Creating Salesforce sites

Salesforce sites can be used to create public websites that are directly integrated with your Salesforce organization, in order to make pages available to users without having to sign in. Sage People uses Salesforce sites for:

  • External feedback for performance management

  • External assessors for competency assessments

  • Remote sites for PDFs

  • US Tax Forms

  • HCM and Recruit forms

  • Agency portals and candidate portals.

To create a Salesforce site:

  1. Go to the Sites setup page:

    Go to Setup, and in Quick Find enter Sites.

  2. Salesforce automatically creates a site domain using your organization's custom domain. If you have not done so already, read and accept the Salesforce Sites Terms of Use and select Register My Salesforce Site Domain.

    Screenshot: register a domain for Salesforce sites

  3. Select New:

    Screenshot: New button next to Sites

  4. Salesforce displays the Site Edit page:

    Screenshot: Site Edit page

  5. Complete the fields as required:

    Field Description
    Site Label

    The name of the site as you want it to appear to end users. Required.

    For example:

    • HCM Forms

    • PDF

    • Recruit

    • External Reviews

    • US Tax Forms
    Site Name

    The API name of the site used for reference by the Sales Sites API. Automatically created from the Site Label. Required.
    Site Description An optional description of the purpose of the site.
    Site Contact

    The Sage People User responsible for receiving site-specific communication from site visitors and from Salesforce. Autopopulated.

    To change the default, select Site Contact Lookup to find and select a user.
    Default Record Owner

    The Sage People User who will own all new records created by guest users. Defaults to the Site Contact. Autopopulated.

    To change the default, select Default Record Owner Lookup to find and select a user.

    Default Web Address

    The suffix used to create the unique URL for the site. This should briefly indicate the purpose of the site: for example: forms, pdf, feedback, or similar.

    The complete URL is the web address that visitors use to access the site, such as:

    https://myorg.my.salesforce-sites.com/mysite

    Note: for US Tax Forms, the address suffix must be symmetry.
    Active Checkbox. Check to activate the site. The site must be activated before it can be used. When checked, the site is activated as soon as your changes have been saved.
    Active Site Home Page

    The name of the Visualforce page to act as the site's home page when the site is active. Select Active Site Home Page Lookup to find and select the Visualforce page for the site. Required.

    Default Visualforce pages are available for many product areas, for example:

    Product area Visualforce page Namespace
    PDF templates PDF fHCM2
    US tax forms SymmetryPostbackPage spustaxforms
    External feedback ExternalFeedback spperfmgmt
    Competency assessments AssessmentExternal fHCM2
    HCM forms Forms fHCM2
    Recruit forms Forms fRecruit
    Candidate portals ApplyJobList fRecruit
    Agency portals AgencyJobList fRecruit
    Inactive Site Home Page

    The name of the Visualforce page displayed when the site is inactive.

    Preset to InMaintenance. Leave unchanged unless you have created a substitute. InMaintenance displays a standard message. Select Preview to view the page.
    Site Template The name of the Visualforce page providing the page layout and stylesheet for your site. Preset to SiteTemplate. Leave unchanged unless you have created a substitute.
    Site Robots.txt A plain text file, typically prepared as a Visualforce page, controlling which parts of the site web spiders and other web robots can access. Leave blank.
    Site Favorite Icon An icon appearing in the browser's address field when you visit the site. Leave blank.
    Analytics Tracking Code The tracking code for your site, used by analytics services to track page request data. Leave blank.
    URL Rewriter Class The name of an Apex Class used to rewrite URLs for your site, substituting user friendly URLs for Salesforce URLs. Leave blank.
    Enable Feeds Checkbox. If checked, the Syndication Feeds Related List is displayed, enabling you to create and manage syndication feeds for users on your sites. Leave unchecked.
    Clickjack Protection Level

    The level of protection to apply to the content of your site, controlling the ability to hide malicious hyperlinks beneath legitimate selectable content.

    Defaults to Allow framing by the same origin only (recommended). Same origin framing enables the site's pages to be framed by pages on the same domain, using the same protocol.

    Leave at the default setting unless you have a good reason to change it.

    Lightning Features for Guest Users

    Checkbox. If checked, Guest Users can view features made available exclusively through the Salesforce Lightning Experience interface. Uncheck.
    Enable Content Sniffing Protection Checkbox. If checked, the browser is forced to use the information supplied in the HTTP header Content-Type field, not the actual content of the response. Leave checked.
    Enable Browser Cross Site Scripting Protection

    Checkbox. If checked, the cross-site scripting filter built in to browsers (x-xss protection: 1) is enabled to stop pages from loading when a cross-site scripting (XSS) attack is detected. Leave checked.
    Referrer URL Protection

    Checkbox. If checked, when loading assets or navigating outside Salesforce, the referrer header shows a truncated url such as salesforce-sites.com and not the complete URL. This feature stops a referrer header revealing sensitive information such as an org identifier that might be present in a full URL.
    Allow only required cookies for this site

    Checkbox. If you don’t enable the setting, the site allows all cookies, including required, functional, and advertising types. To only allow required Salesforce-supplied cookies for the site, select the checkbox. Leave unchecked unless you have a reason to change it.
    Redirect to custom domain

    Checkbox. If multiple custom domains serve the site, requests are routed to the site’s primary custom URL only if it’s an HTTPS custom domain. Otherwise, requests are redirected to the first HTTPS custom domain associated with this site, in alphanumeric order. If no HTTPS custom domain serves the site, this option has no effect. Leave checked.
    Cache public Visualforce pages Checkbox. Caches your site’s Visualforce pages in the user's browser to reduce page load times. Leave checked.
    Guest Access to the Support API Checkbox. If checked, the Support API is accessible to guest users. Leave unchecked.

  6. Select Save.

For more information about sites, see the Salesforce help article: Salesforce help: Salesforce Sites.

Depending on the product area and site function, you might need to perform additional configuration for the site in order to enable site functionality and public access.

Configuration step Forms PDF Feedback External assessors US Tax Forms Agency or candidate portals
Configure Visualforce page access Yes Yes Not required Yes Yes Yes
Configure Apex class access Yes Not required Not required Not required Yes Not required
Configure guest user access Yes Yes Yes Yes Not required Yes
Add a Remote Site Not required Yes Not required Not required Not required Not required
Add the site URL to the package configuration page Not required Yes Yes Not required Yes Not required

 

Refer to the related setup topics for each product area for further information about these configuration steps.