The list of Spring ’20 features below apply to both Salesforce Lightning Experience and Classic.

There are additional Spring ’20 features available to Salesforce Classic only, Lightning Experience only, Community Enhancements, Mobile Enhancements, Other Enhancements in the Spring ’20 Release Highlights post.

Note: These features are not listed in any specific order.

1.All Sales Cloud Users Have Access to Einstein Opportunity Scoring. Note: This will be available on a rolling basis starting 2020. If org is eligible, users with a Salesforce user license will see opportunity scores. You need to turn Einstein on in Setup.

2. Omni-Channel Enhancements:

• Omni-Channel Supervisor Filters Are Now Remembered. They are no longer cleared upon your next login.
• Customers Can Chat with a Specific Agent Regardless of Whether They Are in The Omni-Channel Queue.

3. Lightning Flow Enhancements:

• Cloud Flow Designed Is Retired, Flow Builder is Now the Tool to Build Flows.
• Use Before-Save Updates in Flow Before the Record is Saved. These updates as 10x faster than a record-change update in process builder. Changes are executed immediately before Apex before triggers. For before-save updates, only the assignment, decision, get records and loop flow elements are available. Use the $Record global variable for record values and the assignment flow element to update the values. To activate the flow, you need the View All Data permission to use this feature.

Note: This new feature changes the Order of Execution. Before Save Updates in flow will happen before Before Triggers.

View Image Full Screen

• Variables to Store Output Values are Auto-Created When Configuring Action and Create Records. Salesforce will now automatically create a variable to store output values when you add an action or Create Records element to your flow. You still have the option to manually create your variables using the “Manually assign variables (advanced).” Note: There is no impact to flows created before Spring ’20.

View Image Full Screen

• Salesforce can Automatically Store All Fields When You Add a Get Records Flow Element. In a Get Records element, in addition to choosing fields and letting Salesforce do the rest or choosing the fields and manually assigning the variables, you can now select to “Automatically store all fields.” To reference the field, select the API name of the Get Records element and then select the field. Note: There is no impact to flows created before Spring ’20 that have Get Record elements.

 View Image Full Screen

• Deactivate a Flow From Within Flow Builder. You do not need to navigate back to the flow detail page to deactivate a flow.
• Create Reusable Invocable Apex Actions to use a Generic sObject and List<sObject> Data Types. This will allow admins/developers to build one action that can be used on multiple objects, rather than one for each individual object. This is HUGE!
• Option to Run Flow in System Context. Historically, when flow is run directly, the flow runs in the context of the user. Now, in Spring ’20, you can run the flow in system context with sharing, ignoring the user’s object permissions, FLS or other permissions of the running user. To enable this in your flow, select under “Show Advanced, “System Context with Sharing-Enforces Record-Level Access.”
• 

View Image Full Screen

• Ability to Select Related Record Values from Record Variables, Up to 10 Relationship Levels. From the record variable, click > and navigate to the field on a related record.
• In Screen Editor, Reference a Newly Created Screen Field Immediately. You can now reference a newly created screen field in component visibility, input validation, etc. without having to exit out and reopen the Screen flow element.
• Use Keyboard Shortcuts to Work Faster in Flow Builder. In the flow canvas, type the “/” key to bring up the Flow Builder Keyboard shortcuts menu.
• Find Resources in Manager Using API Name, Label or Description. Previously, you could only search the Manager Toolbox Quick Find using the API name.

View Image Full Screen

• Developers Can Use the Category Parameter in an Invocable Action so Admins Can Easily Locate the Action in Flow Builder. Developers can add the new category parameter to the InvocableMethod annotation for the action, where the developer would specify the label and description parameters.
• Flow Eliminates Duplicate Record Updates Automatically, Duplicate Record Limit Hit Less Often. Flow faults if there are more than 12 duplicated records to be updated in the same batch. Now, Salesforce will now eliminate these redundant duplicate record updates.
• (Critical Update) Generate Valid HTML Output from Formulas in Processes and Flows. This CU automatically activates on 1/6/2021. Without this update, the HYPERLINK function in a process or flow generates incorrect HTML output and includes strings such as _HL_ENCODED_.
• (Critical Update) Enforce Data Access in Flow Formulas. Once enforced, the flow formula will respect the user’s object permissions, FLS and record level access. Currently, Salesforce allows a user who does not have record level access to update the field.
• (Critical Update) Flows Respect Access Modifiers for Legacy Apex Actions. This CU only affects legacy Apex actions that reference Apex classes installed from managed packages.
• (Previously Released Critical Update) Evaluate Criteria Based on Original Record Values in Process Builder. This change ensures a process with multiple criteria and a record update evaluates the original value of the field that began the process with a value of null. Note: If you have a process with the “Do you want to execute the actions only when specified changes are made to the record?” option selected, or it uses the ISCHANGED() function in your criteria, this update could cause the process to behave differently.
• (Critical Update, Enforced) Enable Partial Save for Invocable Actions. Starting April 9, 2020, this CU will be enforced. Note: This only affects external REST API calls to invocable actions done in bulk. With this update, when invoking a set of actions in a single request, a single failed invocable action no longer causes the entire transaction to fail.
• (Critical Update, Enforced) Return Null Values in Process and Flow Formulas. This CU will be enforced on February 18, 2020. The process and flow formulas will always return a null value when there are calculations where there is a null record variable or a null lookup relationship.
• (Critical Update, Postponed) Require User Access to Apex Classes Invoked by Flow. This CU has been postponed to Spring ’21.
• Salesforce Rolls Back Only Records That Fail To Save. If there is an error when executing an action in a process or flow, Salesforce will try and save all successful changes, rather than follow the “all or nothing” batch processing rule, if partial save is permitted. Refer to the table in the Release Notes for details.

4. Process Builder Enhancements:

• Automate Business Processes That Involve Opportunity Contact Roles. Reference the Opportunity Contact Role object in a process or flow.
• View Processes Subscribed to the Platform Event from the Subscriptions Related List. Previously, you could only view processes subscribed to a platform event via the Metadata API. Now, you can go to Setup | Platform Events, locate the platform event and in the Subscription related list, click on the process label to review additional details, including clicking on the process name to open the process in Process Builder.

View Image Full Screen

• (Critical Update, Enforced) Stop Automated Field Updates from Suppressing Email Notifications. Enforced in Spring ’20 on March 1, 2020. You can now send email notifications to notify the affected user when triggered from a process, WFR or Apex trigger.

5. Einstein Next Best Action Enhancements:

• Track Your Aggregated Usage of Next Best Action. Create a custom report type using the New Recommendation Strategy Metrics primary object.
• Declaratively Create Recommendations from Any Salesforce Object Record. Prior to Spring ’20, you were restricted to creating recommendations declaratively only with Recommendation objects. Now, you can declaratively use standard and custom objects, such as Account, Opportunities, etc., when building strategies for recommendations.
• Launch a Flow When a User Rejects a Recommendation. Prior to Spring ’20, NBA can only launch a flow if the user accepted the recommendation. Now, you can run automated processes using flow when a recommendation is rejected. In the NBA flow component, select “Launch Flow on Rejection.”

6.(Generally Available) Group perm sets based on user roles using Permission Set Groups for easier user permission management. You can review all combined permissions as well as remove specific permissions from the permission set group using the muting permission set functionality. Note: The muting function will remove the app or system permission from all users assigned to the permission set group, not specific individuals.

1. Current state permission set management: Future state permission set assignment using perm set groups:

This animated gif shows the Marketing Manager permission set group with two perm sets, Addison Dogster is assigned to the permission set group, shows the combined system permissions (of which one of the permissions is create list views) and how we can mute the create list views permission and shows once muted, Addison can no longer create list views.

View Image Full Screen

7. Confirm Your Permission Set Changes on One Page. Review the summary of your permission set changes on one page before committing them.

8. External OWD Enabled by Default in Orgs Created Spring ’20 and Later. For better security purposes, the external OWD will be enabled by default for all new orgs created starting Spring ’20 or later so we do not have the same OWD model for both internal and external users.

9. Once External OWD is Enabled, It Cannot Be Disabled. Once an external sharing model is enabled in the org, you cannot disable it.

10. (Generally Available) Set More Restrictive Access on the Lead and Campaign Objects for External Users. You can now set an external OWD for the lead and campaign object giving external users more restrictive access without impacting your internal users.

11. (Critical Update, Enforced) Require Customize Application permission for direct read access to custom settings. This CU will be enforced on January 2, 2020. This will first start with upgrades on sandbox instances. These sandbox instances will be upgraded 4–6 weeks before the Spring ‘20 release goes into production. To find the exact activation date for your instance, refer to https://status.salesforce.com. Users without the Customize Application permission can no longer read unprotected custom settings.

• You can grant read access to the profile or permission set by setting “View All Custom Settings” permission or to individual custom settings.
• You can enable/ disable read access to custom settings using the Restrict access to custom settings permission on the Schema Settings page in Setup.
• For Custom Settings, you can use the “Where is this used?” button to see where the custom setting, for example, is used.
• This CU does not impact access to custom settings from system mode (i.e. Apex or reference in field formulas, processes or flows).
• For more information on this change, watch the recorded webinar.

12. Grant Read Access to Custom Settings in Profiles and Permission Sets. Via the Custom Setting Definitions permission, you can grant read only access to specific custom settings.

View Image Full Screen

13. Protect Custom Settings in Developer and Scratch Orgs. The visibility field is now accessible in developer and scratch orgs to set a custom setting as protected or unprotected before deploying the custom setting in a managed package.

14. (Critical Update, Enforced) Require Customize Application Permission for Direct Read Access to Custom Metadata Types. This CU will be enforced on January 2, 2020. This will first start with upgrades on sandbox instances. These sandbox instances will be upgraded 4–6 weeks before the Spring ‘20 release goes into production. To find the exact activation date for your instance, refer to https://status.salesforce.com. Users without the Customize Application permission can no longer read custom metadata types.

• Grant read access to specific custom metadata types in a custom profile or permission set via Enabled Custom Metadata Type Access.
• This CU does not impact CMDT referenced from Apex or system mode contexts (field formulas, processes or flows).
• This change affects Visualforce pages and Lightning components that directly reference custom metadata types.

15. (Critical Update) Require Permission to View Record Names in Lookup Fields. Starting with Summer ’20, users must have read only access to records or have a “View All Lookup Record Names” permission to be able to view record names in lookup fields. The “View All Lookup Record Names” permission can be granted to custom profiles or permission sets to allow them to view record names in all lookup or system fields regardless of the sharing settings.

16. Clone a Preview Sandbox. Previously, you could not clone a sandbox that was different version from Production.

17. Visualforce Enhancements:

• (Beta) Communicate Across Salesforce UI Technologies with Lightning Message Service. In Lightning Experience, when you have multiple components on a page, you can use the Lightning Message Service API to handle that communication between those components.
• Prevent Security Vulnerabilities with Type Checking for Remote Methods with ID Parameters. To protect against SOQL injection vulnerabilities, Visualforce pages now does a check to see if the strings are properly formatted as valid Apex IDs using Javascript remoting in API version 48.0 or later.
• Share Code Between Visualforce Pages in the Same Namespace with @namespaceAccessible. Use the @namespaceAccessible in your custom controller class so Visualforce pages can access controllers in different packages.

18. Apex Enhancements:

• (Generally Available) Enable Field- and Object-Level Permissions Checking Using WITH SECURITY_ENFORCED in SOQL Queries. Developers can now use the WITH SECURITY_ENFORCED clause to check for field- and object-level security permissions on SOQL SELECT queries, starting with API version 45. This was released as beta in Spring ’19.
• (Generally Available) Enforce FLS in Apex. To ensure Apex proper security processing of field visibility to the current user based on their FLS access level, use the stripInaccessible method via the Security and SobjectAccessDecision classes. This will remove fields that are not accessible to the user. This was introduced as a pilot in Summer ’19.
• Use Generic sObject Data Types in Invocable Methods and Invocable Variables. Use methods annotated with @InvocableMethod and variables annotated with @InvocableVariable on generic sObject and List<sObject> data types. This can be called within Flow Builder so you aren’t building the same component for different objects.

19. API Enhancements:

• Default Daily API Request Allocation Raised to 100,000. Previously, this was 15,000.
• Maximum Daily Cap of 1,000,000 API Requests Lifted.
• View Monthly API Calls with New Usage-Based Entitlement. New usage-based entitlement shows the total number of API requests aggregated over 30 days. Your org is no longer blocked once you exceed your API daily request limit.

20. (Pilot) Using Private Connect, increase security on your HHTP/s traffic by setting up a fully managed secure connection between Salesforce data centers and AWS. API calls do not traverse the internet.

21. Credentials stores within NamedCredential, ExternalDataUserAuth and ExternalDataSource are Encrypted Like Other Encryption Frameworks on the Platform.

22. (Critical Update) Enable the New Salesforce Mobile App. Starting February 17, 2020, all active Salesforce mobile app users will be upgraded to the new Salesforce mobile app. Users will not need to download the new version to get the new mobile app experience.

23. (Critical Update) Restrict Reflective Access to Non-Global Controller Constructors in Packages. Initiate only Apex classes that have a no-arguments constructor that is visible to the code running Type.newInstance.

24. (Critical Update) Enable Improved Caching of Org Schema. This CU fixes known bugs by improving internal systems that define and cache org schema, including standard objects, custom objects, and their fields.

25. (Critical Update, Enforced) Enable Manual Account Sharing in Enterprise Territory Management. This CU changes the TerritoryManual reason code in AccountShare records from the TerritoryManual reason code to Territory2AssociationManual. This new reason code is now required to let users share accounts manually with territory groups.

26. (Critical Update, Enforced) API Only Users Can Access Only Salesforce APIs. If a user has the API Only User permission, they can access Salesforce only via APIs, regardless of their other permissions. This CU now enforces this in Lightning Out.

27. (Critical Update, Enforced) Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users, Authenticated Users Based on User Profile. This CU enforces user profile restrictions for Apex classes used by Aura and Lightning web components. The guest, portal, or community user as well as authenticated users must have access to the Apex class in order to have access to the @AuraEnabled Apex method.

28. (Security Alert and Critical Update, Enforced) Block Certain Fields in the User Record for Orgs with Communities and Portals. Enable the “Hide Personal Information” user setting that hides certain personal information from display to external users viewing user records. Note: The external user can still view their own user record information. Fields that are hidden are: Alias, EmployeeNumber, FederationIdentifier, SenderEmail, Signature, Username, Division, Title, Department and Extension.

29. (Critical Update, Enforced) Use with sharing for @AuraEnabled Apex Controllers with Implicit Sharing. With this CU, it will default to with sharing for @AuraEnabled Apex classes used by Aura components or Lightning web components. Note: Apex classes generally run in system mode. As a result, the current user’s permissions and field-level security aren’t automatically applied aren’t used to execute Apex logic. If all your @AuraEnabled code explicitly sets sharing behavior, this CU has no impact on your org.

30. Change Data Capture Enhancements:

• Receive Event Notifications for Record Changes on More Objects
• (Pilot) Enrich Change Event Messages with Fields That Are Always Included. Select which fields to always include in a change event message even when there is no change to the field.
• Change Events No Longer Blocked When Encryption Not Enabled. Event messages will no longer be blocked if you have not yet enabled event encryption in orgs with Platform Encryption.

31. Encrypt Platform Event Messages in the Event Bus. Create an event bus tenant secret in Setup | Key Management. Then enable encryption of platform events in the Encryption Policy page, also in Setup.

32. Security, Privacy and Identity Enhancements:

• User Can Log Into Salesforce Using Their Apple ID. Create an Apple authentication provider from the Salesforce Auth and your Salesforce and community users can login using their Apple credentials.
• Verify Your Domain Name for External Services. You can verify My Domain or a community domain in Setup | Domains Setup, select Verify next to the domain and choose the verification file that was downloaded form the external service.
• Prevent Identity Verification by Email. All net new orgs are configured so the identity verification by email is used only if the user has no other identity verification methods registered, such as Salesforce Authenticator, SMS, time-based one-time password (TOTP), physical key (U2F), and email. For existing orgs, you can enable this by going to Identity Verification in Setup, and selecting “Prevent identity verification by email when other methods are registered.”
• Restrict External User’s API Access. You can limit the API access for external users to just installed connected apps. Contact Salesforce Support to enable API Access Control in your org., Then go to Setup | API Access Control Settings and check the box “For external users, limited API access to only installed connected apps” and Save.
• OAuth Approval Page Timeout Extended. The timeout for approving access to connected apps on the OAuth Approval page has been extended from 15 minutes to 2 hours.
• (Pilot) Use Custom Domains for Sandboxes. You can now test new custom domains in a sandbox before deploying to Production.
• Prepare for the Certificate Change for My Domains. The certificate used in Production for My Domains is changing from a single *.my.salesforce.com certificate to an instance-specific *.InstanceName.force.com certificate. Salesforce recommends testing your API integrations before Production is upgraded to Spring 20. To receive notifications about certificate changes, join the Certificate Changes Trailblazer group.
• (Previously Released Critical Update) Stabilize the Hostname for My Domain URLs in Sandboxes. Starting July 11, 2020, this CU will be updated in Production orgs and in new or refreshed sandboxes. Salesforce has instance names from MyDomain URLs for sandboxes.
• (Previously Released Critical Update) Stabilize URLs for Visualforce, Experience Builder, Site.com Studio, and Content Files. Starting July 11, 2020, this CU will be updated in Production orgs and in new or refreshed sandboxes. Salesforce is removing the instance names from Visualforce, Experience Builder, Site.com Studio, and content file URLs.
• Get Stabilized My Domain URLs in New and Refreshed Sandboxes. As you create or refresh a sandbox, the URL hostname format will change.

<mydomain>–<sandboxname>.my.salesforce.com replaces <mydomain>–<SandboxName>.<servername>.my.salesforce.com

<mydomain>–c.visualforce.com replaces <mydomain>–c.<servername>.visual.force.com

<mydomain>–c.documentforce.com replaces <mydomain>–c.<servername>.content.force.com

All *.content.force.com URLs are replaced with *.documentforce.com.

• [Event Monitoring] (Beta) Detect Threats To Your Org. Use three new Real-Time Event Monitoring Events to track threats to your org.
  • ReportAnomalyEvent (Beta): Tracks anomalies in how users run or export reports.
  • SessionHijackingEvent (Beta): Tracks when unauthorized users try to hijack Salesforce sessions.
  • CredentialStuffingEvent (Beta): Tracks when a user successfully logs into Salesforce during an identified credential stuffing attack, or when large-scale automated login requests occur using stolen user credentials.
• [Event Monitoring] Determine If an Apex Request Is Counted as a Long-Running Request in the EventLogFile. Use the IS_LONG_RUNNING_REQUEST field of the Apex Execution event type to see if a request is running over 5 seconds.
• Manage Your Customers’ Communication Subscriptions. You can now store and track when and how your customer’s consented to be contacted, which channels and which communications they subscribe to.
• Store Multiple Contact Points and Customer Consent Information. You can now add best time to reach a contact, preferred method of contact using the contact point email and contact point phone fields. Note: Contact point phone and contact point email are displayed on the Individual object’s layout by default.
• Automatically Assign Records Created by Guest Users in Salesforce Sites to a Default Owner. Guest users are no longer the record owner when they create records in Salesforce sites. Go to Setup | Sites and select “Reassign new records created by guest users to the default owner” and save.
• Change the Session-Security-Level Policy for Managing Users. Set the ability to manage users to “Raise session to high assurance” before they access the page, go to Setup | Identity Verification, in the Session Security Level Policies section, for Manage Users, select “Raise session to high assurance” and click Save.
• Monitor More Changes in Setup Audit Trail. You can now track changes to the following:
  • Email Deliverability
  • Connected Apps
  • Notifications

33. Google Chrome Changes to SameSite Cookie Behavior Can Break Salesforce Integrations. Google Chrome 80 release scheduled for February 2020 has a change to the default cross-domain (SameSite) behavior of cookies. If you have a custom Salesforce integration that relies on cookies, Salesforce recommends you test them as they may break. This change particularly affects but is not limited to custom single sign-on, and integrations using iframes. Prior to this release, regression test and update the SameSite attribute on cookies used for cross-domain communication to explicitly set SameSite=None; Secure. Read this blog post for more information.

34. Globalization Enhancements

35. New and Changed Components for Change Sets

36. New and Changed Items for Developers:

• Lightning Components
• Apex
• ConnectedApi
• API
• Salesforce CLI

37. Package Enhancements

38. Customizable Forecasting Is Being Retired. Migrate to Collaborative Forecasts.

39. Original Territory Management Is Being Retired. Migrate to Enterprise Territory Management.

40. Data.com: Prospector and Clean Scheduled to Be Retired on July 31, 2020.