Salesforce has announced that they will disable Transport Layer Security (TLS) 1.0 across the platform for sandbox instances beginning June 25th. If your team currently uses TLS 1.0 encryption to connect Marketing Cloud with Salesforce, this disablement will prevent Marketing Cloud from accessing the Salesforce service within inbound and outbound connections.

To ensure your team is educated and equipped to address the ramifications of this disablement, we outlined the three steps necessary for a smooth transition:

1. Know the areas of impact.

Make sure you’re prepared for changes across your Salesforce instance. Take note of these key areas:

• User browser access: Browser incompatibility will prevent your internal and external users from accessing your Salesforce org, Communities and Sites.
• Case submission and management: Admins using incompatible browsers will be unable to access the Salesforce Help & Training portal, impacting case submission and management.
• Microsoft email integrations: Integrations such as Salesforce for Outlook, Exchange Sync and Salesforce App for Outlook won’t work if users don’t have compatible local system requirements.
• API integrations: These integrations will cease to work if they are not compatible with the latest version of TLS.

2. Understand the impact on Marketing Cloud Connect usage.

If you use Marketing Cloud Connect, note that it will not support TLS 1.1 or higher, which means that any communication into Salesforce from the Marketing Cloud outside of Layer 7 does not support TLS 1.1 or higher. At present, there is no definitive date for Marketing Cloud support of TLS 1.1 or 1.2; as such, we do not recommend that you update to TLS 1.1 at this time.

What to do if your account automatically updates: If your account automatically upgraded to TLS 1.1, your Sales or Service Clouds will not be able to communicate to your Marketing Cloud account through Marketing Cloud Connect. In Marketing Cloud, you’ll likely see an error stating that your credentials are bad, whereas in Sales or Service Clouds, you’ll see an error stating that the Marketing Cloud cannot be reached.

In this case, revert to TLS 1.0. Until the Marketing Cloud supports TLS 1.1 and TLS 1.2 outside of Layer 7, customers will need to revert to TLS 1.0. Follow the steps below to revert to TLS 1.0.

• Log in to your Salesforce account
• Go to Setup
• In the Quickfind box, type “Critical Updates” and then select Critical Updates
• Deactivate Require TLS 1.1 or higher for HTTPS connections if activated

3. Test early to prepare for the transition.

Plan ahead for testing to ensure a smooth transition. The disablement will begin June 25th, 2016 so begin preparing now. Refer to Salesforce’s TLS 1.0 Disablement Readiness Checklist for actionable steps.

To get started with testing, use the Critical Update Console (CRUC) setting, "Require TLS 1.1 or higher for HTTPS connections," to test the disablement of TLS 1.0 within your sandbox and production org. Test this CRUC update in a sandbox environment to verify end-to-end compatibility before testing it in your production org. See the TLS 1.0 Disablement Critical Update Console (CRUC) Setting article for more details.

Want to make sure your team is primed for the transition? Connect with one of our marketing experts.