Ensure that only authorized external users can access Salesforce:

• Enforce authentication through a custom domain
• Require email confirmations to change an external user’s email address
• Remove API permissions for external users for Experience (formerly Community) sites
• Disable guest profile API permissions
• Alert on any dormant user

Control users who can enter into your Salesforce instance:

• Set up MFA
• Set up SSO
• Limit number of login attempts
• Enforce authentication through custom domain
• Limit connected apps API access
• Disable guest profile API permissions

Prevent assets from being shared with anyone using public links:

• Disable links and content deliveries without password protection
• Disable dashboard component snapshots
• Prevent community users from sharing links publicly
• Hide sensitive information that is contained in the URL

Block Malware Files from Entering Your File Repository:

• Block users from uploading files whose extensions indicate they may pose a security risk
• Disable high-risk file types from being executed in a browser
• Prevent guest use file upload
• Enable clickjack protection

Protect against password spray and other common password-centric attacks:

• Set minimum password length
• Set password complexity
• Prevent password hints from containing the password

Compare instances of the application from across your organization to identify best practices and upgrade the overall security posture of every Salesforce instance.

Gain deep visibility into identity security posture by managing user roles, profiles, permission sets, and native or custom field-level security and object-level security, all in one place.

Gain full visibility into user entitlements assigned through profiles, permissions sets, and custom permissions:

• Manage through a single, integrated dashboard
• View users by profile
• View permissions by user
• Manage all tenants through a unified permission inventory