SALESFORCE SECURITY // IDENTITY // INTEGRATION
A two-week, fixed-fee review of your security model, identity and access, and integration architecture. We map every user, permission set, connected app, certificate, and credential, show you where your standing risk actually sits, and rank what to fix first. The 2026 enforcement wave made every org change settings this year. This review tells you what those changes left exposed.
Each domain is read against how your org is configured today, not a generic checklist. This is an architecture-level review prioritized by risk, not a line-by-line audit of every sharing rule. We surface where the real exposure sits, show how the findings connect, and tell you what to fix first. An over-privileged permission set, an integration user on a broad profile, and an expiring certificate are usually the same risk seen from three angles.
How people and systems authenticate, and what they are allowed to reach. MFA and phishing-resistant MFA posture, SSO and login IP policies, profiles and permission set groups, connected apps and their OAuth scopes, and the API-only integration users that quietly hold the broadest standing access in most orgs.
Who can see and change which records. Org-wide defaults, role hierarchy, sharing rules, field-level security, and permission sets, with a focus on over-privilege: the View All Data and Modify All Data grants, and the standing access nobody remembers approving. Read alongside Salesforce Health Check and your Shield posture.
What connects in and out, and what each connection depends on. Named credentials and external credentials, certificates and keys for mutual TLS and JWT signing, API access control, and external endpoints, mapped into a dependency graph so the blast radius is visible before a certificate expires or a connected app is revoked.
The enforcement wave is why identity and integration reviews are concrete this year. Some controls are already enforcing; the rest land in production through the summer. Each one can break an integration, a scheduled job, or an admin login without throwing an error. See the full 2026 enforcement guide for every date and control.
You enabled MFA before the deadline. Good. But the integration account that was riding the MFA waiver just lost its automatic exemption, and unless someone filed a Salesforce Support case to keep it, its overnight job fails without throwing an error. A certificate expires on a Sunday. A connected app holds an OAuth scope broader than anyone remembers granting. None of it alerts. You find out when a downstream team asks why the data went stale.
The enforcement controls are public. What no one has is a current map of the org: which users, integration accounts, and connected apps can reach which data, which certificates and credentials they depend on, and what the blast radius is when one of them changes. Producing that map is the review. The thinking behind it runs through our dependency graph series.
Every user, profile, permission set group, connected app, and OAuth grant, and the standing access each one is configured to hold. Over-privilege and unused standing access are called out explicitly, with the high-risk grants (View All Data, Modify All Data, broad API access) traced first.
Every certificate, key, named credential, and external endpoint, with owner and expiry, mapped to the Apex, Flows, and jobs that depend on it. See the blast radius before you change anything.
Severity-ranked findings across identity, the security model, integrations, and the 2026 enforcement controls, with a remediation roadmap your admins can execute or hand back to us.
Three tiers. Pick the depth that fits where your org is today.
2026 enforcement gaps and core access posture: MFA and phishing-resistant MFA, domain verification, login IP and network exposure, and admin and integration-user access review.
Book a scoping callAn architecture-level review across identity and access, the security and sharing model, and integration and credentials: connected app and OAuth audit, certificate and credential inventory, dependency map, over-privilege findings, 2026 enforcement gaps, and a remediation roadmap, prioritized by risk.
Book a scoping callEverything in Tier 2, plus hands-on remediation of an agreed set of the highest-severity findings and a verified re-test.
Book a scoping call50% on signature, 50% on delivery. Priced per production org. Multi-org pricing on request.
A 20-minute call to confirm access and fix the fee. No surprises.
Read-only org access, two weeks, no disruption to users.
A 90-minute session with your team. You keep the report and the roadmap.
The review is run by a Salesforce Certified Application Architect with 15+ years on the platform, including identity, integration, and subscription systems secured at 200M+ subscriber scale, where one misconfigured permission set or one expired certificate could cut access for millions. The same failure patterns show up in orgs of every size. They are just easier to miss when no one is looking for them. You get senior hands on the work from scoping to readout, not a junior team and a template.
Three domains: identity and access (authentication, MFA, profiles, permission sets, connected apps, OAuth, integration users), the security and sharing model (org-wide defaults, sharing, field-level security, over-privilege), and integration and credential architecture (named and external credentials, certificates, API access, dependencies). The 2026 enforcement controls are mapped to where they hit your configuration.
No. It is a configuration and architecture review of identity, access, and integrations, read from your metadata. It does not attack the org or exploit anything. It shows where the standing risk is and what to fix first.
Read-only access scoped to configuration and metadata. The inventory uses metadata, not your records.
You keep the full report and roadmap. No retainer, no lock-in.
The dependency map is per production org. Multi-org pricing on request.
No tool install is required for the review.
Tell us about your org. We confirm read-only access and fix the fee on a 20-minute call. You keep the report and roadmap whether or not we work together again.
Read-only access, scoped to configuration and metadata. No tool install. No disruption to users.