Which Salesforce Apps Don’t Support Shield Platform Encryption?
Some Salesforce features work as expected when you work with data that’s encrypted with
Shield Platform Encryption. Others don’t. When FLE is used in addition to Database Encryption.
Standard Shield Platform Encryption limitations apply.
Required Editions
Available in both Salesforce Classic (not available in all orgs) and Lightning
Experience.
Available in: Enterprise, Performance, and Unlimited
Editions with the Salesforce Shield or Shield Platform Encryption licenses.
Available for free in Developer Edition.
Note This page is about Shield Platform Encryption,
not Classic Encryption. What's the difference?
These apps don’t support data encrypted with Shield Platform Encryption.
Connect Offline
Commerce Cloud (Salesforce B2B Commerce version 4.10 and later is supported)
Einstein Recommendation Engine in Marketing Cloud Engagement (includes Einstein
Recommendations, Einstein Web Recommendations, and Einstein Email Recommendations)
Salesforce Einstein (includes Einstein Search, Sales Cloud Einstein, Einstein Discovery,
Einstein Builders, and Einstein Vision and Language)
Heroku (but Heroku Connect does support encrypted data)
Marketing Cloud - Engagement (but Marketing Cloud Next, Marketing Cloud Advanced/Growth
and Marketing Cloud Connect do support Shield Platform Encryption)
Sales productivity features that require data to be stored using a public cloud
provider
Social Customer Service
Tableau CRM (But Platform Encryption for Data 360 does support Tableau Next)
Thunder
Quip
Salesforce Billing
These apps and features don’t support Database Encryption.
Commerce Cloud
Quip
MuleSoft
Tableau CRM
Heroku
Background encryption service for data that’s encrypted with Database Encryption
Export and destroy actions for Database Encryption keys
On demand or self-service data re-encryption to sync to the latest Database Encryption
keys
BYOK with opt-out of key derivation
Shield Cache-Only Key Service
External Key Management (EKM)
Real-Time Event Monitoring integration for the Database Encryption key lifecycle
Legacy portals (customer, self-service, and partner) don’t support data encrypted with
Shield Platform Encryption or Database Encryption. If legacy portals are active, Shield
Platform Encryption can’t be enabled.
Did this article solve your issue?
Let us know so we can improve!
Loading
Salesforce Help | Article
Cookie Consent Manager
General Information
Required Cookies
Functional Cookies
Advertising Cookies
General Information
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
