10 Simple things to monitor as a Salesforce Administrator
Salesforce Admins should monitor salesforce to ensure overall security and stability of the environment. Often some problematic users take actions, which can cause a problem to the entire Salesforce instance so we cover 10 useful items that a Salesforce Admin needs to observe in their daily work as a Salesforce Administrator.
1. Deactivated Users and Freeze User
You might be thinking how are deactivated users and frozen users a threat? Well, there are scenarios where someone accidentally deactivated an Integration user or a Dashboard Running user, which caused disorder to all your data in Salesforce. If a user running an apex batch class has been frozen or deactivated the batch class, will error out and will not process anything for you. So do keep an eye for Deactivated users and frozen users.
2. Failed Logins
Failed logins can be troublesome! Monitoring the Failed User logins via the Login History page can be a great way to alert any suspicious behaviour.
Reporting on Failed logins would be ideal to deal with these annoying users. Once identified, the right course of action can be taken - may be Change in Password or freeze the user. The problem with reporting on failed logins is that it is not done in real-time so if someone gains access to Salesforce there person can use salesforce until they are caught.
3. Email Deliverability and Email Log Files
We all check our emails but what happens when you don’t receive any! You go mad! That is what happens to your users when they find out their Emails are not being sent from Salesforce.
Watch out for the Email Deliverability Access level of your salesforce org as it should be always set to “All emails” so that you don’t have angry users asking you to resend their emails. This critical setting applies to all emails sent from your Salesforce instance.
If you are still having problems with emails, even after the access level is set to “All emails” you need to head to the Email log Files. Email log files stores all email log for each email sent from salesforce and helps in identifying the status of the email deliverability. These are logs are only available for 30 days, so you better be quick.
4. Critical Updates
Critical Update! The name tells it all, as it is very very important to see what Critical updates are going to hit you shortly. You can review the updates to find out what is going to change and how it will affect your Salesforce org. So its recommended testing these critical updates before activating them. If these are not monitored, salesforce will automatically update them on the activation date. It is more like a time bomb. If you monitor them, there are low chances of trouble and you can give a shout out to your developers on what needs to be taken as a priority.
5. Security Alerts
Security Alerts again are mandatory enhancements in your org which salesforce imposes so that you follow the best practices and recommendations. You might notice these warning screens as below
They are identical to Critical updates but they are categorised into Required, Recommended and Type so you can opt-out of some of them. It is wise to have a watch on these ones as well because they can pile up and be a huge mess for an Admin. To know more check our blog on Security Alert in Salesforce.
6. Connected Apps
Salesforce leverages access to third-party applications via Connected Apps, these Connected apps are often granted Admin level privileges to Salesforce data; which meant that they have access to the Create, Read, Update and Delete(CRUD) actions. These apps are often connected to salesforce and its better to keep track of these connected apps and remove any which are not being used as they might violate the organization policies.
7. Apex Jobs and Scheduled Jobs
It is a good practice to always keep a check on the engine of your car! The car is Salesforce, Apex job is the engine, and it should function without any hiccups. You might have multiple batches running daily and these need to be monitored so that we get to know what are the problems and how easy it is to remediate this. There might be jobs running parallel causing update failed exception with Lock rows errors its better to check then and reschedule any parallel running jobs.
Monitoring these jobs is more of a Super Admin task to check what is going wrong. Always look for the list of Scheduled jobs and screenshot or document them so that you do know the correct time for the job run.
8. Metadata changes
Salesforce keeps changing the platform's metadata with every release so you should monitor the metadata to ensure no defect has occurred in production. All Salesforce Admin should examine the metadata changes in the environment to monitor this you can set up an audit trail and download the audit trail for the last six months.
For example, Salesforce released changes to the field security policy which provides data classification settings and Compliance categories in Spring '20.
9. Certificate Management
We love to keep certificates in-house in salesforce so that we can manage these certificates for single sign-on or to verify and authenticate external sites from Salesforce. An expired certificate can harm your integration so we should always keep a look at the certificate expiration date. Salesforce always sends an expiry email warning before 60 days but it would be a good habit to check these certificates every month.
10. Monitor Data Exports
The last item on our list to watch is Mass Data Exports, data protection is a top priority for any organisation. All mass data export activities from salesforce instance should be known by the admin and the exported data should be securely placed in an encrypted file as it may contain confidential data.
Monitoring data export can be a very time-consuming process which involves checking logs and audit trails. To catch data export activities, search audit logs for 'Data Export'.
Conclusion
These are all the simple things that a Salesforce Admin needs to monitor in his Salesforce instance to become a Super Salesforce Admin. It's also better to conduct audits in your salesforce org if your org is not a large org otherwise it is better to invest in monitoring solutions to keep your salesforce instance protected.
1. Deactivated Users and Freeze User
You might be thinking how are deactivated users and frozen users a threat? Well, there are scenarios where someone accidentally deactivated an Integration user or a Dashboard Running user, which caused disorder to all your data in Salesforce. If a user running an apex batch class has been frozen or deactivated the batch class, will error out and will not process anything for you. So do keep an eye for Deactivated users and frozen users.
2. Failed Logins
Failed logins can be troublesome! Monitoring the Failed User logins via the Login History page can be a great way to alert any suspicious behaviour.
Reporting on Failed logins would be ideal to deal with these annoying users. Once identified, the right course of action can be taken - may be Change in Password or freeze the user. The problem with reporting on failed logins is that it is not done in real-time so if someone gains access to Salesforce there person can use salesforce until they are caught.
3. Email Deliverability and Email Log Files
We all check our emails but what happens when you don’t receive any! You go mad! That is what happens to your users when they find out their Emails are not being sent from Salesforce.
Watch out for the Email Deliverability Access level of your salesforce org as it should be always set to “All emails” so that you don’t have angry users asking you to resend their emails. This critical setting applies to all emails sent from your Salesforce instance.
If you are still having problems with emails, even after the access level is set to “All emails” you need to head to the Email log Files. Email log files stores all email log for each email sent from salesforce and helps in identifying the status of the email deliverability. These are logs are only available for 30 days, so you better be quick.
4. Critical Updates
Critical Update! The name tells it all, as it is very very important to see what Critical updates are going to hit you shortly. You can review the updates to find out what is going to change and how it will affect your Salesforce org. So its recommended testing these critical updates before activating them. If these are not monitored, salesforce will automatically update them on the activation date. It is more like a time bomb. If you monitor them, there are low chances of trouble and you can give a shout out to your developers on what needs to be taken as a priority.
5. Security Alerts
Security Alerts again are mandatory enhancements in your org which salesforce imposes so that you follow the best practices and recommendations. You might notice these warning screens as below
They are identical to Critical updates but they are categorised into Required, Recommended and Type so you can opt-out of some of them. It is wise to have a watch on these ones as well because they can pile up and be a huge mess for an Admin. To know more check our blog on Security Alert in Salesforce.
6. Connected Apps
Salesforce leverages access to third-party applications via Connected Apps, these Connected apps are often granted Admin level privileges to Salesforce data; which meant that they have access to the Create, Read, Update and Delete(CRUD) actions. These apps are often connected to salesforce and its better to keep track of these connected apps and remove any which are not being used as they might violate the organization policies.
It is a good practice to always keep a check on the engine of your car! The car is Salesforce, Apex job is the engine, and it should function without any hiccups. You might have multiple batches running daily and these need to be monitored so that we get to know what are the problems and how easy it is to remediate this. There might be jobs running parallel causing update failed exception with Lock rows errors its better to check then and reschedule any parallel running jobs.
Monitoring these jobs is more of a Super Admin task to check what is going wrong. Always look for the list of Scheduled jobs and screenshot or document them so that you do know the correct time for the job run.
8. Metadata changes
Salesforce keeps changing the platform's metadata with every release so you should monitor the metadata to ensure no defect has occurred in production. All Salesforce Admin should examine the metadata changes in the environment to monitor this you can set up an audit trail and download the audit trail for the last six months.
For example, Salesforce released changes to the field security policy which provides data classification settings and Compliance categories in Spring '20.
9. Certificate Management
We love to keep certificates in-house in salesforce so that we can manage these certificates for single sign-on or to verify and authenticate external sites from Salesforce. An expired certificate can harm your integration so we should always keep a look at the certificate expiration date. Salesforce always sends an expiry email warning before 60 days but it would be a good habit to check these certificates every month.
10. Monitor Data Exports
The last item on our list to watch is Mass Data Exports, data protection is a top priority for any organisation. All mass data export activities from salesforce instance should be known by the admin and the exported data should be securely placed in an encrypted file as it may contain confidential data.
Monitoring data export can be a very time-consuming process which involves checking logs and audit trails. To catch data export activities, search audit logs for 'Data Export'.
Conclusion
These are all the simple things that a Salesforce Admin needs to monitor in his Salesforce instance to become a Super Salesforce Admin. It's also better to conduct audits in your salesforce org if your org is not a large org otherwise it is better to invest in monitoring solutions to keep your salesforce instance protected.
March 14, 2020
Apex Jobs, Certificates, Connected Apps, Critical Updates, Mass Data Exports, Metadata, Scheduled Jobs, Security Alerts
0
0 comments:
Post a Comment
Please do not enter any spam links in the comment box.