Salesforce Sales & Service Cloud
IAM Audit
The Salesforce core org is the single source of truth for your customer data—and its IAM configuration directly determines who can read, modify, or export it. Our audit systematically maps your Profile hierarchy, Permission Sets, sharing model, and Shield configuration to produce an actionable risk register for your security and compliance teams.
Identity · Access · Compliance
Salesforce Sales & Service Cloud IAM Audit
Core CRM Identity Assessment
Did your team cover these critical blindspots?
The most commonly overlooked attack vectors in Salesforce environments—validated through hundreds of enterprise engagements.
Permission Set Accumulation
Have your Salesforce Profiles and Permission Sets been reviewed for "Modify All Data" or equivalent rights held by users whose roles don't require them? Privilege accumulation over time is the most common IAM finding in mature Salesforce orgs.
Sharing Model Over-Exposure
Are your Org-Wide Defaults, sharing rules, and public groups configured to expose customer records, cases, or financial data more broadly than your data governance policies require?
Connected App & API Governance
Do you have a current inventory of all Connected Apps, their OAuth scopes, and their IP restrictions? Legacy integrations using deprecated Username+Password OAuth flows represent persistent, unmonitored access paths.
What We Test
Security Checklist
33 automated + manual checks organized across 6 security domains. Every item is evaluated and reported with evidence.
Profile & Permission Set Governance
6 checks
Field-Level Security (FLS)
5 checks
Sharing Model & Record Visibility
6 checks
Connected Apps & API Integrations
5 checks
Audit, Logging & Shield
6 checks
Compliance Mapping
5 checks
Main Assessment Coverage
- Profile & Permission Set Governance Review
- Field-Level Security (FLS) Assessment
- Sharing Model & Record Visibility Audit
- Connected Apps & API Integration Review
- Audit, Logging & Shield Validation
- Compliance Posture Mapping (CIS, SOC2)
Flexible Network Execution
Core org assessments use read-only Connected App credentials and execute via Salesforce API. No admin console access required during assessment execution.
Route assessment engines through your designated corporate IPs to simplify allowlisting, avoid WAF alarms, and maintain a clean audit trail satisfying internal security policies.
Transparent Licensing
One-time execution license. No subscriptions. No hidden fees.
Complete Assessment
/ one-time license
- Full Automated + Manual Assessment Engine
- Executive PDF Report with Risk Scoring
- Permission & Sharing Model Visualization
- Customer IP Sourcing Available
- 30-Day Platform Access
- Compliance Matrix (CIS, SOC2)
- Prioritized Remediation Roadmap
Request Salesforce Sales & Service Cloud IAM Audit
Send us a quick note and we'll come back with timing, scope, and the license details.