You are here:
Shield Platform Encryption Compatibility with NPSP
Find out more about Shield Platform Encryption compatibility.
- What is Shield Platform Encryption?
Shield Platform Encryption is an add-on feature for Salesforce that allows you to encrypt your data at rest, rather than just during transmission over a network. It allows you to protect data in some standard fields, certain types of custom fields, files and attachments that are stored on the platform, and search indexes. - Enabling Shield Platform Encryption in NPSP
Shield Platform Encryption is compatible with NPSP, with some known limitations. - Known Limitations: Fields
We tested encryption of fields that are part of NPSP or are referenced by NPSP code and found that some of them can't be encrypted. - Known Limitations: Functionality
Certain NPSP functions won't work as expected if you enable encryption in these scenarios. - Resources
Here are some resources for you to peruse.
What is Shield Platform Encryption?
Shield Platform Encryption is an add-on feature for Salesforce that allows you to encrypt your data at rest, rather than just during transmission over a network. It allows you to protect data in some standard fields, certain types of custom fields, files and attachments that are stored on the platform, and search indexes.
Standard encryption is included with your Salesforce licenses. Shield Platform Encryption requires an additional fee. The encryption type for standard encryption is 128-bit Advanced Encryption Standard, while Shield is 256-bit. Standard encryption provides an encrypted text field type, while Shield Platform Encryption can be applied to many different types of fields, files, attachments, and search indexes.
Enabling Shield Platform Encryption in NPSP
Shield Platform Encryption is compatible with NPSP, with some known limitations.
The types of limitations are:
- Installation—Install NPSP before you enable Shield Platform Encryption on the Opportunity Name field. If encryption is enabled on Opportunity Name, the NPSP installer will fail. You can remove encryption on Opportunity Name, and then run the installer successfully.
- Fields—You can’t encrypt certain fields due to the way they are used in NPSP, particularly with SOQL queries and formulas.
- Functionality—Some fields that you can encrypt may cause some unexpected behavior if you enable encryption. See Shield Platform Encryption Compatibility with NPSP for more information.
Known Limitations: Fields
We tested encryption of fields that are part of NPSP or are referenced by NPSP code and found that some of them can't be encrypted.
You can encrypt standard or custom fields, with some limitations. Read General Shield Platform Encryption Considerations for more information.
You can't encrypt the following NPSP fields:
| Object | Field |
|---|---|
| Account | Membership Join Date |
| Account | Membership End Date |
| Address | Verification Status |
| Affiliation | End Date |
| NPSP Data Import | Account1 Import Status |
| NPSP Data Import | Account1 Name |
| NPSP Data Import | Account1 Website |
| NPSP Data Import | ApexJobId |
| NPSP Data Import | Contact1 First Name |
| NPSP Data Import | Contact1 Last Name |
| NPSP Data Import | Contact1 Import Status |
| NPSP Data Import | Contact1 Title |
| NPSP Data Import | Home City |
| Opportunity | Name |
Known Limitations: Functionality
Certain NPSP functions won't work as expected if you enable encryption in these scenarios.
- When you use an encrypted field as a matching field in the Data Import Wizard, NPSP Data Import fails (for example, Email or Phone).
- If you use an Opportunity source field that is encrypted in a User Defined Rollup, the rollup will fail.
- While using NPSP Legacy Rollups, if you encrypt Membership Start Date, you can’t save Opportunities with data in this field and the nightly Contact and Account rollups fail. Encryption on Membership Start Date does work with Customizable Rollups, however. Learn more in Rollups Overview.
- If you encrypt the Role Name field on the Partial Soft Credit object, the nightly Soft Credit rollups fail.
- The Individual Account model is not supported with encryption enabled on the Account Name field. We recommend that you migrate to the Household Account model if you want to encrypt Account Name. Learn more in What is the Household Account Model?
- Encryption of fields in the NPSP Data Import object is not supported. Be aware that if you encrypt fields on the Account or Contact object, and import data with NPSP Data Import, only the Account or Contact fields are encrypted—not copies of that data stored in the NPSP Data Import object.
- NPSP Data Import can't perform Custom Unique Id matching on Accounts and Contacts with an encrypted field.
- The Merge Contacts list button on Contact list views doesn't work if you encrypt Contact Name.
-
If you turn Probabilistic Encryption on for the Contact Name field, you will be unable to install NPSP or receive push upgrades. Switch the Encryption Type to Deterministic to resolve the issue.
