificate and Key Management page, download the expiring certificate. Save it in case you require access to its key in the future.
2. Generate a new self-signed or CA-signed certificate.
3. Update connections to external sites or other services with your new certificate.
4. When your new certificate is tested and in use, delete the old certificate.

About the certification backup, do not hesitate to create a directory in your company’s SharePoint, just to avoid to lose track of them. You should normally never use these backups, but you never know 🙂

First, you have to create a brand new self-signed certificate. To do so, please go to go to Setup > Certificate and Key Management > Create Self-Signed Certificate

You need then to update all connected apps or SSO settings, that were using the ‘soon to be expired’ self-signed certificate, to make them use the newly created one.

Once done, go to Setup > Certificate and Key Management to navigate towards the ‘soon to be expired’ self-signed certificate, to delete it… or at least try to do so 😉

Just get your cursor above the Delete button, which is grayed out, and you will know where your certificate is still used. As you can see in the screenshot below, the system mentions in the contextual information, the place where the certificate is still used.

Here, we may see that we forgot to reconfigure a SSO Setting using this « soon to be expired » certificate.

In this case navigate to your Single Sign-On settings, in your instance setup, edit your SSO configuration, check the Request Signing Certificate, and update it to the most recent certificate.

The certificate can now be deleted (the button is not grayed anymore) :

I would suggest not to delete your certificate right after this operation, but to wait for a week, or at least a couple of business days, to be sure there has been no impact, before deleting it eventually.

Do not forget to

  • test your SSO login before ending your task !
  • monitor the Identity Provider Event Log (in the setup) to validate that the certificate update has not generated any issue.


To read more on the subject :

SALESFORCE #TIPS – Gender on CustomObjectTranslation metadata

When deploying Salesforce-related metadata, configured on a French Org, have you already met this strange error : « Error parsing file: ‘ ‘ is not a valid value for the enum ‘Gender' » ?

Metadata Gender on Custom Object translation – Error message when deploying

In fact all langages, with gender for their nouns, are possibly concerned.

That means that you could face this issue, if you are deploying metadata, between unrelated instances, from an organisation whose langage is gender-oriented, towards an organization whose langage is not.

CustomObjectTranslation – Detail on Gender tag

As a workaround, please go to the metadata repository, which contains your instance codebase.

Metadata Gender on Custom Object translation – Edit the raw file in code repository

In this case, to solve this issue, I have edited the CustomObjectTranslation raw file, from within the code repository, removed the following gender line, and then committed the modified file in the same branch.

<gender> <!-- Feminine --></gender>

Then, within Gearset – but it would be the same with GitHub Actions – please refresh your metadata comparaison to update the file content from your selection, and validate again for deployment. This time, it should be ok, and you should not cope with this error anymore.


To read more on the subject :

SALESFORCE #TIPS – How to manage the deployment error displaying flow’s regionContainerType is required

If you have ever met this kind of deployment error

Error SOM_990_Manual_Shipment FOLI_to_Ship_Section1 (Screen Component) - Because the "FOLI_to_Ship_Section1" screen field on the "FOLI_to_Ship" screen is a section, the regionContainerType is required. 
Missing regionContainerType – deployment failing due to missing field’s regionContainerType description

That comes from missing information from within deployed flows.

When you see this error, that means that a regionContainerType tag (added in Salesforce flow metadata description in a previous release : v55.0) from a flow’s field metadata component is missing.

To avoid these deployment errors, you shall edit your flow within your code repository, to add, after each RegionContainer definition line, the following tag :

<regionContainerType>SectionWithoutHeader</regionContainerType>

Here is the result of the text edition, in the flow-related raw file, seen, modified and then committed, directly from within GitHub repository

Missing regionContainerType – location of the information to add within the flow metadata

After changing the flow content, the deployment is then validated by Salesforce

Missing regionContainerType – successful deployment after the change

SALESFORCE #TIPS – Share a list view to several users

To whom may wonder how to share a same list view to a certain group of users, you should leverage Public Groups.

When creating a list view in Salesforce, you can create it :

  • for your own
  • for all users (you cannot be too selective on your filters, on a wide-open list view)
  • for a set of users from within roles / roles and subordinates

However, when you do want to share a list with a limited number of users, from the same role for example, you could feel that you should need to create a subrole just for it, or open it up to all users because you think you cannot do any other way.

Share a List View – No possibility to share to a group, if no Group had been created first

To be able to target a list of specific users, you could leverage Public Groups

To do so, navigate to Setup > Public Groups > New, create a public group with a relevant name, that would be easy to understand for users who would need to share their list views.

Share a List View – Creation of a Public Group

Once done, you will see that you are now able to share list views with Groups ; this option is now available among the list sharing options :

Share a List View – Sharing to a Public Group is possible when at least a Public Group exists

Here, we share the new list view, with the newly created Public Group :

Share a List View – Example when sharing to a group


To read more on the subject :

URL Hack to reset Salesforce user security token

This is not a very new topic, but that is something that I need to explain a few times a year, because I am frequently asked this question by consultants.

When trying to reset a User Security Token, consultants or administrator are navigating through the user settings to discover that the Reset My Security Token is not present anymore in the personal section of Settings menu, on the left side of the page.

Reset Security Token – Click Settings to access the personal settings page to access the Reset Token menu

In My Personal Information menu, in the settings panel, you can see that there is no option to reset the security token, in this instance (example, on the screenshot on the right, where the menu option is missing).

That can be the case when an IP range has been defined for your profile / user.

Reset Security Token – No Reset option

However, if you need to get a Token value, in this case, please consider the following URL hack :

  • Go to the URL navigation bar
  • Append to your Salesforce domain, the following text :
  • And click enter, once done.

A new page (in an old-fashioned Classic look) then appears, unlocking the reset option. From this page, you will now be able to reset the security token of this user, by pressing the Reset Security Token button.

Reset Security Token – Option unlocked within Classic page


To read more on the subject :