Home
IT Hub

Understanding the Salesforce Security Model

Salesforce
Reco Security Experts
Updated
January 25, 2025
January 25, 2025

Salesforce, a CRM platform, prioritizes security. Hence, the platform has multiple security facets aimed at ensuring that data is protected and trust is easily gained. Let’s have a look at this scenario. Imagine you own a business and have collected the raw data of 5,000 leads. Any business owner with such data will need three important things:

  • A secure and stable data system where the raw data of the leads can be stored without the fear of being stolen or compromised. 
  • A system that can efficiently manage the data to enhance functional business needs regarding the leads.
  • A system that is easy to navigate and just does it all.

With these three needs sorted, business owners are more confident in their operations and can make effective decisions. The only platform that can maximally provide all three at once is Salesforce. In this article, we will examine Salesforce's security model.

Key Layers of the Salesforce Security Model

The Salesforce Security Model has multiple layers. This article discusses organization-level security, object-level security, field-level security, record-level security, data encryption in Salesforce, auditing and monitoring security events, and more. 

Salesforce's multi-layer security system preserves the platform from intruders, limits undue access, and protects data for insightful use. In the remaining part of this article, we will examine various aspects of security in Salesforce's security model. 

Organization-Level Security

The first level of security on Salesforce is organization-level security. For any data on Salesforce to be properly protected, the organization must be fully secured. The first point of contact for anyone with malicious intent on any company’s Salesforce org is the login access, which is why organization-level security is important. There are three major ways to control access to the org: login restrictions, IP whitelisting, and session settings.

1. Login Restrictions

As the name implies, login restrictions primarily concern the security measures that an administrator can implement to ensure that the user gains access to the organization with ease. So, let’s say an intruder gets a hold of a user's password in a company’s organization. There are security measures that can be implemented to ensure that the intruders do not gain access to the organization, one of them being multi-factor authentication. This will be discussed in other parts of this article.

Accessing the Multi-Factor Authentication Assistant in a Salesforce Org is simple through the Setup menu.

While this method of security is Salesforce’s best and most recommended way of securing an org, there are a few other recommended ways that the administrator can deploy.

2. IP Whitelisting

IP Whitelisting in Salesforce is a security feature that allows administrators to grant access to certain IP addresses in their organization’s applications. An IP address is a string of numbers used to identify a device connected to the internet. In Salesforce, there is an architecture that allows administrators to set login ranges. This setting helps the Salesforce administrator define the IP ranges and filter out unneeded IP addresses by asking them to authenticate their login request.

This screenshot highlights trusted IP ranges in Salesforce's Setup menu to control login access and enhance security in network access.

3. Session Settings

A session is a period of time in which a user works with or uses Salesforce. Session settings in Salesforce are deployed to protect customer data and control how users interact with the platform. Imagine this: if an attacker gets into your org, you can set the session timeout to be less than 2 hours. This would mean that the attacker will have less than 2 hours, after which they will automatically be logged out and be asked to log in again. The maximum amount of time to set for each session is 2 hours.

  • Session security: Limits exposure to a network when a user leaves their computer unattended and reduces the risk of internal attacks. Session security settings include trusted IP address ranges and the ability to restrict access to resources based on session security.
  • Session policies: Define how long a user's session can last before reauthenticating, and can also block user access to a connected app.
  • Session management: Allows users to monitor and protect Salesforce by reviewing active sessions and session details. Salesforce admins can view all active user sessions, while non-admins can only see their own sessions.

Using Multi-Factor Authentication (MFA) and Single Sign-On (SSO)

The Salesforce Authenticator app enhances security with seamless multi-factor authentication, ensuring only authorized access to your org.

With the Salesforce Multi-factor Authenticator, a Salesforce Administrator can restrict the access of any intruder into the org. Simply set up an authentication process that disallows access to the org unless a one-time code is sent to the app connected to the org. This can be manually set up by the Salesforce administrator.

Salesforce Single-Sign-On

Single-Sign-On in Salesforce is the feature that allows you to save time by automating your log-in process into the org. The SSO Salesforce helps you to manage access to sensitive information in your org from one access point. If you have ever signed in to your Google account without having to type your password manually, then you have signed in using a single sign-on.

Let’s use a more relatable example: Imagine you are in control of 50 rooms. Would you prefer to have a bunch of 50 different keys, with each key being an access point to each room, or just one secure and safe key to access every room? My guess is that you will need the latter. The Single-Sign-On is recommended for admins, and more attention should be paid to that aspect of Salesforce security.

Object-Level Security

Profiles and Permission Sets to Manage Access to Objects

One of the core parts of Salesforce’s data security management is Object-Level security. Through the object-level security, you can control the access to particular functionalities in an object. You can control if you want certain users to create, edit, delete, or view any record. This is done by giving permissions. But what happens when you want a group of users in your organization to have certain permissions on an object and the rest do not? You create a permission set. 

Using Permission Set Groups for Streamlined Access Control 

Permission sets are used to grant additional permissions to already established permissions without modifying other users’ profiles. For instance, you have two users performing the same tasks in your organization; they both have the same set of permissions, but you need to give one of the users some extra permissions; what do you do in this case? Simply put, you create a permission set. Note that permission sets can only be assigned to users and not profiles. 

Let’s imagine we want to give the additional user permission to delete. We will have a step-by-step look into how that can be done:

This image shows how to begin setting up permission sets in Salesforce by navigating to Setup, selecting Permission Sets, and clicking "New."

Create a new permission set by naming it and clicking “Save” in the setup menu in Salesforce.

This image shows how to assign specific permissions by naming the set, saving it, and selecting object settings for customization in Salesforce.

This screenshot shows how to access object settings and choose the object, like "Account," to customize permission sets for specific user access in Salesforce.

The above image shows how to create permission sets in Salesforce by selecting the desired object, such as the account, and editing its permissions to grant specific access, like delete.

Note that giving the delete permission automatically gives create and read permissions.

In Salesforce, follow these steps to set up a permission set, edit the required permissions, and assign them to the user for seamless access control.

Field-Level Security

Controlling access to specific fields using profiles and permission sets while creating a field. Basically, Field-Level Security refers to the security architecture that determines whether a user can see, edit, or delete the value in a field. As mentioned earlier, there are various ways to approach FLS in Salesforce. One can set this via profiles and permission sets. However, since that has been discussed in other parts of this article, we will look into the field-creation approach to FLS.

This visual displays the fields and relationships within Salesforce, outlining how data is connected and structured.

Record-Level Security (Sharing Model)

Record-level security in Salesforce is a system that manages user access or permissions to specific records within Salesforce. These permissions include permissions for viewing, editing, or deleting records. This security model also allows you to restrict or grant access to individual records, thereby maintaining data confidentiality. Essentially, you can provide certain users in your organization with access to specific objects while limiting their ability to view certain records within those objects.

This image shows how to manage record-level security by configuring CRED options through user profiles for granular access control.

Tips for Carrying Out Record-Level Access

Here are some ways through which record-level access can be implemented:


1. Organization-Wide Defaults (OWD): This sets the foundational level of access to records within an object, ensuring everyone knows what’s available at a glance.

This screenshot shows access and configure Organization-Wide Defaults in Salesforce through the Sharing Settings menu to control record access.

2. Role Hierarchies: This grants access to records based on a user’s role in the organization.

To access the role hierarchy in Salesforce, go to Setup, navigate to Sharing Settings, and select "Grant access on targeted objects."

3. Sharing Rules: This provides exceptions to the default or org-wide settings by granting access to specific groups of users through the creation of rules. These rules are of two types - criteria-based or record-ownership-based.

It shows how to configure sharing settings in Salesforce by accessing the "Sharing Settings" section, selecting the object-related list, and creating new access rules.

4. Manual Sharing: This allows record owners to manually share records with specific users or groups.

Salesforce allows users to adjust record visibility by using sharing settings, ensuring appropriate access control.

Using Setup Audit Trail

Setup Audit Trail basically tracks recent changes made in the setup.

Access the Setup Audit Trail in Salesforce to monitor recent changes made within the setup by navigating to Setup and selecting "View Setup Audit Trail."

Security Health Check and Vulnerability Management

This feature in Salesforce helps you view all of your org’s security settings. But above all, you are able to check your org’s vulnerabilities and fix them. 

Using Health Check to Identify Vulnerabilities

  1. Go to your setup.
  2. Type “health check” in the quick find search bar.
  3. Click “Health Check”.

This screenshot shows that to perform a health check in Salesforce, go to Setup, search for "Health Check" in the quick find bar, and click on the Health Check option.

Conclusion

Security in Salesforce is a huge conversation that every administrator or user is familiar with. As an administrator or an intending administrator, it is advised to review these security mechanisms deeply and check out other possible security mechanisms.

Explore More
See more articles from our Hub

Start Securing Your Entire SaaS Lifecycle

Request a demo