A new trajectory: Trineo has been acquired by Traction on Demand. Learn More.

Part 3: Salesforce Winter '21 Release Notes: Everything You Need to Know

Peter Chalmers September 24, 2020

We're back with the 3rd and final part of our Salesforce Winter '21 Release Notes. The updates this season were rather extensive so we broke it down to make things a bit more digestible. If you haven't already, check out Part 1 and Part 2 for everything you need to know.

You can also watch the replay of our SFDC Academy Livestream where we cover the release notes as well. 

Let's dig in!




Access New and Updated Order Management Flows

The Create Order Summary flow has been updated to use a record type trigger for initiation, instead of a Process Builder flow. This means that you only need to clone the Flow Builder flow for this release. The Process Builder flow included in previous releases is no longer required.

Connect Faster with the B2B Commerce Integration Dashboard

See all your integrations in one place and manage them with a few clicks. An admin can now work in the Commerce app to accomplish what used to require code and developer know-how. It’s clicks, not code!

Provide Accurate Checkout Information with Time to Live

We all know that Timeout limits drive sales because no-one wants to lose the items in your cart. Oh wait - is that just me?

Well if you need this you can use Time to Live (TTL) to set a timeout limit on your B2B Commerce checkout. Set limits appropriate to your organis(z)ation and provide users with an easy path back to their cart.

Get an Effortless No-Search-Results Experience

The No Search Results page now comes populated with a no-results image and message. Right out of the box, when a search returns no results customers see a meaningful, professional looking message.

Dismiss Cart Errors for Good

When buyers trigger cart errors, they can dismiss them. Previously, when a cart error popped up, it stayed up. Now buyers never see the error again unless another action triggers the same error type.

Add All Cart Items, Rename, and Delete Lists (Beta)

A new set of features makes lists more flexible and easier than ever to work with. Buyers can add all cart items to a list in one action, rename their lists, and delete the lists that aren’t useful anymore.




Secure Guest User Record Access Can’t Be Disabled

This is an important one so we have copied the exact text from the release notes.

The Secure guest user record access setting was enabled in Summer ’20, but could still be disabled during that release. To safeguard your Salesforce org’s data, in Winter ’21, this setting is enabled in all orgs with communities or sites and can't be disabled. 

The Secure guest user record access setting enforces private org-wide defaults for guest users and requires that you use guest user sharing rules to open up record access. You also can't add guest users to groups or queues or grant guest users record access through manual sharing or Apex managed sharing.

Reduce Object Permissions for Guest Users

Another important change.

With the Winter ’21 release, Salesforce is disabling the View All Data, Modify All Data, edit, and delete object permissions for guest users in existing orgs. These permissions are removed from orgs created in Winter ’21 and later. 

For existing orgs, reduce object permissions for guest users if they have View All Data, Modify All Data, edit, or delete permissions on a standard or custom object.

Let Guest Users See Other Members of This Community Setting Disabled

This is an important one and something you need to check if you have an existing Community already setup.

With the Winter '21 release, the setting [Let guest users see other members of this community] is turned off by default in all Salesforce orgs that have active communities with at least one community created before the Winter '20 release.

Depending on your security configuration, this setting could allow a guest user, essentially anyone on the internet, to access community users’ personally identifying information. This information can include first and last name, email, custom, and other fields.

To protect your customer data and privacy, Salesforce is turning off the [Let guest users see other members of this community setting for all communities].

Please check this setting today!

Allow Users to Use Standard External Profiles to Self-Register and Log Into Communities and Portals (Previously Released Update)

This setting allows admins to use standard external profiles for self-registration, user creation, and login.

Activate this update if you're currently using one of the standard external profiles for login, self-registration, or user creation in communities or portals. 

After the Spring ’21 release, users in your org who are assigned to external standard profiles can no longer log into communities.

Let Users Authenticate by SMS

Sometimes the title tells you exactly what it is. Community users can now authenticate by SMS, no other app is needed. Simples!

Build Fast, Efficient Experiences with the LWC-Based Template (Pilot)

More flexibility is coming into Communities through a new template - Build Your Own (LWC) template. Based on Lightning Web Components (LWC) this lightweight template supports fully custom solutions. The template, now available as a pilot, includes some changes since the previous release.



Flow Builder

If you saw our recent Livestream (or the recording) with Charlie Isaacs you will know that it’s all about the Flow! Lot’s of enhancements in this space and lot’s of fun to be had and you definitely need to read all the release notes because we are only going to highlight some of the cooler items.

Trigger a Flow to Run Before a Record Is Deleted

In Flow Builder, you can now configure a new record-triggered flow to run before a record is deleted. You no longer need to write Apex code to set this up. This autolaunched flow runs in the background and updates related records when a record is deleted.

For example, suppose that your Salesforce org has a custom field on the Account object that tracks the total items related to that account. Without automation, this field is updated manually every time a related item is deleted. Now, you can automate this task with a record-triggered flow that runs before a record is deleted.

Build Multi-Column Screens in Flow Builder (Pilot)

Multi-column layouts have hit Flow Builder! You can use the new Section component to arrange your flow screen components into multiple columns without touching a single line of code. Divide each flow screen into multiple sections, and easily modify the number of columns in each section to create effective, visually appealing layouts.

Place Flow Elements Automatically with Auto-Layout (Beta)

The new auto-layout feature makes building flows and aligning elements easier. When auto-layout is enabled on a flow, elements in the canvas are spaced and connected automatically. No more elements positioned slightly out of alignment - we can now sleep well!

Debug Autolaunched Flows Directly on the Canvas (Beta)

Now you can debug an autolaunched flow without opening a new browser tab. There is nothing more to add there because it says it all.

Use AND, OR, and Custom Operators Across All Flow Builder Elements

Now you can use the condition-defining options you’re familiar with in the Decision and Pause elements and extended them consistently across Flow Builder. Specify that you want the condition logic to meet ANY conditions or that you want it to meet ALL conditions. 

Locate a Flow Builder Error with the Click of a Link

If you get an error in Flow Builder, go straight to it instead of hunting through your flow. Flow Builder error messages now include a link, when available, that opens the erroneous element and highlights it on the canvas. 

Going to wait for that one to sink in….

The auto-layout canvas and resources don’t support highlighting.

Quickly See the Triggers of Your Flows on the Flows Page in Setup

Now you can see which trigger your autolaunched flow has with just a glance at the Flows list view in Setup. In the new Trigger column, see if a flow’s trigger is a record, a schedule, or a platform event. For a record-triggered flow, see if it makes before- or after-save updates. You can also discover which trigger an autolaunched flow has by viewing the flow’s detail page.

Run Flows in System Context Without Sharing to Access the Recommendation Object for External Users

Now only internal users can access Recommendation object records. Previously, community, portal, and guest users had read-only access to recommendations by invoking a flow that obtained recommendation records for them. To continue those external users’ access to recommendations, you can configure the flow to always run in system context without sharing.

Some Flow Updates Postponed

The following updates have been postponed till Spring ‘21. More detail is in the release notes.

  • Evaluate Criteria Based on Original Record Values in Process Builder (Update, Postponed)
  • Enable Partial Save for Invocable Actions (Update, Postponed)
  • Enforce Data Access in Flow Merge Fields (Update, Postponed)
  • Make Flows Respect Access Modifiers for Legacy Apex Actions (Update, Postponed)
  • Disable Rules for Enforcing Explicit Access to Apex Classes (Update, Postponed)
  • Check for Null Record Variables or Null Values of Lookup Relationship Fields in Process and Flow Formulas (Update, Postponed)

Break Up Your Record Details with Dynamic Forms (Generally Available)

We’ve spoken about Dynamic forms in Lightning before and we are excited to use it because it is now Generally Available! You now have the ability to configure record detail fields and sections inside the Lightning App Builder.

Unleash New Flexibility with Dynamic Actions on Desktop (GA and Beta) and Mobile (Beta)

There are now more ways to add the flexibility and control of dynamic actions to your record pages. Dynamic actions for custom objects are GA for desktop and Beta for mobile. Dynamic actions for supported standard objects (Account, Case, Contact, Lead, and Opportunity) are Beta for desktop.

Improve Org Security with the Profile Filter Option

Keep your Salesforce org as secure as possible. Limit users from viewing any profile names other than their own.

Restrict Permissions Cloning in Profiles

Use the Restricted Profile Cloning option to ensure that only permissions accessible to your org are enabled when you clone profiles. 

Important: If you don't enable this setting, all permissions currently enabled in the source profile are also enabled for the cloned profile, even if your org can't currently access them.

Deploy Organization-Wide Defaults and Criteria-Based Sharing Rules Together

You can now simultaneously update the sharingModel field for an object and create new criteria-based or guest user sharing rules via the Metadata API. 

Disable Rendering of HTML in Custom Field Labels (Update)

To better protect your Salesforce org, this update removes legacy behavior that allows HTML formatting in custom field labels. When enabled, HTML tags in custom field labels are rendered as plain text.

Choose Your Utility Bar Alignment

Ok I do find it weird that this is one of those items that got through because.. Really.. is it that big of a deal? Apparently a lot of people wanted it.

Customize where your Salesforce org’s utility bar appears on the screen. You can choose to align the utility bar to the bottom right or the bottom left of the screen. The default alignment matches the directionality of the user’s language.

Choose When to Show the Submit for Approval Action (Generally Available and Beta)

This one is a good one. Ever wanted to display the Submit for Approval action only when a record is eligible for approval? That day has come! With dynamic actions, now you can set conditions for when each action is visible, including the Submit for Approval action.



Deploy a My Domain (Update)

To use the latest features and comply with browser requirements, all Salesforce orgs must have a My Domain. 

Deploy one, or Salesforce will assign one for you based on your company name. Because your My Domain affects all application URLs, it is recommended that you test and deploy a My Domain before this update is enforced in Winter ’22.

Setting That Allows Non-Secure HTTP Connections for Sites Was Removed

As part of updates related to Google Chrome’s SameSite cookie changes, HTTPS connections are required to access Salesforce. The Require Secure HTTPS Connections release update was enforced in production orgs on May 1, 2020. In Winter ’21, Salesforce removed the Sites setting, Require Non-Secure Connections (HTTP), because HTTP connections are no longer permitted for authenticated requests.


And that's a wrap! If you made it this far you should give yourself a pat on the back.  

Don't forget to check out our SFDC Academy Livestream library for past episodes covering a variety. of topics for Salesforce Admins. Or reach out today if you want to learn more about our coach programme. 

Peter Chalmers

Peter Chalmers