Salesforce Error: “Operator LIKE is not supported on an encrypted field”

Grace Wannapongsai
Grace Wannapongsai
  • Updated

Overview

When using Riva with Salesforce, you may encounter the following error:

Operator LIKE is not supported on an encrypted field

This error occurs when Riva attempts to query Salesforce using the LIKE operator against a field that is encrypted with Salesforce Shield Platform Encryption or another field-level encryption solution.

By default, Riva uses SOQL queries for Salesforce lookups. Salesforce does not support certain filtering operations, including LIKE, on encrypted fields unless the environment and encryption type are configured to support them.

Commonly Affected Fields

This issue is commonly seen when one or more of the following Salesforce fields are encrypted:

  • Contact.Email
  • Account.Name
  • Account.Website
  • Account.AdditionalDomains__c

Other encrypted standard or custom fields may also cause the same error if they are used in Riva matching, lookup, or filtering logic.

Cause

Salesforce restricts how encrypted fields can be queried. If Riva performs a SOQL query that uses the LIKE operator on an encrypted field, Salesforce may reject the query and return the error:

Operator LIKE is not supported on an encrypted field

This can affect both Riva Sync and Riva Insight, depending on the Salesforce connection configuration and which encrypted fields are used for searching or matching.

Resolution

Option 1: Enable Platform Encryption Support on the Salesforce Connection

This is the recommended option for Salesforce environments using Shield Platform Encryption.

Enabling Platform Encryption Enabled on the Salesforce connection changes how Riva performs certain Salesforce searches, allowing Riva to use query methods that are compatible with encrypted field filtering.

To enable this option:

  1. Open the Riva Manager application.
  2. Double-click the Salesforce connection.
  3. Go to Options.
  4. Select Platform Encryption Enabled.
  5. Save the connection.
  6. Restart IIS or the Riva service.

After the service restarts, retry the affected sync or Insight operation.

Option 2: Use Deterministic Encryption in Salesforce

If the affected fields must remain encrypted, ask your Salesforce administrator to review the encryption type used on those fields.

For SOQL compatibility, Salesforce may require Deterministic Encryption rather than probabilistic encryption.

Important: Deterministic Case Insensitive encryption may still cause query compatibility issues in some scenarios. For LIKE operator compatibility, review Salesforce’s current Shield Platform Encryption documentation and confirm the recommended deterministic encryption configuration.

Option 3: Add the UsingFreeText Custom Key for Riva Insight or Cloud

For Riva Insight connections where the encrypted field is used for email or contact searches, a custom configuration key may be required.

Example:

Crm.Salesforce.<name>.UsingFreeText.Contact = true

Replace <name> with the Salesforce connection name used in the Riva configuration.

This option is most commonly used for Insight-specific search errors involving encrypted contact fields.

Option 4: Remove or Decrypt the Problematic Field

If the encrypted field is not required for the Riva sync or Insight policy, you can remove it from the relevant Salesforce object definition in the Riva connection.

Alternatively, work with your Salesforce administrator to disable encryption on the specific field if encryption is not required for that data.

Notes

Riva supports Salesforce Shield Platform Encryption and similar encryption solutions, including CipherCloud and SkyHigh. However, the Salesforce connection must be configured appropriately for encrypted field support.

If you are running an older version of Riva On-Premise, an upgrade may be required before Salesforce Shield Platform Encryption is fully supported.

If you need assistance configuring encrypted field support, contact Riva Support Team.