Skip to main content
Build the future with Agentforce at TDX in San Francisco or on Salesforce+ on March 5–6. Register now.

Install and Configure Salesforce Data Mask

Learning Objectives

After completing this unit, you’ll understand:

  • How to install Data Mask.
  • How the Data Mask configuration options impact the sandbox data.
  • How to run a masking job in your sandbox.

Install the Data Mask Managed Package

Now that you know your options for securing sandbox data, let's walk through how to install, configure, and use Data Mask. To install and use the Data Mask managed package in your production org, you must enable certain features in your production org and specify user permissions. Refer to Salesforce Help for details. Then, follow the standard process for installing a managed package. Once the package is installed, Salesforce automatically upgrades the package with new features and bug fixes.

Configure Data Mask

After you install the managed package in your production org, launch Data Mask. When the application opens, you can choose a previously saved masking configuration or start from scratch.

You can configure the masking in one of two ways. Configure it in production, then when a sandbox is created or refreshed, the configuration appears in the sandbox. Or, configure the masking in an existing sandbox.

Give the mask a name, API name, and description. Then, you can choose whether to mask case comments or delete all emails and Chatter feeds.

Select the Data to Mask

After you set the general configuration options, choose which data to mask. From the list of all standard and custom objects in your production org, select all objects that contain sensitive data.

For each object you select, configure the masking rules for each of its fields.

  • Replace with Random Characters or Numbers—Replaces sensitive data with random characters or numbers that are readable, but not recognizable. If replacing data with random numbers, specify the minimum and maximum value for the field.
  • Replace from Library—Replaces sensitive data with random but recognizable data using one of these libraries that you choose:
    • First Name
    • Last Name
    • Company Name
    • Email
    • Street
    • City
    • Country
    • Country (Abbr.)
    • State
    • Postal Code
    • Phone Number
    • Social Security Number
  • Delete—Deletes sensitive data entirely, leaving an empty data set.
Note

Important

Checkbox, lookup, and picklist field types aren’t supported.

Run the Data Mask in Your Sandbox

When configuration is complete, you can start to mask your sandbox data. Run the mask each time you want to replace or delete the data in your sandbox.

  1. From the Data Mask Home tab of your sandbox, click the dropdown arrow for the masking configuration you want and select Run.
  2. Monitor the progress of a run by viewing the status message in the list view for the mask job that is running.
  3. To verify that the records are properly masked, manually spot check your sandbox data. Then you can grant more users access to the sandbox.

To see more information about the masking process for each job, refer to the Masking Execution Logs tab in Data Mask.

Conclusion

Once installed and configured, Data Mask lets you configure data masking to meet your security requirements for sensitive data in your sandbox orgs. You can be confident that users accessing your sandbox org for testing or development don’t have access to sensitive data and that your org complies with privacy regulations.

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback