Securely Share Your Experience Cloud Sites with Guest Users
Experience Cloud sites help you connect with customers and partners. When building your
site, you can use various settings and permissions to protect your data and your customers’ data,
and publicly share the site with guest users. Keeping your data secure is a joint effort between
you and Salesforce.
Required Editions
Available in: Essentials, Enterprise, Performance,
Unlimited, and Developer editions
Guest User Security Policies and Timelines To improve data security for orgs with guest users, Salesforce made some security improvements. Use this topic as a starting point to understand all the security improvements and updates, including timelines for enforcement and how to prepare for the changes.
Guest User Setup Checklist Setting up guest users in your Experience Cloud site requires a number of different settings and configurations. Use this high-level checklist to help you keep track of all the tasks and considerations.
Give Secure Access to Unauthenticated Users with the Guest User Profile Use a guest user profile to control public access to data, content, and objects in your site that don't require authentication. For example, you can create a customer support community where existing and potential customers can view public discussions, known issues, and solutions posted by other members or support without logging in.
Assign Records Created by Guest Users to a Default User in the Org To increase the security of your Salesforce data, guest users are no longer automatically the owner of records they create. Instead, when a guest user creates a record, the record is assigned to a default active user in the org, who becomes the owner.
Secure Data Accessible by Guest Users Protect your data by securing the data created by unauthenticated guest users prior to Salesforce’s enforcement of the guest user security policies in the Winter ’21 and Spring ’21 releases.
SEO Best Practices and Considerations for Guest Users To configure your site for search engine optimization (SEO), Salesforce uses the guest user profile to identify the public pages and objects available for indexing. A search engine is considered a guest, or unauthenticated, user. For Experience Builder sites, Salesforce automatically generates a sitemap with a list of the publicly accessible content. For sites built with Salesforce Tabs +Visualforce, you’re responsible for creating the sitemap and indicating which pages are included.
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
