Admin Guide Overview
This guide covers the administrative tasks required to set up, configure, and maintain aprity in your Salesforce organization.
Who Is an Admin?
An aprity Admin is a Salesforce user who has been assigned the Aprity_Admin permission set. Admins have access to:
- Generate tab — Launch documentation scans
- Connectors tab — Manage third-party integrations (Confluence and Salesforce Knowledge publishing, Story Agent trackers — Jira / Azure DevOps / Slack, the Agentforce Help Agent, the Remote MCP server, and BYOLLM)
- Schedule tab — Configure automated recurring scans
- All features available to standard users
Admin vs User Permissions
| Capability | Aprity_Admin | Aprity_User |
|---|---|---|
| View scan results | Yes | Yes |
| View documentation in the web portal | Yes | Yes |
| Submit feedback | Yes | Yes |
| Launch new scans | Yes | No |
| Retry failed scans | Yes | No |
| Configure scheduling | Yes | No |
| Manage connectors | Yes | No |
| Access On-Demand Docs | Yes | Yes |
| View Execution Graph | Yes | Yes |
Key Admin Tasks
- Installing the managed package — AppExchange installation and initial setup
- Registering your org — Activation code and registration
- Configuring JWT authentication — External Client App and certificate setup
- Assigning permission sets — Grant Aprity_Admin or Aprity_User to your users via Setup > Permission Sets
- Managing Named Credentials — The API endpoint is configured automatically during registration
- Plan management — Understanding and upgrading your plan
- Certificate rotation — Re-download a new certificate from aprity and re-upload to your External Client App when the current one expires
Salesforce now steers admins to create an External Client App (ECA) rather than the legacy Connected App. The same app powers both the JWT Bearer authentication used by the aprity backend and the OAuth (Authorization Code + PKCE) login for the aprity web portal. These guides may say "Connected App" in places; the steps are equivalent for an External Client App.
Security Model
aprity uses a multi-layered security model:
- JWT Bearer authentication — No passwords stored, certificate-based
- HMAC request signing — Every API call is cryptographically signed
- Tenant isolation — Complete data separation between organizations
- Azure hosting — Data stored in Azure France Central with encryption at rest
Documentation is delivered exclusively through the aprity web portal (a SPA secured by Salesforce SSO) — there are no downloadable documentation files on any plan. The only real downloads are the StorySite backlog export (Excel / CSV) and the JWT setup certificate.