Installing and Activating S-Drive
Install S-Drive from the AppExchange
Login to Salesforce as Admin or as a special service user you’ve set up for S-Drive. If using a service user, it’s best to clone the System Admin profile and use it only for the service user.
Go to the AppExchange S-Drive listing and click “Get it Now.” Follow the prompts to install S-Drive in your sandbox or production org.
Activate S-Drive
After the installation is finished, go to S-Drive Configuration in your Salesforce instance:
In Classic, click on the “+” and click on S-Drive Configuration
In Lightning, click on the “App Launcher” menu which is on the left corner of the Salesforce page.
Then click on “S-Drive: Simple Secure Storage for Salesforce Users” app.
Click on S-Drive Configuration
The S-Drive Configuration tab will take you to a list of instructions as follows:
Step 1: Configure Remote Sites:
If Remote Site Settings are configured correctly, you'll see "Your remote site settings are configured correctly" message. If you see an error message in Step 1, resolve the issue by following the on-screen instructions.
Step 2: Configure Amazon S3 Credentials:
This step is required to connect your Amazon S3 account with S-Drive. You need to enter a valid "Amazon Access Key" and "Secret Key". After providing keys, if you see "Amazon S3 Credentials are configured correctly," continue with the next step.
Step 3: Configure Amazon S3 Bucket Name:
This is the bucket that will be used to store your files in your Amazon S3 account. You can configure more than one bucket. Bucket name must be unique and must comply with DNS naming conventions. Bucket names cannot have capital letters or underscores or contain dots (“.”)
You can select "Use existing bucket" or "Create a new bucket" option. We recommend creating your bucket here in the S-Drive Configuration, rather than directly in AWS or using a bucket previously created here.
Create new bucket:
Provide a valid bucket name. It must be between 3 and 63 characters and can contain lowercase letters, numbers, and hyphens.
Provide a unique bucket id. This is a nickname you provide. It can be the same as the bucket name if desired. This field is used to reference the bucket when configuring Multiple Bucket Support.
Select the region name to create the bucket on this endpoint location
Click “Check Remote Sites.” You will be taken to a Remote Site Setting and need will need to save it.
When complete, click “Configure Amazon S3 Bucket Name”
You will see the page refresh and show your bucket name and the default File Upload Encryption, which is SSE-S3. This can be changed later. See S-Drive Authentication Settings for more information.
You can also use the Action buttons to Block Public Access (recommended), Enable Versioning, Enable Acceleration or you can click Add More Buckets to add another bucket.
Use existing bucket:
Select one of the bucket name from the list (that is retrieved from your Amazon S3 account).
Provide a unique bucket id. This can be anything and can be the same as the bucket name. This field is used to reference the bucket when configuring Multiple Bucket Support.
Select the File Upload Encryption Type. This can be changed later. See S-Drive Authentication Settings for more information.
Click “Check Remote Sites.” You will be taken to a new Remote Site Setting and will need to save it.
When complete, click “Configure Amazon S3 Bucket Name”
If your bucket is already version enabled, or if you’d like to turn on versioning, click “Enable Versioning” next to the bucket name.
If you are using Transfer Acceleration, click “Enable Acceleration”
If you would like to block public access for your bucket, click “Block Public Access.” If the bucket is already configured in AWS to block public access, you don’t need to click this.
If you configure more than one bucket, one must be chosen as the Default bucket. This will be used when no specific bucket is specified for upload.
Security: Your bucket access settings will be public by default when it is created. After it is created and you have finished the configuration process, there will be a button on the S-Drive configuration page under Authentication Settings called “Block Bucket Public Access” on the configuration page. Simply click the button to make your bucket private. This is recommended.
Repeat the steps above to add more buckets if desired. See Multi-Bucket Support for more information.
Step 4: S-Drive Connection:
Go to https://portal.sdriveapp.com and login into the S-Drive portal account you created earlier.
Authorize S-Drive to connect to your organization:
Click Connected Organizations link on the menu. Then under "Connect Salesforce.com Organizations", click either “Production Instance” or “Sandbox Instance” based on where you installed S-Drive. This redirects the salesforce.com login page.
Login using either Admin credentials or another user with proper credentials. (See note.) If you choose to use a non-Admin user, it’s best to open the portal in a different browser. Otherwise the non-Admin user will take over your Salesforce session.
NOTE: Portal Connection User Requirements
The user connecting S-Drive in the portal is typically an Admin User since the Admin installs S-Drive and then connects it in the portal as part of the installation.
However, the Portal Connection User need not have Modify All Data permission. Using a user that doesn’t have Modify All Data permissions increases security.
If you choose to connect in the portal with a non-Admin user, that user must still have
Customize Application permission
Send Outbound Messages permission
Access to S-Drive’s Apex classes (all start with “cg.” )
Access to S-Drive’s Custom Settings Definitions (all start with “SDRIVE.cg.”)
Back inside Salesforce, an Admin user will then need to go to S-Drive Configuration. They will be shown an Activation page with a button to click. Once the button is clicked, users will have access to S-Drive.
After entering login credentials, you’ll see your organization on the list of “Connected Salesforce.com Organizations.”
The user that connects the portal to your Salesforce org can not have the Session Security Level Required at Login (found in the profile under Session Settings) set to High Assurance. It should be set to None.
Step 5: Populate S-Drive Object List
S-Drive file objects must be added into a File Object List so S-Drive knows they exist.
Click on the File Object List link
Click Find File Objects
You’ll see the file objects populated on the list
Click Go Back or close the tab
If you connected in the portal with a non-Admin user, you will see an Activate button. Click the button.
Step 6: Add CSP Trusted Sites
Once these are set up, they take 10-15 minutes to take effect. During that time, if you upload a file to S-Drive, you will get an HTTP error.
Go to Setup-->CSP Trusted Site.
In the following urls, bucketname is your S3 bucket name (and you need one url for each bucket) and region is the region where your bucket resides, such as us-east-1, eu-west-3, etc.1️⃣ Add a url in the form https://s3.region.amazonaws.com
Check the boxes connect-src and img-src as shown in the image
Click Save and New
2️⃣ Add a url in the form https://bucketname.s3.amazonaws.com
Check the boxes as shown in the image
Click Save and New
3️⃣ Add a url in the form https://bucketname.s3.region.amazonaws.com
Check the boxes for connect-src and img-src as shown in the image below.
4️⃣ If you are using Transfer Acceleration, add a url in the form https://bucketname.s3-accelerate.amazonaws.com>
Check the boxes for connect-src and img-src as shown in the image below.
Click Save
A Note on Profile: Session Security Level Required at Login
Session Security Level Required at Login is a Session Setting in profiles that can be set to require 2 Factor Authentication. The profile of the user used to connect the portal must have this set to None (not High Assurance.)
Additionally, check Setup-->Outbound Messages. On each of S-Drive’s outbound messages, ensure the “user to send as” field is a user that does not have High Assurance. The outbound messages are:
AttachmentSync Callout
FileSizeRequest Callout
FileSync Callout
Preview Callout
Set up notifications to Admins when org is disconnected
If your org gets disconnected (for example, if there is a payment issue), S-Drive will no longer work until you reconnect. You can receive an email notification if this happens.
Got to Setup-->Custom settings
Find SDriveEmailNotificationSettings and click Manage
If there is not already a setting called EmailList, create it
Click New
Name=EmailList
Value: add email addresses separated by a semi-colon, for example jane@abc.com;bob@abc.com
Click Save
Congratulations! You are now ready to configure S-Drive to suit your needs.