Quick Start Tutorials: Become a Partner and Build a Simple AppExchange Solution
Learn how to build and sell solutions on AppExchange by completing short tutorials.
Note:
Some features in this quick start are available only to eligible Salesforce partners. For more information on the Partner Program, including eligibility requirements, visit https://partners.salesforce.com.
Before You Get (Quick) Started
Before you dive in to the Quick Start, bookmark helpful resources, learn key terms, and double check that you can create test environments.Tutorial #2: Develop a Simple Solution
In this tutorial, you create a simple packaged solution. This solution isn’t complicated, but it’s enough to understand where development occurs in the solution lifecycle.
Before You Get (Quick) Started
Before you dive in to the Quick Start, bookmark helpful resources, learn key terms, and double check that you can create test environments.
Resources for Salesforce Partners
Salesforce Partner Community Resources
The Partner Community, at https://partners.salesforce.com, is the primary resource for all ISVs. To get started, we recommend visiting the Education page, your one-stop shop for all ISV content. In addition, you can use the Partner Community to:
Collaborate with other partners and Salesforce.
Stay up to date on news and events related to the Salesforce Partner Program.
Log cases for access to partner-specific features and customer support.
Use enhanced search, integrated with the Trailblazer Community, to quickly find relevant resources.
Browse the Salesforce Partner Online Training catalog and sign up for courses.
The Partner Community is self-service—the first person to register your partnership becomes your designated administrator and manages the creation of additional users for your company. You can change or add administrators, as required.
Trailhead and the Salesforce Developer Resources
If you're new to Salesforce app development, review these resources before you get started.
Check out the Build Apps as an AppExchange Partner trail.
For an introduction to the Salesforce platform, complete the Admin Beginner, Admin Intermediate, and Developer Beginner trails.
For Salesforce developer documentation and other resources, visit Salesforce Developers at https://developer.salesforce.com.
Roles in the Solution Lifecycle
This guide covers the lifecycle of a solution, so not all topics are relevant for every role. Topic suggestions by role are described.
An application architect
The application architect determines the scope of the solution and the internal structures that support it. Architects need details about the underlying Lightning Platform platform that determine not only the solution's use, but which editions it supports, how it's installed, configured, and upgraded. We strongly recommend that architects review the entire guide, especially these chapters:
A developer creates, packages, and uploads a solution
A developer or a team of developers creates a solution, packages it, and uploads it to AppExchange. Developers also update the solution with bug fixes and new features. We recommend that developers review these chapters:
A publisher distributes, sells, and supports the solution
The solution publisher is the person or company who has a profile and one or more listings for the solution on AppExchange. Publisher listings contain a link to a solution they uploaded to AppExchange or to a third-party website. Publishers also set default license settings. We recommend that publishers review these chapters:
An administrator installs the solution
An administrator, or admin, downloads your solution from AppExchange and installs it. Admins can customize the solution for your business needs. To learn how admins interact with your solution, review this topic:
How to Sign Up for Test Environments
To sign up for test environments (orgs), use the Environment Hub.
Note
If you’re a new Salesforce user, log in to the org that you received when you signed up for the Partner Program. The Environment Hub is enabled in this org by default. If you’re an existing Salesforce user and are using a different org to manage development, log a support case in the Salesforce Partner Community to enable the Environment Hub. For product, specify Platform. For topic, specify AppExchange & Managed Packages.
Log in to the organization where Environment Hub is enabled.
On the Environment Hub tab, click Create Organization.
In the Purpose dropdown list, select Test/Demo.
In the Edition dropdown list, choose the edition that you want to test against.
Fill in the remaining required fields.
Agree to the terms, and then click Create.
You receive an email that prompts you to log in and change your password. Click the link, change your password, and create a password question and answer.
Tutorial #1: Sign Up for AppExchange
In this tutorial, you set up the tools you need to develop, sell, and support apps and components built on the Lightning Platform platform. You start by signing up for the Partner Program. You then have access to the Partner Community, which allows you to view helpful resources, create support cases, and collaborate with other partners and Salesforce. The Partner Community is also the best source for news and events about the Partner Program. In addition, you can access the Environment Hub, where you can create development and test organizations.
If you’re familiar with Salesforce, you know that an organization is a cloud unto itself. If you’re new to Salesforce, think of your organization as a separate environment for developing, testing, and publishing your offering.
Step 1: Sign Up for the Partner Program
The first step is to sign up for the Partner Program.
In your browser, go to https://partners.salesforce.com and click Join Now.
Note
The signup process varies according to the region or country. Follow the instructions presented.
Fill in the fields about you and your company.
Select the first option: Independent Software Vendor (ISV).
Click Submit Registration.
In a moment, you’ll receive a confirmation, followed by an email welcoming you to the Partner Program and including login credentials.
Congratulations, you’re now part of the Salesforce ISV Partner Program! Click the link to the Partner Community (https://partners.salesforce.com) and log in. Bookmark this page. You’ll be using it a lot.
Step 2: Create a Development and Test Environment
To build and sell on the Lightning Platform, you need different environments for different tasks. We call these environments organizations, or orgs for short. You use the Environment Hub to create these orgs. The first org you need is the Partner Developer Edition, which is where you develop and package your offering. If you already have a Developer Edition org, we recommend signing up for the Partner Developer Edition org because you can have more data storage, licenses, and users.
Note
If you’re a new Salesforce user, log in to the org that you received when you signed up for the Partner Program. The Environment Hub is enabled in this org by default. If you’re an existing Salesforce user and are using a different org to manage development, log a support case in the Salesforce Partner Community to enable the Environment Hub. For product, specify Platform. For topic, specify AppExchange & Managed Packages.
Log in to the org where the Environment Hub is enabled, usually your partner business org.
Click the Environment Hub tab, and then click Create Organization.
In the Purpose dropdown list, select Development. For simplicity, we refer to this as your dev org.
Fill in the required fields.
Agree to the terms, and then click Create.
In the Purpose dropdown list, select Test/Demo and Partner Enterprise for the org edition. This process creates a test org, where you test the app or component that you’re developing.
Shortly, you receive emails that prompt you to log in and change your password for your dev and test orgs.
Tell Me More...
The Environment Hub has several types of test orgs available, because different editions of Salesforce have different features. If you plan to distribute your app or component to a particular edition, you want to test your offering and make sure that it works there. However, that’s beyond the scope of this quick start. For more information, see Architectural Considerations for Group and Professional Editions.
Step 3: Get a Business Org
In the previous step, you created orgs for developing and testing your offering. To manage sales and distribution, you need one more org. In this step, you log a case in the Salesforce Partner Community to have a Partner Business Org (PBO) provisioned for you. Your PBO contains the apps that you use to manage sales and distribution, including the License Management App (LMA) and Channel Order App (COA).
Log in to the Salesforce Partner Community.
Click the question icon and then click Log a Case for Help.
Select Salesforce Partner Program Support.
Tip
If you don’t see the Salesforce Partner Program Support tile, use the org picker to select the org that’s associated with your Salesforce partnership account.
For product, enter and select Partner Programs & Benefits.
For topic, enter and select Demo & Partner Business Orgs.
Tell us if you have an existing org or if you need a new one. If you have an existing Salesforce org, provide the org ID to add two more CRM licenses to that org. If you don’t have an existing org, we provide a new one for you. In either case, make sure to enter your business address.
Provide any other required details, and then click Create Case.
You receive an email prompting you to log in and change your password. Do that, and then bookmark the page.
Step 4: Edit Your Publisher Profile
In this step, you log in to the Partner Community and provide information about your company. We display some of this information on AppExchange listings to help customers get to your business.
Log in to the Partner Community using the username and password of your business org.
Click Publishing to navigate to the Partner Console.
Click Company Info.
Provide key brand details and contact information and then click Save.
Sign-up Summary
In this first tutorial, you signed up for the Partner Program and all the organizations you need to develop, test, and sell your offering. Let’s review what you signed up for and the purpose of each.
Partner Program
The Partner Program gives you access to the Partner Community, where you can get help and training information, log cases for support issues, and collaborate with other partners. You also get access to the Environment Hub, which lets you create and manage new test and development orgs.
Partner Developer Edition
Also known as your dev org, this is where you develop your offering and eventually package it for distribution.
Test Organization
Also know as your test org, this is where you install and test your offering.
Partner Business Organization
This is where you license and manage your offering.
Tutorial #2: Develop a Simple Solution
In this tutorial, you create a simple packaged solution. This solution isn’t complicated, but it’s enough to understand where development occurs in the solution lifecycle.
Step 1: Create the Solution
In this step, you create a solution using point-and-click tools in Salesforce. The solution is an app that contains a page and a tab to display the page.Step 2: Package Your Solution
In this step, you package your solution so that you can distribute it on AppExchange. A package is simply a container for components. In this case, the package contains your app, tab, and page.Step 3: Assign a Namespace
In this step, you choose a unique identifier called a namespace. A namespace differentiates your components from other components. After it’s installed, you can do things such as upgrade the solution. Choose your namespace carefully because it can’t be changed later.Step 4: Upload a Beta
In this step, you upload a beta version of your solution for testing. Testing a beta version of your solution is a best practice before you upload the production version.Step 5: Install and Test the Beta
In this step, you install the beta version of your solution in a test org. To install the beta, click the installation URL and provide your test org credentials.Solution Development Summary
In this tutorial, you build a simple packaged solution. You follow a similar procedure to update the solution.
Step 1: Create the Solution
In this step, you create a solution using point-and-click tools in Salesforce. The solution is an app that contains a page and a tab to display the page.
In your browser, log in to your Partner Developer Edition organization. Going forward, we refer to this as your “dev org”.
From Setup, in the Quick Find box, enter Visualforce Pages, and then select Visualforce Pages.
In the Visualforce list, click New.
In the Label field, enter Greeting.
In the Visualforce Markup area, replace the contents of the <h1> tag with Hello World.
Visualforce Page Editor
Save your work.
Associate the page with a tab.
In the Quick Find box, enter Tabs, and then select Tabs.
In the Visualforce Tabs list, click New.
In the New Visualforce Tab wizard, click the dropdown box, and then select the Hello World page that you created.
For the Tab Label, enter Hello.
Click the Tab Style field, and choose any icon to represent your tab.
Click Next, then Next again, and Save on the final page.
Create a new app that contains your tab and page.
In the Quick Find box, enter Apps, and then select App Manager.
Click New Lightning App.
In the App Name field, enter Hello World, and then click Next and Next again on the following page.
On the Choose the Tabs page, scroll to the bottom of the Available Tabs list, find your Hello tab, and add it to the Selected Tabs list. Click Next.
To make this app visible to all profiles, select the Visible checkbox, and then save.
Tell Me More....
If it seems like you just created a page within a container, within another container, you did. And you're about to put all of that in another container! What's with all these containers and what do they do?
A tab is a container for things that you want to display on the same page, such as a chart, a table, or the Visualforce page that you created.
An app is a container for tabs that appear next to each other.
A package is a container for something as small as an individual component or as large as a set of related apps. After creating a package, you can distribute it to other Salesforce users and organizations, including those outside your company.
Step 2: Package Your Solution
In this step, you package your solution so that you can distribute it on AppExchange. A package is simply a container for components. In this case, the package contains your app, tab, and page.
From Setup, in the Quick Find box, enter Package, and select Package Manager.
In the Package section, click New.
In the Package Name field, enter Hello World, and then save.
In the Components section on the Package Detail page, click Add.
Select your Hello World app, and then click Add to Package.
Step 3: Assign a Namespace
In this step, you choose a unique identifier called a namespace. A namespace differentiates your components from other components. After it’s installed, you can do things such as upgrade the solution. Choose your namespace carefully because it can’t be changed later.
From Setup, in the Quick Find box, enter Package, and then select Package Manager.
In the Namespace Settings section, click Edit.
In the Namespace field, enter a 1–15 character alphanumeric ID, and then click Check Availability. Repeat this step until you have a unique namespace.
In the Package name field, choose your Hello World package, and then click Review.
Review the information on the page, and then save your work.
Tell Me More....
Within the underlying code, your namespace is prepended to all components that are packaged from your dev org. As a result, your package and its contents are distinguished from those of other developers, and it ensures your exclusive control of all packaged components.
Step 4: Upload a Beta
In this step, you upload a beta version of your solution for testing. Testing a beta version of your solution is a best practice before you upload the production version.
From Setup, in the Quick Find box, enter Package, and then select Package Manager.
On the Packages page, click your Hello World package, and then click Upload.
On the Upload Package page, enter a version name and number.
For the Release Type, make sure to choose Managed — Beta.
Scroll to the bottom, and click Upload. It can take a moment for the upload to complete.
Tell Me More....
The purpose of a beta package is for testing only. A beta can only be installed in a test org, Developer Edition org, or sandbox org. Next, you install the beta in the test org that you created in Step 2: Create a Development and Test Environment.
Step 5: Install and Test the Beta
In this step, you install the beta version of your solution in a test org. To install the beta, click the installation URL and provide your test org credentials.
Click the Installation URL.
Installation URL Link
On the login page, enter the username and password of your test org.
On the Package Installation Details page, click Continue.
Click Next.
On the Security Level page, Grant access to all users, and click Next.
Click Install.
After the installation completes, you can select your solution from the app picker in the upper right corner.
You see your Hello tab, and the greeting text on your page.
At this point, typically you test the solution and make sure that it works as designed. Your solution installs easily and displays what you want, so let’s move on.
Tell Me More....
Beta packages can also be installed in sandboxes. A sandbox is a replica of your customer’s org, which they can use to develop, test, or install solutions, and verify the changes that they want to commit. None of the orgs you signed up for in this workbook have a sandbox. If you have a sandbox in another org and want to install your solution in it, you must replace the initial portion of the Installation URL with https://test.salesforce.com or the My Domain name for your sandbox in the format https://MyDomainName--SandboxName.sandbox.my.salesforce.com. You can find the My Domain name for your org on the My Domain page in Setup.
Solution Development Summary
In this tutorial, you build a simple packaged solution. You follow a similar procedure to update the solution.
Modify the existing solution in your dev org.
Package the solution.
Upload as a beta package.
Install the beta in a test org.
Test the installed solution.
Tutorial #3: Publishing and Licensing
Imagine you've been through a few development cycles with your beta and you're ready to publish a public app. The next step is to upload a production app, or what we call a managed released version of your app. Then you can create a listing so that other people can find your app and know what it does. Finally, you want to connect your app to your business org so you manage the licenses for people that install your app.
Step 2: Create an AppExchange Listing
In this step, you create an AppExchange listing in the Partner Console, which is the primary way customers discover solutions and services to enhance their Salesforce experience.Step 3: Complete the AppExchange Listing
Provide detailed information to help users understand how your solution can benefit them.
Step 1: Uploading to the AppExchange
This step will seem familiar, it's similar to uploading a beta.
If you've been following along non-stop, you're probably still logged in to your test org. Go ahead and log in to your dev org now.
Notice in the upper right corner there's a link that says Developing Hello World, version 1.0. Click that link to go directly to the Package Detail page.
Developing Hello World, version 1.0
On the Package Detail page, click Upload.
For the Release Type, choose Managed — Released.
Scroll to the bottom and click Upload.
Click OK on the popup.
Step 2: Create an AppExchange Listing
In this step, you create an AppExchange listing in the Partner Console, which is the primary way customers discover solutions and services to enhance their Salesforce experience.
In the Partner Console, click the Listings tab.
To launch the Listing Bootstrapper, click New Listing.
Click Packaged Solution.
Click Salesforce Platform Package.
Choose a language. To publish your listing on AppExchange, click English. Or to publish your listing on AppExchange Japan, click Japanese.
After you select a language, the Listing Bootstrapper closes and the Listing Builder for AppExchange opens. The Listing Builder is the tool that you use to create your listing. Complete all the sections. For more info about what’s in each section, refer to Create or Edit Your AppExchange Listing.
As you edit the listing, your entries are automatically reviewed. Warnings are displayed if any missing items are detected. Resolve all warnings and you’re ready to publish.To make your listing available to the public on AppExchange, click Publish.
Tell Me More...
If you want to remove your solution from AppExchange, click Make your listing private? from the Listing Summary page, and follow the prompts. The listing becomes private, and you can update the listing. When you’re ready for the listing to go public again, navigate back to the Listing Summary page, click Make your listing public?, and follow the prompts.
Step 3: Complete the AppExchange Listing
Provide detailed information to help users understand how your solution can benefit them.
Many customers like to see and experience a product before they decide to purchase. You have several ways to show off your app or component in an AppExchange listing. For example, you can add screenshots and videos to draw attention to key features, or add white papers to help demonstrate business value. You can also let customers try your offering in their own organizations or set up a test environment that you customized.
If you’re not already there, click Fill in the Basics in the Listing Builder. For more information about the Listing Builder, refer to Create or Edit Your AppExchange Listing.
To attract users to your app, enter a title and brief description, then fill out the remaining information for your listing.
Click Next.
In Price Your Solution, select Free as your pricing model.
Click Next.
In Get Approved, finish any Listing Approval tasks that are incomplete.
To submit your listing for approval, click Submit.
Click Next.
In Add Details | Describe Your Solution, fill in your solution’s details, and provide a compelling description to encourage users to use it.
Click Next.
In Add Details | Add Visuals, add an app logo, tile image, and screenshot. Because your listing isn’t used outside of this tutorial, use any image file that’s available.
Click Next.
In Link Your Solution, choose the package that you uploaded when you created your AppExchange listing. To review the steps that you followed to create the AppExchange listing, refer to Step 2: Create an AppExchange Listing.
For the installation method, select Install from your AppExchange listing.
Click Next.
In Grow Your Business, follow the prompts on the screen to enable lead collection. Because this solution is listed as free, you can skip entering information for free trials and test drives.
Click Done.
In Listing Status, verify that your listing is complete and isn’t missing any information.
To make your listing available on AppExchange, click Publish.
Congratulations, you’ve completed your first listing! Like everything else you’ve done so far, you can go back and change it later if you want.
Step 4: Manage Licenses for Your App
The License Management App (LMA) helps you manage sales, licensing, and support for your offering. The LMA comes installed as part of your Partner Business Organization (PBO). In this step, you connect your app to the LMA.
Note
This feature is available to eligible partners. For more information on the Partner Program, including eligibility requirements, visit www.salesforce.com/partners.
If you haven’t done so already, log in to the Partner Community.
Click the Publishing tab. The Partner Console page loads.
Click the Technologies tab to view a list of your solutions.
Find the solution that you want to update, then click the solution to open a more detailed view.
Click Register Package.
Enter the login credentials of your partner business org, and then click Connect. After you have successfully entered your credentials, the Default License Settings screen is displayed.
For the default license type, choose free trial.
Enter a trial length in days.
For the number of seats, choose the site-wide license.
Click Save.
It can take up to 30 minutes for your app to be connected to the LMA. Take a break; you’ve earned it!
Publishing and Licensing Summary
In this tutorial, you uploaded your managed-released package to AppExchange and created a listing for your solution. You also linked your solution to the License Management App (LMA) available in your business org. You can use the LMA to manage and renew licenses and to set default license settings. For example, you can license your solution as a free trial that expires after a specified number of days. For more information, see Manage Licenses for Managed Packages.
Right now your solution has a private listing on AppExchange. You can share the listing with potential customers, but the public doesn't see it unless they have the link. Before you can list your managed package publicly, it must pass a security review, which is beyond the scope of this quick start. For more information, see Pass the AppExchange Security Review.
Tutorial #4: Updating Your App
If you're familiar with Salesforce, you know we do weekly patch releases to fix bugs, and a few times a year we have a major release to introduce new features. As an ISV, you can do the same thing by delivering a patch release to fix bugs and a major release for new features.
For new features, the process is the same as you've experienced. You start by modifying your app, package it, upload a beta, test the beta, and then upload a managed-released version. Major releases increment the version to the next whole number, from 1.0 to 2.0, for example, and minor releases to the first dot from 1.0 to 1.1. There are no hard rules for what constitutes a major or minor release. That's up to you.
For bug fixes, the process is slightly different. You start by creating a patch org, a special environment which has limited functionality and can only be used to develop a patch for a specific package.
Since the process for developing a major release is already familiar, let's do a patch release and then deliver it by pushing the patch to our customers.
To learn how to push an upgrade to customers, see Pushing an Upgrade.
Step 1: Creating a Patch Organization
In order to create a patch, you need to generate a new patch development organization.
To create a patch version:
From Setup, enter Packages in the Quick Find box, then select Packages.
Click the name of your managed package.
On the Patch Organization tab, click New.
Select the package version that you want to create a patch for in the Patching Major Release dropdown. The release type must be Managed - Released.
Enter a username for a login to your patch org.
Enter an email address associated with your login.
Click Save.
Note
If you ever lose your login information, click Reset on the package detail page under Patch Development Organizations to reset the login to your patch development org.
The name of the patch development org’s My Domain name is randomly generated.
In a moment you receive an email with your login credentials. After you log in and change your password, proceed to the next step.
Tell Me More
Development in a patch development org is restricted.
You can’t add package components.
You can’t delete existing package components.
API and dynamic Apex access controls can’t change for the package.
No deprecation of any Apex code.
You can’t add new Apex class relationships, such as extends.
You can’t add Apex access modifiers, such as virtual or global.
You can’t add new web services.
You can’t add feature or component dependencies.
You can remove a feature or component dependency from a patch, but after the dependency is removed and the patch version is uploaded, you can't reinstate that dependency in a new patch version. To reinstate the dependency, create a new major or minor package version.
Step 2: Developing a Patch
We're going to make a simple change to your app. Instead of displaying just Hello World, you'll add today's date.
In your patch org, from Setup, enter Packages in the Quick Find box, select Packages, then click your Hello World package.
In the list of Package Components, click your Greeting page.
Click Edit.
Right after the closing </h1> tag, enter the following:
<br/> <apex:outputText value="The date and time is: {!NOW()}"/>
Click Save.
To see the output, click the Hello tab and you'll notice that today's time and date are displayed.
Display the date and time
That's as much as we need to do in this patch. Let's move on.
Tell Me More....
The !NOW function returns the date in a standard format. There are many more built-in functions and ways to format the output. For more information, see the Visualforce Developer's Guide.
Step 3: Uploading the Patch
Typically the next step is to upload a beta patch and install that in a test organization. Since this is very similar to Step 4: Upload a Beta and Step 5: Install and Test the Beta, that you completed in Tutorial #2: Develop a Simple Solution, we won't make you do that again.
In your patch org, from Setup, enter Packages in the Quick Find box, select Packages, and click your Hello World package.
On the Upload Package page, click Upload.
Enter a version name, such as today's date.
Notice that the Version Number has had its patchNumber incremented.
Select Managed — Released.
Optionally, enter and confirm a password to share the package privately with anyone who has the password. Don't enter a password if you want to make the package available to anyone on AppExchange and share your package publicly.
Salesforce automatically selects the requirements it finds. In addition, select any other required components from the Package Requirements and Object Requirements sections to notify installers of any requirements for this package.
Click Upload.
Congratulations, you've uploaded a patch release. You'll want to share that patch with others, and you'll do that next.
Step 4: Installing or Pushing a Patch
There are two ways to deliver a patch, you can have your customers install it, or you can push it to them. Push upgrades happen automatically, that is, the next time your customer logs in, they have the updates. Let's try that.
Log in to your dev org.
In the upper right corner, click Developing Hello World, version 1.0.
Developing Hello World, version 1.0
On the Package Detail page, click Push Upgrades.
Click Schedule Push Upgrades.
From the Patch Version drop-down list, select the patch version to push.
In the Scheduled Start Date field, enter today's date.
In the Select Target Organizations section, select your test org.
Click Schedule.
And you've done it! You pushed a patch release to your subscriber so that they automatically get your updates. You should verify that your customers received the patch to ensure it was installed successfully.
Tell Me More....
Beta versions aren't eligible for push upgrades. You must uninstall a beta and then install a new one.
You can also exclude specific subscriber orgs from the push upgrade by entering the org IDs, separated by a comma, in the Push Upgrade Exclusion List.
Updating Your App Summary
In this tutorial you learned how to update your app in a patch org and push that update to your customers. You started by creating a patch organization that was specific to a released package version. Then you modified your app, uploaded it, and scheduled the push upgrade to your customers.
Congratulations, you're done! Or have you really just begun? You can modify your existing app to be anything you want it to be, or create a new dev org in the Environment Hub and build another app. You can use the same sales and test orgs and everything else you've configured to publish and manage many more apps. You're on your way to ISVforce success!
Design and Build Your AppExchange Solution
Discover the architectural concepts that influence AppExchange solution design. Learn how to plan, build, and package your solution for customers.
Important
Building a new app? Have you considered using second-generation managed packages? Flexible versioning and the ability to share a namespace across packages are just two reasons why developers love creating second-generation managed packages. We think you’ll love it too. To learn more, see: Discover the Benefits of 2GP Package Development, and Comparison of First- and Second-Generation Managed Packages.
Security Requirements for AppExchange Partners and Solutions
[Effective Date: December 5, 2022] As a Salesforce Partner, you’re responsible for implementing and maintaining a comprehensive security program and maintaining the security of all applications that you list on AppExchange or distribute under the AppExchange Partner Program.Build First-Generation Managed Packages
Managed packages are used by Salesforce partners to distribute and sell applications to customers. Using AppExchange and the License Management Application (LMA), developers can sell and manage user-based licenses to the app. Managed packages are upgradeable. To ensure seamless upgrades, certain destructive changes, like removing objects or fields, can’t be performed.Components Available in First-Generation Managed Packages
Each metadata component that you include in a managed 1GP or 2GP package has certain rules that determine its behavior in a subscriber org. Manageability rules determine whether you, or the subscriber, can edit or remove components after the package version is created and installed.Architectural Considerations for Group and Professional Editions
Connected Apps
A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. Connected apps use these protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps. The external apps that are integrated with Salesforce can run on the customer success platform, other platforms, devices, or SaaS subscriptions. For example, when you log in to your Salesforce mobile app and see your data from your Salesforce org, you’re using a connected app.Environment Hub
The Environment Hub lets you connect, create, view, and log in to Salesforce orgs from one location. If your company has multiple environments for development, testing, and trials, the Environment Hub lets you streamline your approach to org management.Developer Hub
The Developer Hub (Dev Hub) lets you create and manage scratch orgs. The scratch org is a source-driven and disposable deployment of Salesforce code and metadata, made for developers and automation. A scratch org is fully configurable, allowing developers to emulate different Salesforce editions with different features and preferences. Scratch orgs are a central feature of Salesforce DX, an open developer experience for developing and managing Salesforce apps across their entire lifecycle.Notifications for Package Errors
Accurately track failed package installations, upgrades, and uninstallations in subscriber orgs with the Notifications for Package Errors feature. Proactively address issues with managed and unmanaged packages and provide support to subscribers so that they can successfully install and upgrade your apps.
Package and Test Your AppExchange Solution
Learn how to package, upload, and install a beta version of your AppExchange solution as part an iterative development approach. After your beta is up and running, learn how to test, fix, extend, and uninstall the solution.
Important
Building a new app? Have you considered using second-generation managed packages? Flexible versioning and the ability to share a namespace across packages are just two reasons why developers love creating second-generation managed packages. We think you’ll love it too. To learn more, see: Discover the Benefits of 2GP Package Development, and Comparison of First- and Second-Generation Managed Packages.
Uninstall a Managed Package
Uninstalling a managed package removes its components and data from the org. During the uninstall process, any customizations, including custom fields or links, that you’ve made to the package are removed.Install First-Generation Managed Packages Using the Metadata API
Pass the AppExchange Security Review
[Effective Date: January 18, 2023] At Salesforce, nothing is more important than the trust of our customers. Trust requires security. To distribute a managed package, Salesforce Platform API solution, or Marketing Cloud API solution on AppExchange, it must pass our security review. Learn how to prepare for and pass the security review.
Note
The description of the AppExchange Security Review in this section and the links herein is current as of the listed effective date. SFDC may update or modify the AppExchange Security Review from time to time in its sole discretion, with or without notice.
Important
Partner Applications, which includes managed packages, Salesforce Platform API solutions, Marketing Cloud API solutions, and other solutions referred to herein, are Non-SFDC Applications as defined in Salesforce’s Main Services Agreement (available at https://www.salesforce.com/company/legal/agreements or successor URL). Notwithstanding any security review of a Partner Application, Salesforce makes no guarantees regarding the quality or security of any Partner Application and Customers are responsible for evaluating the quality, security, and functionality of Partner Applications.
AppExchange Security Review
Before you can publicly list your managed package, Salesforce Platform API solution, or Marketing Cloud API solution on AppExchange, it must pass a security review. The AppExchange security review tests the security posture of your solution, including how well it protects customer data.How Does AppExchange Security Review Work?
Before initiating an AppExchange security review, you perform your own testing and gather supporting materials that help us assess the security of your solution. During a review, our Product Security team attempts to identify security vulnerabilities in your solution. If the team identifies vulnerabilities, you have access to personalized technical guidance to help you address the identified vulnerabilities.Partner Security Portal
The Partner Security Portal is the main hub for your security review needs. The portal hosts the Source Code Scanner (Checkmarx) and Chimera automated security scanning tools. Use these tools to identify security vulnerabilities in your solution. The portal is also where you go to schedule office hours appointments with AppExchange security engineers and Security Review Operations team members. Office hours provide a forum for you to ask questions about the security review process and to discuss how to rework code that has security vulnerabilities.Test Your Entire Solution
Test the full scope of your solution using manual testing and automated security scanner tools. When you perform security scans, include all external endpoints that run independently of the Salesforce platform. Document false positive security violations and fix all code that doesn’t meet Salesforce security guidelines.False Positives
As you navigate the AppExchange security review process, you're likely to encounter false positive issues with your solution. A false positive occurs when a security-scanning tool or code reviewer flags code that appears to pose a security vulnerability but actually doesn’t. Instead, the flagged vulnerability is nonexistent, nonexploitable, or not required to support a valid use case or functionality.Security Review Resources
These resources can help you prepare for the AppExchange security review.
Reference : ISVforce Guide: Build and Distribute AppExchange Solutions
Comments
Post a Comment