Experience Cloud Security

Experience Cloud: An Admin’s Guide to Security

Salesforce Experience Cloud (formerly Community Cloud) is a powerful way for organizations to connect with their customers, partners, and employees. The Experience Cloud platform provides organizations with the tools to create and customize branded online communities for customer support, feedback, and more.

For example, if a customer buys one of your organization’s products, they might eventually visit your website for product support. With Experience Cloud, you don’t need to rely on a website manager or designer to create, maintain, or update support content. Instead, articles or other support documents can be published and tracked directly from the Salesforce side. 

That’s just one reason to use Experience Cloud. Let’s look at some of the other platform benefits for enterprises.

“The Experience Cloud platform provides organizations with the tools to create and customize branded online communities for customer support, feedback, and more.”

Why Should Enterprises Use Experience Cloud?

Salesforce Experience Cloud allows organizations to streamline key business processes, which can be extended across multiple locations, various departments, and even outside the organization to customers and partners.

In short, Experience Cloud enables organizations to serve customers, partners, and employees more efficiently and effectively. Work can be done in real time, too, providing instant, organization-wide visibility into customer support, deals, and more.

All that being said, organizations must be careful that external users, like customers, don’t have more visibility into an organization’s data than necessary.

“Experience Cloud enables organizations to serve customers, partners, and employees more efficiently and effectively.”

Keep reading for four actionable tips on how Admins can ensure Experience Cloud security.

Keeping Experience Cloud Secure

There are a number of best practices for keeping your Salesforce Experience Cloud secure, but the first thing Admins should do is ensure Experience Cloud users have the correct level of access.

While it can be tempting to enable all permissions to get Experience Cloud up and running expeditiously, this can lead to big trouble. For example, it’s important to consider whether any, or all, users should have access to your organization’s private data or to other members’ data.

Of course, there might be instances when you want to allow Experience Cloud end users to act as a fully licensed user, where they can run reports and create dashboards for example, but this is usually an exception to the rule (more on this later).

The decision to provide unrestricted access to Experience Cloud users should be avoided in general and when such a need arises, decisions must be made carefully. So the first step to securing your Experience Cloud instance is to ask some important questions around user access.

Why does your customer or partner need this level of access? Is this something they must have? What is the benefit of fully licensing this user? It’s a good idea to consider all such possible scenarios in which your users may require more access to Experience Cloud, then enable permissions for specific groups or individuals to achieve the same.

In the next few sections, we will show you how to do exactly that.

Internal Sharing vs. External Sharing in Experience Cloud

If you’re a seasoned Salesforce Admin, most likely you are familiar with the Service Cloud/Sales Cloud data sharing model. If you’re new to the Salesforce Ohana, and would like more information about this, check out this post on 6 Salesforce Security Best Practices.

The data sharing model in Experience Cloud differs from the Sales/Service Cloud data sharing model. If you’re an Admin newly in charge of an Experience Cloud instance, it’s important that you take the time to understand how these sharing models differ.

In Experience Cloud, there are two types of sharing available to you: internal and external.

External sharing enables Experience Cloud Admins to define sharing rules and permissions to external users on an organization-wide scale in the same way how it’s done for internal users. You can also set different levels of access for specific external user groups or individuals. For example, different sharing permissions can be assigned to partners, another for customers, and another for employees.

But what most new Experience Cloud Admins aren’t aware of is internal sharing rules override external sharing rules.

For instance, let’s say you have a Lead Object where, internally, permissions are set to “private.” Now, imagine you want to set the external permissions to “public.” The Lead Object will remain “private” because internal sharing ultimately dictates the rules. You can match external permissions to internal permissions, but your external permissions cannot exceed internal permissions.

It’s important that Experience Cloud Admins understand internal and external sharing rules to effectively manage data access.

Next, let’s look at setting up permissions in Experience Cloud for a more secure instance.

“What most new Experience Cloud Admins aren’t aware of is internal sharing rules override external sharing rules.”

What is Experience Cloud Role Hierarchy and Why Does it Matter?

When it comes to Salesforce Experience Cloud security, specifically for Admins, there are basically two ways to secure your Experience Cloud instance. Admins can either restrict the Experience Cloud data ownership, or restrict data access. The latter, data-level security, is managed using roles and hierarchies.

Imagine you’re the owner of a record in your organization’s Experience Cloud instance. Anyone above you in the role hierarchy will automatically be granted access to that record as well. Similarly, for both customer and partner communities, you can control data access based on the role of a user, which is determined by the role hierarchy.

While Salesforce does automatically assign roles and provide data access to Experience Cloud users by default, you can change the role hierarchy settings and reclassify users into specific roles. Remember, it’s important to be proactive and intentional about who can access particular data in Experience Cloud.

Finally, let’s explore the different types of Experience Cloud licenses and the specific security considerations for each.

Security Considerations by Experience Cloud User License Type

Salesforce Experience Cloud users basically fall into two categories: authenticated and unauthenticated (guest users) – understanding the difference is critical to keeping Experience Cloud secure.

The difference is simple. Authenticated users receive credentials and can log into your Experience Cloud instance. Unauthenticated users are generally considered “guests” and do not receive credentials.

Guest users can do things like access articles, guides, or other such resources. To provide a public knowledge base like this for your customers, you don’t need to purchase communities licenses. On the other hand, if your customers or partners are assigned credentials to log into your Experience Cloud instance, you will need Experience Cloud licenses.

“Salesforce Experience Cloud users basically fall into two categories: authenticated and unauthenticated (guest users) – understanding the difference is critical to keeping Experience Cloud secure.”

Why does this distinction matter for security purposes? Well, for unauthorized guest users, data access can be limited using organization-wide sharing permissions, as we covered earlier in this article.

However, data access for authenticated Experience Cloud users will need to be handled at the account level and may be different for each licensed, credentialed user. We will cover this further in an upcoming blog post but in the meantime click here some more information on this topic.

“To keep your Experience Cloud instance secure, authorized and unauthorized users should always be assigned the appropriate level of access.”

Wrap Up

Experience Cloud is a great platform for connecting enterprise organizations to customers, partners, and even employees. To mitigate security risks in your Experience Cloud instance, it’s important to understand data sharing rules, role hierarchies, and different types of users so you can provide the correct level of access and prevent data leaks.

We hope you find the actionable insights provided here to be helpful. Have questions about Salesforce Experience Cloud or Salesforce security? Sign up for our newsletter! We send out a monthly recap of our latest Salesforce content, including articles on security best practices, actionable insight on Salesforce optimization for enterprises, and more.

You may be interested in

How to Create Dynamic CPQ Quote Templates in Salesforce

After finalizing a quote, the goal is typically to create an accurate and professional quote document to customers. But without the right processes in place, quoting can be challenging, time-consuming, and prone to errors. Thankfully, Salesforce CPQ (Configure, Price, Quote) helps with the configuration and management of quote documents, streamlining the process and making quotes […]

Read More

Integrating Financial Services Cloud and Data Cloud

The Customer Data Problem The vast majority of Financial Services organizations today share a common problem: customer data is siloed across departments and systems. Imagine an investment firm that offers a portfolio of financial products like mutual funds, stocks and retirement planning services. Information about these various products typically reside in separate (and typically proprietary) […]

Read More

Sign up for the latest tips & news from CloudKettle

Thank you for subscribing.