This article is a reference for enterprise evaluators, solution architects, and migration project leads assessing StoreConnect for complex deployments. It covers architecture, integration model, authentication, compliance, scale characteristics, and migration scope.
For a summary of capabilities by functional area, see storeconnect-capabilities.
Platform architecture
StoreConnect is built natively on the Salesforce platform. But unlike other applications that connect via API and other data sync methods, StoreConnect treats Salesforce as a CMS, with a patented integration that has real-time sync.
What this means in practice:
- All StoreConnect data, including orders, products, customers, payments, and store configurations are stored as Salesforce records.
- Changes in Salesforce appear in real-time in the storefront; orders placed online appear in real-time in Salesforce.
- Salesforce is the single source of truth for all commerce data.
- All Salesforce platform features — flows, triggers, reports, APIs, sharing rules, field-level security — work with StoreConnect data without custom integration.
- StoreConnect is Agentforce AI ready, as all your data is stored as Salesforce records.
StoreConnect uses the following core Salesforce objects: Order, OrderItem, Product2, PricebookEntry, Contact, Account, Asset (subscriptions), Case, and a range of custom objects for store configuration, promotions, loyalty, bookings, and custom forms.
Multi-store and multi-org
Multiple storefronts from one org
Multiple storefronts can run from a single Salesforce org. Each store has its own domain, theme, product catalog (or a shared subset of the org catalog), pricing, payment configuration, and checkout flow. Stores share the same Contact and Account records, so a customer's full history is visible regardless of which storefront they purchased from.
Per-store configuration
Each store is independently configurable for:
- Currency and language
- Tax zones and rates
- Shipping zones and methods
- Payment providers
- Promotions and discount rules
- Product visibility and pricing
- Geolocation routing rules
Multi-org deployments
For organizations that operate multiple Salesforce orgs (common in enterprise settings with regional divisions or acquired brands), each org runs its own independent StoreConnect installation. Cross-org customer data consolidation is handled at the reporting or data warehouse layer, outside of StoreConnect.
Integration model
StoreConnect integrates with other systems through the Salesforce platform — not through StoreConnect-specific APIs.
Salesforce-native integrations
The following Salesforce products are used by StoreConnect customers without additional integration work:
| Product | Use case |
|---|---|
| Marketing Cloud / Account Engagement | Email journeys, SMS, segmentation, campaign attribution |
| Service Cloud | Case management, telephony, Omni-Channel routing |
| Experience Cloud | Authenticated customer portals, SSO session sharing |
| CRM Analytics | Advanced dashboards, AI-powered insights |
| Agentforce | AI agents for customer service and self-service |
| Salesforce Flows | No-code automation on any store event |
ERP and accounting
ERP and accounting integrations connect via the Salesforce API or purpose-built connectors. StoreConnect ships with integrations for major accounting platforms (Xero, MYOB). ERP connectivity typically uses Salesforce's MuleSoft or a partner integration layer.
AppExchange
Any AppExchange application that operates on standard Salesforce objects is compatible with StoreConnect data. This includes CPQ tools, document generation, payment gateways, and industry-specific applications.
Authentication and access
Customer authentication
Customers can authenticate using:
- Native email/password account creation
- Google SSO
- Microsoft Entra ID / Azure AD (SAML or OIDC)
- SAML-based custom identity provider
- Experience Cloud SSO (shared session with an Experience Cloud site)
Multiple authentication methods can be active simultaneously per store.
Staff and admin access
StoreConnect uses Salesforce profiles and permission sets for all internal access control. Store-level permissions (which stores a user can manage) are configured in StoreConnect's role-based permission system.
See authentication-providers for setup details.
Security and compliance
StoreConnect holds current certifications across the major compliance frameworks:
| Framework | Coverage |
|---|---|
| SOC 2 Type II | Independently audited security, availability, and confidentiality controls |
| ISO 27001 | Information security management system certification |
| HIPAA | Controls appropriate for healthcare-adjacent data handling |
| GDPR | Data residency is determined by your Salesforce org's data centre region |
Payment security
Card data is handled entirely by integrated payment providers (Stripe, Adyen, and others). StoreConnect and Salesforce never store raw card data. Payment tokenisation is provider-managed. This design means StoreConnect stores have a significantly reduced PCI scope.
Data residency
All StoreConnect data lives in your Salesforce org. Data residency is determined by your Salesforce org's data centre region (US, EU, AP, and others). No StoreConnect data store exists outside of Salesforce.
See security-compliance-features for certification documentation and audit report access.
Scale and performance
Dedicated infrastructure
Emporium and Flagship plan customers receive dedicated server infrastructure. Starter and Growth plan customers run on shared infrastructure with resource limits appropriate to their plan.
CDN for media
Product images and other static assets are served via a global CDN. Page assets (theme CSS and JavaScript) are minified and served with appropriate cache headers.
Batch processing
High-volume operations (subscription renewal batches, inventory updates, large product imports) are processed as Salesforce batch jobs, queued and executed without impacting storefront performance.
Traffic and transaction volume
StoreConnect's capacity scales with Salesforce's platform capacity. Organizations with high seasonal traffic peaks should discuss infrastructure configuration with StoreConnect's implementation team during the scoping phase.
Migration considerations
Migrating to StoreConnect involves two categories of work: migrating data into Salesforce, and configuring StoreConnect to match your business rules.
What lives in Salesforce (and therefore migrates into Salesforce)
| Record type | Salesforce object | Notes |
|---|---|---|
| Customers | Contact | Email, name, address fields |
| Companies / organizations | Account | B2B account data, credit limits |
| Order history | Order + OrderItem | Historical orders for reporting and loyalty history |
| Subscription contracts | Asset | Active subscription records |
| Campaign members / marketing history | CampaignMember | Attribution history |
| Leads | Lead | Pre-conversion marketing contacts |
External ID and SCID mapping
StoreConnect uses an External_ID__c field (SCID) on Contact, Account, Order, Asset, CampaignMember, and Lead records to hold the source system's ID. This supports deduplication during migration and ongoing sync if a legacy system remains active during transition.
What requires configuration (not migration)
Products, pricing, shipping rules, tax configuration, promotions, and store design are configured in StoreConnect and Salesforce — they are not typically migrated as data from a legacy system unless the source system supports a structured export.
Sandbox and testing
StoreConnect can be provisioned in a Salesforce sandbox for testing and UAT. The sandbox environment is identical in capability to production. Migration validation should be completed in sandbox before go-live.
Support and SLAs
| Plan | Infrastructure | Monitoring | Support |
|---|---|---|---|
| Starter / Growth | Shared | 24×7 platform monitoring | Standard ticketed support |
| Emporium | Dedicated | 24×7 with alerting | Priority support |
| Flagship | Dedicated | 24×7 with proactive response | Dedicated support contact |
All plans include access to StoreConnect's annual major release and interim patch releases. Disaster recovery processes and RPO/RTO targets are defined per plan tier in the service agreement.
See technical-support-features for further detail.