Managing Security for Multiple Orgs Just Got Easier

By

It’s becoming more important every day to ensure you’re taking every step possible to secure your applications and data – but complex enterprise software isn’t always easy to secure.  Password policies? Session Security? Clickjacking and CSRF protections? Sometimes it’s difficult to even know where to start!

… And that’s why we created Security Health Check. Security Health Check, or Health Check for short, is available on all editions of Salesforce, and is a tool designed to give administrators and security professionals an easy-to-understand view of the security posture of a Salesforce org.

What is Health Check, and how can it help me do my job?

Available in Setup, Health Check provides a bird’s-eye view of your org’s security settings. It is designed to be customizable – allowing you to create your own custom baseline security standards that reflect your company’s specific security policies.  It’s also designed to be powerful – giving you the tools to quickly and easily address any identified risks or gaps.

As we discussed in our earlier blog post, Health Check allows you to summarize and communicate your org’s security landscape to the rest of your company. The tool is especially useful if you encounter conflicting priorities from end users and policy creators about something like password policy. With access to the Salesforce baseline recommendations, implementing and enforcing the recommended security policies is easier to explain and justify to your executive sponsors.

[Image: Health Check home screen in a demo org.]

 

By default, Health Check uses the Salesforce baseline standard to compare the security settings in your org against our recommended security settings.  Your org will receive a Health Check grade (from 0-100%) based on how much it complies with or diverges from the baseline standard. Settings are broken up into risk categories of High-risk, Medium-risk, Low-risk and Informational. Settings in the High-risk category have a greater impact on your overall health check score, while settings in the Informational category have no impact on the overall Health Check score.

Knowing that you have settings that diverge from the baseline is important – but equally important is the ability to quickly and easily take action on identified risks.  The Fix Risks feature in Health Check allows you to quickly fix all or some of the risks identified at the same time – in just two clicks!

[Image: Health Check score and Fix Risks button.]

 

Recognizing that not everyone will have the same security requirements (security is not a one size fits all kind of thing), we’ve added the ability to create custom baselines. This allows you to create a baseline that exactly matches your security and compliance needs. Custom baselines are created by exporting the Salesforce standard as an XML file, modifying it to meet your specific needs, then importing the resulting baseline.  You can choose to set your custom baseline as the default for your org, ensuring that your custom baseline is loaded by default when you access Health Check.

Ok, I’m interested. But how can I use Health Check on more than one org?

When talking with customers about Health Check we often hear some version of, “Well that all sounds great, but I have multiple orgs and this seems like it only works on one org so… how do I do this across many orgs?”

It’s true – there’s no out of the box UI support for multiple orgs in Health Check. Managing the tool across multiple orgs can be time-consuming – and the more orgs you add, the more difficult it becomes. That’s precisely why the Security team at Salesforce set out to solve this conundrum and create a central place to surface Health Check data. As a result, a tool called OrgMonitor was born.

Introducing OrgMonitor!

OrgMonitor is a web application written in Node.js to monitor the size, utilization and basic security posture of multiple Salesforce orgs, in production or sandbox environments.

OrgMonitor connects to each org via API through standard Oauth authentication. Once connected, the tool runs a set of SOQL queries against all connected orgs on an hourly basis, collecting important metrics including Health Check score and other identified risks. It also stores historical results in Postgres to provide a concise but in-depth view of the security health of all your orgs.

[Image: OrgMonitor sample home screen.]

The goal of OrgMonitor is to provide a sense of size/utilization and basic security posture of multiple Salesforce Orgs. OrgMonitor is open source software, and it’s now available for download in GitHub.

OrgMonitor has many uses, including the capability to:

  • Answer questions such as how many Users, Profiles, Permission Sets, Roles, Pages, Classes, Objects your org has
  • Provide visibility into users with high-level privileges (View All Data, Modify All Data, Author Apex, etc)
  • Gather other metrics such as unused Roles and custom Profiles, Profiles without IP restrictions and Users without predefined corporate email addresses

[Image: See a snapshot of your users’ permissions in OrgMonitor.]

 

Ready to learn how to deploy OrgMonitor on your Salesforce instance, or practice running Security Health Check on Trailhead? Check out the following resources:

 

Core responsibilities of a Salesforce Admin

Core Responsibilities of a Salesforce Admin: Your Blueprint for Success

As admins, you hold the keys to success for your users and companies to get the most out of Salesforce. You have the unique opportunity to build and manage trusted solutions that drive productivity and innovation through five core admin responsibilities: security, user management, data management, analytics, and a new core responsibility: product management.  The […]

READ MORE
User management enhancements Winter '25

User Management Enhancements | Winter ’25 Be Release Ready

Winter ’25 is almost here! Learn more about user management and check out Be Release Ready to discover more resources to help you prepare for Winter ’25. We’re continuing to innovate in Setup starting with user access and user management. We have several exciting enhancements in store for Winter ’25–many thanks to your feedback and […]

READ MORE
Troubleshoot user access with SOQL

How to Troubleshoot User Access with SOQL (Beginner Friendly)

Awesome Admins, we know that troubleshooting user access is a common task. You’re frequently asked questions like “Why can Jane access this field, but John can’t?” or “Why can John view this record when he shouldn’t be able to?” In Summer ’24, we introduced helpful summary views for users, public groups, permission sets, and permission […]

READ MORE