Mask PIN entry on SFM

We have an SFM which allows the user to digitally sign a Work Order by entering the Salesforce ID PIN on the screen.  The PIN is unmasked and is displayed on the screen until the user saves the SFM.  We would like the PIN to be masked with asterisks upon entry.  This is a compliance issue for us in the medical device arena.  The requirement is needed for SFMs run in the browser and also the ServiceMax iPad app.

What is the underlying problem do you intend to solve with this idea?
We need to solve a compliance issue to provide privacy and security for PIN entry on an SFM.
How is the problem being addressed today, if at all?
It is not being addressed, as we have yet to find a technical solution for the problem.
Product Area?
Work Order Management Other
What version of ServiceMax are you on?
Summer 16
Customer Success Team
Customer Success Team

@susanbmichel Does this still happen in your current version?


@shivaranjini_g   Could we please get a status on this one?  Thanks!

Product Team
Product Team
Status changed to: Under Consideration
Customer Success Team
Customer Success Team

@shivaranjini_g   Thanks for the status update!  

Pastry Chef
Pastry Chef

Hello @susanbmichel. I'm not sure which Salesforce ID you are using, but if you are using the Engineer's Salesforce ID as a PIN on the Work Order then this might work for you.

What if in an SFM you only asked the Engineer to add their name to a lookup. Then via Lookup Form-fill, you could fill in the ID into the PIN field in the background. Neither the Engineer nor customer would see the actual PIN.

I would be interested in understanding your use case better.

Sushi Chef
Sushi Chef

@mmajerus6 Thank you for the response.

We use the PIN feature on the Salesforce ID. The user sets this PIN and is the only person who knows the value. (See screenshot) It appears this is a ServiceMax feature, now that I look at it.

We use the PIN as a signature. This is our flow:

> Dispatch work order to technician. Store the technician's salesforce User ID on the work order

> Process the work order fully to Completed status.

> Open an SFM called Sign and Close WO. Two things appear on this SFM:

1. salesforce user ID box (defaulted to null)

2. PIN box (defaulted to null)

> Field service engineer has to type his full Salesforce user ID and PIN. Together this is an authentication that serves as a signature. It is an important step in our quality process. The FSE needs to enter in the PIN, rather than have it defaulted.

> ServiceMax first confirms the Salesforce ID was entered correctly.

> Then in the sync, we confirm the PIN was correct

> Work Order is closed

The issue is that when the user is on the SFM and types the PIN, it is not masked as they type. This is poor security as anyone could view that information over the FSE's shoulder. We would like the option to mask the entry of the PIN (or any field) on the SFM.

I am happy to walk through a demo if that would help clarify.

Susan Michel





Customer Success Team
Customer Success Team

@shivaranjini_g  Please let me know if you'd like for me to set up some time for you to see this.  I can coordinate with @susanbmichel 

Product Team
Product Team


From the flow that @susanbmichel has detailed it is clear that the ask is to mask the value as user types into the field, similar to password fields.

@susanbmichel the screenshot is of salesforce UI. Is it 'Encrypted text' data type field. Even then the encryption happens only on saving the record. This is not supported on our product yet.

We are working encrypting field values such that, only those with valid permission can view content on the record.

Regarding the ask on masking any SFM field values as user types, will further review and update this thread.


Product Team
Product Team

Hi @susanbmichel @lisa_mercer @mmajerus6 

In the upcoming release 20.1 we will support fields of data type 'Text(encrypted)' in SFM configuration.

You can add field with 'Text(encrypted)' data type to page layout. Pre-existing value on this field when viewed from SFM delivery will be show in encrypted format as configured in the field property. 

User will be allowed to set new value for this field from SFM delivery screen. Newly entered value will get encrypted on successful save from SFM. This behaviour is same as Salesforce, where user entered value will get encrypted only save action.

We are not masking field value as user type, or on exiting the field. masking happens only on Save action. This data type field is supported only on Page-layout configuration ( for user to set value) and mapping to copy value into the field.

For 20.1 release we will support 'Text(encrypted)' data type field only on web delivery. 

Masking field value as your types on SFM delivery is currently not immediate roadmap.

Do share your feedback.

Thanks, Shivaranjini





Product Team
Product Team


I am planning to extend supporting Encrypted fields (read here) to FSA apps too. This will allow the tech to type the PIN on FSA when he is using Sign and close SFM on his/her device. Good news - FSA will be able to mask as the user types in (password-ish experience)!

Behavior of masking will be driven by the Salesforce general permission "View Encrypted data" on user profile.  The password-ish experience will be applied only if the user does not have "View Encrypted Data". In this case, user will not be able to see an existing value in that field.

To fully leverage this, you will have to create a new "Encrypted" field called PIN. According to this blog, Salesforce does not allow converting an existing custom field to encrypted field. 

Finally, I will circle back in a couple weeks to confirm the delivery timelines of this feature on FSA.

@susanbmichel , I believe this will address the requirement you detailed. Review this and comment here if you have any other feedback. Happy to get on call!

@lisa_mercer  - cc