You are here:
Give Secure Access to Unauthenticated Users with the Guest User Profile
Use a guest user profile to control public access to data, content, and objects in your site that don't require authentication. For example, you can create a customer support community where existing and potential customers can view public discussions, known issues, and solutions posted by other members or support without logging in.
Required Editions
| Available in: Salesforce Classic and Lightning Experience |
| Available in: Enterprise, Performance, Unlimited, and Developer Editions |
| Applies to: LWR, Aura, and Visualforce sites |
| User Permissions Needed | |
|---|---|
| To enable public access to content on a public site: | Create and Set Up Experiences AND Is a member of the site |
When you create an Experience Cloud site, Salesforce creates a profile, a user record, and sharing mechanisms that are available only to guest users, regardless of whether the site is configured for public access. Each public community, portal, or site uses this guest user profile and record to let unauthenticated users browse the site. All guest visitors to a public site share the same guest user record (one per site) and have the same access level.
For instance, let’s say you have three communities or portals set up in your Salesforce org. Each community or portal has its own guest user profile and guest user record.
Here’s how it works.
- Community—> Guest User Profile 1 —> Community Site Guest User
- Portal—> Guest User Profile 2 —> Portal Site Guest User
- Site—> Guest User Profile 3 —> Site Guest User
A guest user has access to certain pages in your community, portal, or site as long as the site is active in your org. For example, guest users can always see login and login error pages in your site.
Sharing data with guest users should be a careful and considerate process. Salesforce defaults are the most restrictive they can be for guest users, and it's up to you to decide to share data with guests or not. To secure your site for guest users, consider all the use cases and implications and implement security controls that you think are appropriate for the sensitivity of your data.
See the different Salesforce user types in action in this video.
- Secure Guest Users’ Sharing Settings and Record Access
Secure the access that unauthenticated guest users have to your org’s data. - Review Guest User Object, Record, and Field Access for Sites
When you allow public access to your Experience Cloud sites, make sure that unauthenticated guest users are able to access only the data that you want them to access. Use the Guest User Sharing Rule Access Report page in Setup to quickly see what objects, records, and fields are accessible to your guest users using guest user sharing rules. Experience Cloud sites are used in many ways. While the Guest User Sharing Rule Access Report page evaluates your configuration and flags potentially misconfigured sharing rules, only you know your site’s business needs. Carefully decide which records and fields are accessible to your guest users. - Configure the Guest User Profile
Before publishing your Experience Cloud site with public access enabled, configure the guest user profile so that your customers can view and interact with your site without logging in. - Configure the Site Guest User Record
Each time an Experience Cloud site is created, Salesforce creates a guest user profile and a site guest user record. The site guest user record is the only user record associated with the guest user profile.
