External users (guest users) can upload files by embedding the LWC Upload Component inside a Screen Flow and exposing that Flow through an Experience Cloud Site. Below are the complete steps to configure it:



Step 1: Create and Configure the Flow

  1. Go to Setup → Flows
  2. Click New Flow → Screen Flow
  3. Add a Screen Element
  4. Drag and drop the Upload LWC Component onto the screen
  5. Create a Text Variable:
    • API Name: recordId
    • Mark it as Available for Input
  6. Pass the variable to the component:
    • {!recordId} 
  7. Save and Activate the Flow

This ensures uploaded files are linked to a specific record.



Step 2: Expose Flow via Experience Cloud Site

  1. Go to Setup → Digital Experiences → All Sites
  2. Create or open your Experience Cloud Site
  3. Open Experience Builder
  4. Add a page or edit an existing page
  5. Drag the Flow Component onto the page
  6. Select your created Flow
  7. Publish the site

Access URL Example: 

https://yourdomain.com/s/upload?recordId=001XXXXXXXX

Passing recordId in the URL is mandatory. 


Step 3: Configure Azure Storage (CORS Settings)

  1. Open your Azure Storage Account
  2. Go to CORS settings
  3. Add your published site URL
  4. Configure:
    • Allowed Methods: GET, POST
    • Allowed Headers: *
    • Exposed Headers: *
    • Max Age: e.g., 3600

Step 4: Provide Required Salesforce Permissions

Go to: Setup → Sites → [Your Site] → Public Access Settings


Grant Access to:

  • Apex Classes
    • UploadPageController
    • AboutPageController
  • Flow Access
    • Enable the created Flow
  • Object Permissions
    • Account
    • Contact
    • Case
    • Cloud Document

 Provide:

  • Read
  • Create/Edit
  • Field-Level Access

Step 5: Configure Sharing Rules

  1. Go to Sharing Settings
  2. Create sharing rules for: (Appropriate sharing rules should be established for the underlying object context in which the Flow or website operates, ensuring that the executing user has the required record-level access. if the website is running in the Account record's context, then access should be given to the Account Object))
    • Account
    • Contact
    • Case
    • Cloud Document
  3. Share records with Guest User
  4. Set access level (Read/Write)