Architect Salesforce Securely
Secure architectures help ensure that users accessing your system are who they say they are, allow access to only necessary data, and protect data within the system from being compromised.
Bookmark this quick reference for useful links to architect Salesforce securely:
1. Protect stakeholders and data. Monitor 3 focus areas continuously - Organizational Security | Session Security | Data Security
Use Salesforce Trust
2. Protect against unauthorized access (who can get in, who can do what).
Use these tools to authenticate securely:
- 1:1 user-to-account mapping (no shared user accounts), including integrations.
- Secure UI logins with: Password Policies, MFA, SSO, Custom Login Flows, Limit Sessions per User
- Secure API access with: API Access Control, API Only permissions, Certificates and Keys, Connected Apps, Named Credentials, Authentication Tools Reference
Use these tools to authorize securely (what a user can do/access)
- PoLP, Permission Sets and Groups, OWD
- Define access by personas, not individuals.
- Create unique integration users per integration.
Patterns & Anti-Patterns
Patterns: Clearly documented security personas, mapped authentication/authorization, no shared users, permission sets aligned to business, code avoids hardcoded creds.
Anti-Patterns: Lack of documentation, shared user accounts, profiles used poorly, ad-hoc permission configurations.