What is Spekit?

Spekit is a webapp that connects to your Salesforce org via OAuth, allowing you to import select metadata including objects, fields and pick-list values into the data wiki for documentation purposes. Certain object and field details are pulled from Salesforce whereas some are native to Spekit. 

The data wiki’s unique design can easily be searched, filtered and  shared with your end users who can access the info directly in Spekit or contextually using keyword match through the Chrome Extension. 

How does Spekit connect to Salesforce?

When setting-up Spekit, users with a System Administrator profile in Spekit can authenticate with Salesforce using OAuth. 

End-users have the option of signing in using Salesforce via OAuth or can sign-in directly with their Spekit email and password.

What metadata is imported into Spekit?

Spekit imports the following information about your fields:

For Objects: 

  • Label
  • Internal description (populates Definition field in Spekit and managed in Spekit after first sync) 
  • Fields located on the object
  • Record count for the object
  • Type (Custom or standard) 
  • SFDC API Name
  • SFDC setup link (to that object in Salesforce)

For Fields:

  • Label
  • Help text (populates Definition in Spekit and managed in Spekit after sync)
  • Field Type
  • Calculated Formula (for type = Formula)
  • Related Picklist Values (for type = Picklist) 
  • Required (Y/N)
  • Default value
  • SFDC API Name
  • SFDC setup link (to all fields view for that object) 

For Picklist values: 

  • Label
  • Parent Field

We also plan to pull in additional metadata types in upcoming releases

If you’re looking to import other types of metadata for documentation purposes, please share your use cases with zari@spekit.co.

Are there different roles in Spekit?

Yes, there are three different roles in Spekit that can be assigned to users.

Viewer: This role is designed for end-users who want to benefit from the definitions and rules documented in Spekit. Permissions include:

  • Read-only access with ability to search and filter the data wiki in Spekit
  • Chrome extension download and access.

Data Expert: This role is used to assign business owners in your organization to share their subject matter expertise on certain fields and terminology in the data wiki. Permissions include:

  • Viewer permissions
  • Create custom business terms
  • Edit definitions and business rules

Admin: This role has full edit and configuration access in Spekit. By default, any user with a System Administrator profile in Salesforce is assigned this role. Permissions include:

  • Data Expert permissions
  • Import objects
  • Import picklist values
  • User-management
  • Hide terms in data wiki 
Can you connect to Salesforce using my Sandbox?

Yes. When signing-up, users have the option to connect either using a Sandbox org or a Production org. 

Note that at the moment, data cannot be transferred between orgs. In other words, if you decide to connect your production org to Spekit after your Sandbox, you will have to contact support@spekit.co to have any of your work or Data Expert assignments transferred.

What types of objects can you import in Spekit?

In the Object Import screen, you have the option to import:

  • Standard Objects (visible by default)
  • Custom Objects (visible by default)
  • System Objects (manually sync to view options)
  • Installed Packages (manually sync to view options)
Do users need a Salesforce license to use Spekit?

No. While Spekit uses your Salesforce metadata as a baseline, the goal is to create a source of truth and reference for anyone in your organization to access around the information and definitions they need around your data points and business terminology.

To this end, any Spekit user can access the information in Spekit using the webapp or Chrome Extension, regardless of whether or not they have a Salesforce license.

Does Spekit maintain any version control system for my metadata?

While we should not be viewed as a system of metadata backup, we do store logs on certain changes made directly in Spekit. For example, we track Last Edited On in Spekit, Last Edited By in Spekit, Last Synced from SFDC, etc.

Login Issues


I’m getting a 500 error when trying to authenticate with Salesforce for the first time

Your organization likely enforces IP address restrictions at login. 

To confirm that the IP address is the issue, do the following:

  1. Log into Salesforce
  2. Go to Setup –> Manage Users –> Login History
  3. Look for your login attempt with Spekit by searching the Application Name column for Spekit. 
  4. The Status should read: ‘Restricted IP’ Error  
  5. Write down the IP address in Source IP column

Next, try the following:

1)  Create a Trusted IP range for Spekit in Network Access

  1. Go to Setup –> Security Controls –> Network Access
  2. Create a “New” trusted IP range for Spekit and enter the IP address you wrote down from the login attempt to your Trusted IP ranges in Network Access.
  3. Once that IP range is saved, try signing-in to Spekit again. 

2)  Enter IP address in User Profile

  1. If Login Fails after trying solution 1, see if the error message and IP address still remain the same.
  2. If yes, then go Manage Users –> Profiles –> Login IP Ranges
  3. Create a “New” trusted IP range for Spekit and enter the IP address.
  4. Once that IP range is saved, try signing-in to Spekit again. 

3) Append the Security Token with Password.

  1. From your personal settings, enter Reset in the Quick Find box, then select Reset Security Token
  2. The new security token is sent to the email address in your Salesforce personal settings.
  3. Try logging in again by appending the security token to your password.

If these solutions don’t solve it, please email support@spekit.co

FAQ

Security


How will the Spekit platform interact with client systems?

Spekit connects to your Salesforce instance(s) using the Describe, List, DescribeSObject, Retrieve Package, REST, Metadata and SOAP APIs. We extract the following information from your Salesforce instance(s):
• User profiles
• Salesforce organization info
• Object, field, picklist value counts
• Users (name, email, company name, ID URL, Salesforce ID, Last login date, title, about me, department, division, employee number, extension, mobile phone, photos, )
• All metadata details (describe API, list API)

The data is stored in an encrypted PostgreSQL database hosted on Amazon RDS. It is also indexed in our ElasticSearch servers (hosted on AWS EC2). Spekit performs searches on the fetched data to create a data dictionary and training tool for Salesforce users. Please see our privacy policy for details.

Is Spekit compliant with any privacy frameworks (Safe Harbor, Privacy Shield, GDPR, etc.)?

We are in the process of applying for Privacy Shield and hope for this to be completed by end of July 2018.

Who is the point of contact for security-related questions?

Our Tech Lead is primarily responsible for information security and can be contacted at security@spekit.co.

Does Spekit have a SOC 2 report, ISO 27001 certification, or other compliance documents?

Not at this stage. Our mid-term goals include ISO 27001 certification. Since we don’t pull any financial information, SOC 2 is not relevant to us.

Does Spekit use any third parties in providing this service? What are they and how does each service interacts with customer data?

Yes we do use third-party services.

The data is hosted in AWS RDS.
The data is accessed and served via our application which is hosted on AWS EC2.
For performance monitoring of our site, we use New Relic, which may capture Spekit user session data points while logging transactions.
For tracking usage of our app and chrome extension, we use Segment and Google Analytics.
For email communications, we use Mailchimp/Mandrill and Yesware.
For customer relationship management, we use Salesforce.

All of the above, with the exception of Segment, are Privacy Shield certified. Segment has a Data Protection Policy with clauses for EU users, and plans to be GDPR compliant: https://segment.com/blog/segment-and-the-gdpr/

What procedures does Spekit have in place to determine whether a third party should have access to your customers’ data?

We don’t provide third-parties access to our customer data directly. The only access they get is in context of the services provided by the respective applications.

Before we engage with a third party, we ensure that the third-party has a privacy policy compliant with GDPR and/or is Privacy Shield certified.

Please describe the physical location(s) of customer data processed and stored by your system.

Amazon US East 2 (Ohio) and our office in San Francisco, CA.

How does the Spekit platform connect to customer systems? How are authentication credentials or tokens protected within the boundaries of your system?

We connect via Salesforce OAuth and store the refresh token from Salesforce in our database. We use transport and storage level security (TLS and AES256).

Is data that collected by the Spekit platform encrypted at rest?

Data is encrypted in transit (HTTPS) and in storage (AES256). The metadata from your Salesforce org stored in ElasticSearch is not encrypted, however, it is password protected and firewalled.

What controls are in place to protect the Spekit production network?

1. Our app is hosted on AWS EC2 and uses RDS for data storage
2. Our servers and databases are behind firewalls and Intrusion Prevention Software
3. Access to our servers is limited to certain whitelisted IPs

What data access points does Spekit require and how are they restricted?

Databases can currently only be accessed from our application servers. The credentials to the servers and databases are provided on a strictly need basis.

The application can have certain administrative users for customer support roles. These users will be restricted to using the application via web and/or mobile interfaces and will not be able to access the underlying servers and/or databases directly.

How is access to production infrastructure managed?

1. The production databases are hosted on AWS RDS and as such, it is not possible to access the underlying operating system. The databases are currently only accessible via the application servers.


2. The application servers can be accessed from certain whitelisted IP addresses via SSH

Is there a process for Spekit employees to request and provision access to production infrastructure?

All requests for privilege escalation and/or access to the production infrastructure go through the Tech Lead, the CPO and the CEO.

Are access privileges reviewed on a periodic basis?

Yes, we have a quarterly review of access privileges and plan to make this more frequent as our team grows.

What steps has Spekit taken to prevent the introduction of malicious software to employee workstations and production servers?

Our production servers are hosted by AWS and are behind firewalls and Intrusion Prevention Software.

Our employees: 1) Have two-factor authentication enabled on all sites that support it, 2) Are aware of phishing attacks and other common vectors, 3) Must gain approval before installing any third-party software on Spekit systems

How often are employees required to complete security awareness training?

We have a quarterly online security awareness training that all employees must take.

What is Spekit’s security incident response process, including procedures for capturing, documenting, and remediating incidents or breaches of customer data?

We are in the process of setting up log analytics for our infrastructure. Once this system is up, we will configure automated alerts to detect anomalous behaviour. Once such an alert is generated, the Tech Lead will investigate the issue to determine the threat level. If an issue is discovered, a notification will be generated internally and will trigger our client information sharing procedures. The Tech Lead will meanwhile focus the energies of the team on mitigating the issue (based on the threat level). Periodic updates will be shared as deemed necessary. And once the incident has been resolved, a summary will be released.

Please describe Spekit’s SDLC controls. Are duties between developers and server admins segregated?

We do not have segregated duties between developers and server admins. As a result of this, and our small company size, our change management process is tightly coupled with ensuring security and compliance under the purview of our CPO and Tech Lead.

Do platform changes require explicit approval?

For changes to the Spekit platform, explicit approval is required from either the CPO, CEO or Tech Lead as a part of our agile development process. Requests and approvals are documented in our project management system of record (JIRA/Atlassian). For customers, release notes will be provided on our publicly available site.

Are platform changes tested prior to release? How is testing documented?

Yes. We conduct both end-to-end functional QA and regression tests on our internal staging environments (including testing Salesforce integrations) before releasing new functionality to production.

Data Wiki FAQ


How often is the Salesforce metadata we imported into Spekit updated?

As an admin, you can re-sync metadata from your Salesforce org at any time by going to the Accounts section and clicking “Manual resync”.

You may be asked to re-authenticate your org by logging into Salesforce.

What happens if I add a new object, field or picklist value in Salesforce?

Behavior upon re-sync:

  • New Objects: New objects will show up in the Manage Objects section (accessible from Accounts).
  • New Fields: New fields that belong to previously imported objects will show up as new terms in the Data Wiki.
  • New Picklist Values:
    • For picklist values you haven’t imported: We will show you the updated list of values available for import upon re-sync.
    • For picklist values you HAVE imported – we aren’t pulling in any additions on re-sync right now. Upcoming fix: 1) You re-sync 2) We detect that you’ve added new picklist values to a previously imported set 3) We autoimport the new values”
What happens if I delete an object, field or picklist value in our connected Salesforce org?

The associated Spekit terms remain unchanged in the Data Wiki even if you delete them in Salesforce.

Coming soon: We have a feature upcoming that marks all deleted objects, fields and picklist values in your org as “Retired” and auto-hides them from end users upon re-sync. We won’t delete so that you don’t lose any information against the old terms, and as an admin, you will be able to filter in and view these “Retired” terms. 

What happens if I change an object, field or picklist Name/API Name in Salesforce?

Since we use the API Name as the unique identifier to import terms, renaming the API Name/Name will create a second term in Spekit with the new API Name/Name upon re-sync.

Upcoming feature: Ability to manually mark duplicate values as retired

What happens if I change the label of an existing object, field or picklist in Salesforce?

Upon re-sync, we will update the label of the associated term in Spekit to reflect your changes in Salesforce.

What happens if I update the Data Type of a field in Salesforce?

Upon re-sync, we’ll reflect the updated Data Type in Spekit.

Note that if you change a field with Data Type = Picklist to another Data Type, any previously imported picklist values will not be removed when you update the Data Type.

Can we import or export metadata from Spekit?

Yes, you can! We provide excel import and export via the Settings page. The frontend UI for this is under construction, but we’re happy to do this for you in the meanwhile. Just email your docs with a note to support@spekit.co.  

Please note that right now, you cannot upload docs into Spekit – just embedded videos, images and links.

How To’s


How do I create a custom card?

Data Wiki cards can be added by any Spekit Admins or Data Expert  in the data wiki in two easy steps:

  1. Use the drop-down menu to add a new card

2. Add your details:

3. Use the search bar or navigation tab to find all your custom cards easily

 

When would I need to use custom columns?

With custom columns, you can add custom, company-specific information to existing fields, objects or other metadata in your Data Wiki. In other words, it’s a streamlined way to extend the benefits of the Spekit data dictionary to other parts of your business.

Here are some use cases to get you started:

  • Source: Do you struggle to figure out how a particular field is populated? Create a column to store the original source of that data, ex: Is it from a website sign-up form or is it manually entered data?
  • Mappings: Store mappings between Salesforce API names and other internal databases or system API names to make it easier for anyone in your company to work on a report or integration.
  • GDPR compliance: Keep track of which fields or objects in your Salesforce org store personal data.
  • External Links: Add links to external documentation related to your metadata at the field, picklist or object-level, ex: Training modules in Trailhead, and tickets in JIRA/Confluence or Cases.
  • Custom definitions by team: Store relevant info catering to different audiences, ex: a “Retail Sales Definition” column.
  • Synonyms: Do you use certain terms interchangeably? Add a column for synonyms so that Spekit can easily pull up matches regardless of what term the user searched.

 

How do custom columns work?

Custom columns can be added by Spekit Admins to all terms, or to a single term type. For example, you may just want to track that data point for objects and not for fields or picklist values.

 

create_column.gif
Add a new custom column from Settings > Custom Columns.

Custom columns and their data can be viewed by all users. Once added, the new data point will appear in the expanded when clicking on a term. Text can be added to the custom columns in the same way that the definition or business rule is updated by clicking the edit button.

expanded_view_custom_column edit

You can also use the column toggle to display new columns in the main Data Wiki.

column_toggle