The list of Spring ’21 features below apply to both Salesforce Lightning Experience and Classic.
There are additional Spring ’21 features available to Salesforce Classic only, Lightning Experience only, Salesforce Experience Enhancements, Mobile Enhancements, Other Enhancements in the Summer ’21 Release Highlights post.
Note: These features are not listed in any specific order.
1.MFA Required For All Internal Users: Starting February 1, 2022, Salesforce will require MFA for direct and SSO logins into Salesforce, using ither Salesforce’s MFA or your own single sign-on provider’s MFA service. Learn more.
3. Profiles and Permissions Enhancements:
A. (Beta) Set Assignment Expirations on Permissions in Permission Sets and Permission Set Groups. Set an expiration date/time zone for a permission set group when you assign it to users. In User Management Settings, enable Permission Set Group Assignments with Expiration Dates (Beta). If you need to assign the PSG with different dates/time zone, you will need to assign the users separately as shown in the demo gif.
B. (Update Enforced) Convert the Read Only Standard Profile to a Custom Profile. Enforced in Summer ’21, the standard Read Only profile has been converted to a custom Read Only profile for you to add and remove permissions, as needed. If you decide to still use the standard Read Only profile, please ensure you reference the correct name of the standard Read Only profile after it’s converted. Note: New Salesforce orgs created Spring ’21 or later do not have the Read Only standard profile.
C. Add Access Conversation Entries Permission to Review Previous Voice Transcripts.
4. Fields Enhancements:
A. Two Settings to Improve Picklist Performance. When troubleshooting, you can temporarily Remove the upper bound on inactive picklist values of 4000 picklists. You can also apply the upper bound limit on standard picklist with Establishing upper bound on existing picklists.
B. Hard Limit on Custom Fields Increased to 900 fields. Refer to Release Notes to view the objects this applies to.
5. (Generally Available) Account-Based Campaign Management is Now Available. Add accounts as campaign members. In Setup search for Accounts As Campaign Members. Enable the setting and add Campaign History related list to the account page.
6. Case Management Enhancements:
A. (Update, Postponed) Disable Ref ID and Transition to New Email Threading Behavior. This will be enforced Summer ’22. The new Email-to-Case Threading behavior will match incoming emails using standard Email Headers, not the Ref ID in the subject or body. The Email-to-Case is backward compatible until the new threading method is turned on or enforced. To prep for this change, verify there is data in the Message-ID, In-Reply-To and Reference fields. Use getCaseIdFromEmailHeaders to replace getCaseIdFromEmailThreadId in your custom code to avoid your code not working with the new threading behavior.
B. Use a Macro to Send Multiple Emails. Use the Bulk Macro from the Case List View or Record Home Page, select an email template (Classic or Lightning) to send multiple emails.
C. Track case Email Alerts with Threading in the Case Feed. When you turn on the E2CThreading permission, you can set up automation to send email alerts. Inbound replies to an email alert are saved in the Case Feed.
D. Use a Default No-Reply Address as System Address for Case Email Notifications. This will auto-activate in Spring ’22. If existing orgs do not set up the default No-Reply address as the system address for case email notifications, HTML and custom email components will not appear.
7. Lightning Component Enhancements:
A. Aura Components in ui Namespace Are Deprecated as of May 1, 2021. Replace with counterpart in lightning namespace.
B. Aura and Lightning Web Components are not tracked in Setup Audit Trail. Creation change or deletion of aura or lightning Web components will now be tracked.
C. A New Custom Label and LWC can be Deployed Together. Prior to Summer ’21, you had to deploy the custom label first and then the component that references it in a second deployment.
8. Share Records Owned by High Volume Community or Site Users To Guest Users When Creating Guest User Sharing Rules. This setting is not available for owner-based or criteria sharing rules as a result of the recent guest user security changes.
9. Use Your Account App to add products and license, manage contracts and account support. Note: Admins with Manage Billing permission can turn on the Your Account app by gong to Manage Subscription in Setup and enabling the Manage your subscription with Your Account on the checkout page.
10. Salesforce Optimizer PDF Report Is Being Retired as of June 2021. Instead, you will use the interactive Salesforce Optimizer app.
11. Email Enhancements:
A. Refine Email Open Data with IP Address Blocking. In Setup, search on Filter Email Tracking, turn Filter Email Tracking by IP Address to on.
B. Select Auth Type for Email Relay. You can now choose between Auth Plain and Auth Login for the SASL mechanism to use for email relay.
12. View Where Your Activity Data is Stored on the Salesforce Amazon Web Services Infrastructure – Germany or United States. For Inbox, go to Inbox Setup Assistant; for High Velocity Sales, go to the High Velocity Sales setup page or for Einstein Activity Capture, go to the Summary tab on the Einstein Activity Capture page.
13. (Generally Available) Attach Actions to Asynchronous Apex Jobs Using Transaction Finalizers. FinalizerContext interface contains 4 methods: getAsyncJobId, getRequestId, getResult and getException. See Release Notes for more information.
14. Security Enhancements:
A. One-Time Passwords (OTP) Used for Identity Verification will Increase to 6 Digits in Winter ‘22. Update your custom code for MFA or passwordless login to use 6 digits OTP before Winter ’22.
B. Secure HTTPs Connections are Enforced in Domains. HTTP-only domains are disabled in Summer ’21.
C. Allow Only Secure Connections to Your Domain with HSTS Preloading. With this feature, your HTTPS connections are always used in supported browsers, eliminating the vulnerability that HTTP request redirection to HTTPS can cause. Go to Domains, edit the custom domain, select Allow HSTS preloading registration. Then go to https://hstspreload.org to submit your domain.
D. (Update) Enable Enhanced Domains. Enable enhanced domains to use with your My Domain name in URLs, such as Salesforce Sites and Experience Cloud sites. Since this update impacts application URLs. Salesforce recommends enabling this before it is enforced in Summer ’22.
E. Deploy a My Domain to be Enforced in Winter ‘22. This will be enforced in Winter ’22. So prior to that, you can deploy your own custom My Domain or Salesforce will assign you one based on your company name.
F. Standard and Custom Scopes Returned With an Access Token with OAuth 2.0 JWT Bearer Flow. To set this up, preapprove the connected app.
G. Require Password Changes for Email Address Updates for Added Security. You can change the email address and if you enable Generate new password and notify user immediately on the user record, the user will get a password reset link at their new email address and they must set a new password in order to activate the new email address.
15. Shield Enhancements: (Note: These require a Salesforce Shield or Shield Platform Encryption add-on)
A. Encrypt Contact Point Information. Enable probabilistic encryption for Contact Point Address – Address, Contact Point Email – Email address and Contact Point Phone – Telephone number.
B. (Beta) Encrypt Your User’s Email Address. In Setup, find Encryption Policy, select Encrypt Fields, Edit, select Email under the User section.
16. Event Monitoring Enhancements: (Note: These require the Salesforce Shield or Salesforce Event Monitoring add-on)
A. User Type Information is Now in the EventLogFile. Use the USER_TYPE field to determine whether the user is a guest user or authenticated. Note: This is not available in the Event Monitoring Analytics app, just via the API.
B. Track Your API Version Using the API Total Usage Event. Monitor your consumption (SOAP, Bulk v1 and REST API requests up to version 30.0) in the EventLogFile object.
C. (Pilot) Monitor Changes to Permission Sets and Permission Set Groups Using Real-Time Event Monitoring. Contact Salesforce to be nominated into this pilot.
17. (Beta) See Aggregated Threat Detection Metrics in Security Center. Note: This requires a purchase of Security Center and Threat Detection add-on.
18. API Enhancements:
A. Legacy (SOAP REST and Bulk) API Versions 20.0 and Earlier are Deprecated and No Longer Supported.
B. Platform REST API and Bulk API now Return a Warning Header If Deprecated API Version is Used. Text shown: Warning: 299 – “This API is deprecated and will be removed by Summer ’22. Please see https://help.salesforce.com/articleView?id=000351312 for details.”
19. Use the EventUuid Field to Identify and Match Event Messages for Platform Events. Compare the UUID field on published and received event messages to determine whether messages have not been delivered for you to republish them.
20. New or Changed Items for Developers:
21. Release Updates:
A. (Update, Enforced) Disable Access to Non-global Apex Controller Methods in Managed Packages. When enabled only methods marked global access modifier can be accessed via Aura components outside the managed package namespace.
B. (Update Enforced) Enforce Access Modifiers on Apex Properties in Lightning Component Markup. This update makes Aura and Lightning Web components in line with Apex properties in other contexts.
C. (Update, Postponed) Ensure Secure Static Resources for Lightning Components. This has been postponed indefinitely as Salesforce changes the implementation to minimize customer impact. Do not enable it.
D. (Update) Securely Access Aura Components. An external component with access = “public” will only be accessible by other components with the same namespace or internal Salesforce components.
F. (Previously Released Update) Prevent Consecutive API Navigation Calls in Visualforce Pages. This will be enforced in Winter ’22. The update will not allow API navigation calls to be fired consecutively. It will only fire the first navigation call.