Loading
Feature degradation | Gmail Email delivery failureRead More
Experience Cloud
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Develop a Security Plan for Your Experience Cloud Site

            You are here:

            1. Salesforce Help
            2. Docs
            3. Experience Cloud

            Develop a Security Plan for Your Experience Cloud Site

            Salesforce has various security settings and permissions you can use when you’re building a site on the Experience Cloud platform. Before you start creating a site, put together a security plan that can help you during the implementation.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: Enterprise, Performance, Unlimited, and Developer Editions

            Why Is This Important?

            The security of the data you store in Salesforce is critical to the integrity of your business. Beyond data, security includes authentication, public unauthenticated access, and cookie management.

            What Should You Keep in Mind?

            Making a detailed and specific plan for your data security needs is an essential step to creating a safe and secure site for your customers and partners. Ask these questions before you start your implementation.

            Data Security and Encryption:

            • How much access to different objects in Salesforce do you want to give to your site’s users?
            • Is this access different for authenticated users versus unauthenticated users?
            • What external organization-wide sharing settings do you need so you can restrict the default access level for an object’s records?
            • What field-level security settings do you need so that you can restrict users from seeing certain fields?
            • What object permissions must you specify for users to create, read, edit, and delete records for each object?
            • Do you want to encrypt data elements, such as standard or custom fields or files?
            • Does your Salesforce org already have an encryption policy for its internal users?

            Access:

            • Do you want your users to sign in to the site, only browse as guest users, or both?
            • Which default object permissions, if any, do you want to apply to the guest user profile?
            • Which system permissions do you want to remove from the guest user profile?
            • Which Visualforce pages and Apex controllers do your guest users need access to?
            • Do you want guest users to see other members of your site?
            • Do you want to use nicknames to protect the identity of your site’s members?

            Authentication:

            • Do you want your users to self-register?
            • Do you want site users to authenticate using an external identity provider (single sign-on)?
            • Do you need configurations for third-party authentication providers, such as Facebook or LinkedIn?
            • Do you want to build integrations between your site and custom branded apps, such as mobile or desktop apps?

            Cookies:

            • Do you need end-user cookie consent management?
             
            Loading
            Salesforce Help | Article