How To Prepare For The New Salesforce Guest User Security Policy

In less than a month, Salesforce will be rolling out new security settings that may affect how users interact with your public websites. If you’re currently hosting public sites built on Site.com, Force.com, or Communities, here is everything you need to know about Salesforce’s new Guest User Security Policy and steps you can take both in-house or with 10K’s help to manage these changes if your organization is impacted.

What Does the New Policy Affect?

The policy outlines new security settings that are set to be auto-enabled in the Summer ‘20 release (mid-July). These settings will impact how you secure guest user record access and assign new records created by guest users to the default owner.

What is a Site Guest User?

A Site Guest User is a special type of user that you use in conjunction with a Force.com site or Salesforce Community that allows you to build functions for external users who don’t have full licenses to your Salesforce org. The Site Guest User governs the permissions for external users when they interact with a Site or Community page prior to logging into the Site or Community. 

When these upcoming security settings are auto-enabled, you could experience an impact to your data visibility (what users can see), record updates (how users can edit their profile), guest flows (how users access creation flows), and user visibility (how users can see other Community members).

I’m Impacted – What Does This Mean For My Org?

The good news is you still have time to take action before the new settings go-live in July. If you want to opt-out of these changes for now, you can enable the ‘Opt Out of Guest User Security Policies Before Summer ’20’ Critical Update within your org. While the Summer release allows you to opt-out and disable the new security settings, the Winter ‘21 release will not. To avoid things breaking, we seriously recommend a proactive assessment of your org. 

I Don’t Want Things to Break. How Can I Prepare For the Summer ‘20 Release?

Depending on your team’s bandwidth, 10K Advisors recommends two different routes of action: 

Test In-House

Salesforce has provided immediate actions so you can prepare ahead of the Summer release:

  • Step One: Identify your org’s sites and communities. 
  • Step Two: Install & utilize the Guest User Access Report Package to assess the impact of the changes. Make sure to run the report for each site and community, and to use a separate browser. 
  • Step Three: Alter your Site and/or Community functionality to ensure it will still function with the new Site Guest user changes. 

You can also join the new “Securing Community Cloud” Trailblazer group to troubleshoot your testing. 

Use 10K Advisors

With the changes being less than a month away, we know completing the testing process and creating a game plan will be a big ask for most organizations (especially if you have a high volume of sites and/or communities). 

For a limited time, 10K Advisors is offering a full security assessment of your sites and communities starting at $500. We’ll manage the entire testing process, walk you through the results, and provide recommended actions. Fill out a few quick details and a 10K expert will be in touch to kick-off the process. 

Have any questions? Contact us at advisors@10kview.com