featured image with security astro

Be a Security-Minded Admin

By

Understanding the basics of security is critically important to being an #AwesomeAdmin. As a steward of valuable data, you have the opportunity to be an important asset to your company by managing it with security in mind. Increasing your own cybersecurity knowledge allows you to play a role in not only safeguarding your company’s data but also helping your company meet security compliance requirements like the GDPR and CCPA. As an admin, you should work closely with IT to understand and maintain your company’s security standards.

The security-minded admin understands that security is “never done.” A security-minded Salesforce Admin knows that locking down user access with Multi-Factor Authentication (MFA) is the best way to safeguard their data from unauthorized account access. These admins also know what to do in the event of suspicious activity in their Salesforce implementation (knowing the internal procedure for escalating suspicious activity, emails, etc. and also understanding that this can be escalated to security@salesforce.com).

Being a security-minded admin is not as hard as it may seem. It means understanding the key principles of security and being able to apply them to your Salesforce implementation.

Know the basics of org security

1. Set up Multi-Factor Authentication (MFA) to protect access to your org.

MFA, also known as two-factor authentication, is the most effective way to protect your users’ accounts from common security threats like phishing, account takeover, and credential stuffing. As a security-minded admin, you can amplify your org’s security by requiring a second level of authentication for every user login. You can also require MFA when a user meets certain criteria, such as attempting to view reports or access a connected app. MFA verifies that a user is who they say they are, before they gain access to your Salesforce data.

2. Set login IP ranges and trusted IP ranges to protect where users can access your org.

Admins can control login access at the profile level by specifying a range of allowed IP addresses. If a user from an unidentified IP tries to log in, they will be denied. To control access at the org level, set trusted IP ranges. Unknown users logging in from non-trusted IPs are challenged to verify their identity — this is also commonly known as IP “whitelisting.” These restrictions help protect your Salesforce data from unauthorized access and phishing attacks.

3. Use permission sets to increase security inside your org.

Following the Principle of Least Privilege, give users the lowest level of user rights (access to read/write data) that they need to do their job. Salesforce helps you implement this with permission set groups so that you can easily customize the access given to users.

For additional security, you can activate session-based permission sets. This allows the user to have certain permissions only during a predefined session type (like when a user authenticates into your environment, for example).

4. Run Salesforce Health Check after every release.

Measure the security health of your org with Health Check. Admins can even create custom baselines to align security settings with the unique needs of the business. Be sure to run Health Check after every release to ensure your security score hasn’t changed.

5. Stay up-to-date on security.

Find the most up-to-date security resources and information on Salesforce’s security site.

Find more admin-related security resources available to you

Check out our resource page: admin.salesforce.com/security

Core responsibilities of a Salesforce Admin

Core Responsibilities of a Salesforce Admin: Your Blueprint for Success

As admins, you hold the keys to success for your users and companies to get the most out of Salesforce. You have the unique opportunity to build and manage trusted solutions that drive productivity and innovation through five core admin responsibilities: security, user management, data management, analytics, and a new core responsibility: product management.  The […]

READ MORE
User management enhancements Winter '25

User Management Enhancements | Winter ’25 Be Release Ready

Winter ’25 is almost here! Learn more about user management and check out Be Release Ready to discover more resources to help you prepare for Winter ’25. We’re continuing to innovate in Setup starting with user access and user management. We have several exciting enhancements in store for Winter ’25–many thanks to your feedback and […]

READ MORE
Troubleshoot user access with SOQL

How to Troubleshoot User Access with SOQL (Beginner Friendly)

Awesome Admins, we know that troubleshooting user access is a common task. You’re frequently asked questions like “Why can Jane access this field, but John can’t?” or “Why can John view this record when he shouldn’t be able to?” In Summer ’24, we introduced helpful summary views for users, public groups, permission sets, and permission […]

READ MORE