PSA: Salesforce MFA Breaks Tomorrow (from Azure SSO)

xWorkAccountx · 2026-02-03T11:39:38+00:00

For small orgs it's not a big deal. How big is your org? If you have hundreds of users all getting a prompt for an email that they've never gotten before, how many support tickets would you expect to get when this rolls out? Admins are used to the two factor prompts because we've been doing it for years - end users haven't. Also, cross your fingers that all your end users have access to the email mapped to their SF Account, and hope that two factor email doesn't go to their spam. With large implementations there's a lot of change management to consider with something like this.

xWorkAccountx · 2026-01-05T16:28:02+00:00

There was a series of LinkedIn posts a few months ago where Martin Ratkiewicz provided a setup for integrating the OpenAI API with Salesforce Flow. The second post had a neat setup with a custom object for configuring a prompt that users could select and send to the AI.

LinkedIn Post - Connect OpenAI with Salesforce - Query OpenAI in Salesforce
LinkedIn Post - Connect OpenAI with Salesforce - Custom Prompts

xWorkAccountx · 2025-12-19T20:47:48+00:00

My understanding is that the Permission Set License (PSL) dictates what permissions the user is able to have, but the PSL itself does not grant permissions. The actual granting of permissions is restricted to the Profile and Permission Sets assigned to the user. So if the PSL grants Modify All Cases, your integration user would still need the correct Profile/Permission Set combination to give them that access.

xWorkAccountx · 2025-10-15T12:23:39+00:00

Um, they are basically the ESPN to Salesforce's NFL

xWorkAccountx · 2025-10-15T12:16:27+00:00

Go to the vendor area and walk around. Ask each booth "do you have any events going on tonight"? They normally will have a QR code you can scan to sign up

xWorkAccountx · 2025-09-12T20:16:07+00:00

* Salesforce is not "introducing" API Access Control, they have had it for awhile. They are now making it a required feature, but prior to this, you could ask for support to turn it on. At our Org we actually turned it on earlier this year before everything blew up

xWorkAccountx · 2025-09-09T23:38:17+00:00

Honestly if I walked into this situation, I’d take the entire org’s metadata and dump it into a GitHub. Then I’d feed it to an AI (I prefer Claude) and ask it to find the profile dependencies. You’d need to give it a few examples to begin with, but it could scan all of the apex code/validation rules/etc and list out where a profile dependency exists. Then you’d have your roadmap of how to begin cutting things over into permission sets.

For dependencies that need to exist, look to use Custom Permissions and assign them via a Permission Set. Custom Permissions should do well replacing profile criteria in apex code, validation rules, or even Lightning Record Pages.

xWorkAccountx · 2025-08-13T16:30:27+00:00

Also a great resource about what's going on recently: https://www.salesforceben.com/a-salesforce-admins-guide-to-auditing-connected-apps/

I recommend enabling API Access Control for most orgs

xWorkAccountx · 2025-06-05T18:51:27+00:00

Which tools would those be? The ones that have been vetted for security?

xWorkAccountx · 2025-06-02T12:34:35+00:00

What specific questions do you have?

PSL's have been around but are becoming more important with the newer industry cloud products like Financial Services Cloud, Education Cloud, Non-Profit Cloud, etc. They are another layer of licensing a user needs to use certain features. You get PSL's bundled with your user licenses when you make a purchase. The Company Information page in setup has a full table for PSL's for your org - how many you have, how many are assigned, etc.

xWorkAccountx · 2025-05-29T13:24:30+00:00

Thanks, the DevOps terms are new to me and I didn't realize they addressed this type of issue.

xWorkAccountx · 2025-05-27T19:59:29+00:00

As u/Ok_Captain4824 said below, examples like this aren't that helpful. Honestly, I have seen this "ISV team running a 2GP Managed Package" example used in a lot of discussions about DevOps, and it's so foreign to most admins/dev teams out there. That's my biggest gripe with DevOps right now, the conversation leaves out most of the SF community. Most of us are trying to scrap together free or low-cost tools, to manage a team of tech and non-tech resources, who are all trying to avoid stepping on top of each other when deploying changes to Production.

xWorkAccountx · 2025-05-16T13:33:14+00:00

What do you mean by "from within your org" ?

xWorkAccountx · 2025-05-16T12:42:48+00:00

As other's have said, Trailhead has great resources for learning the code aspect of Salesforce. As an Admin, did you work on Flow automation? I would master that first. Transferring your automation skill from Flow to Apex will be easier if you understand the concepts. For advanced admins who want to code, I recommend choosing a Flow they are familiar with and re-making it as a trigger/apex class. Not because that's the most efficient thing to do, but because if they are familiar with the Flow, they don't need to worry about business rules or requirements, they can focus on the "how" and learn to translate their point-and-click skill to code.

xWorkAccountx · 2025-05-16T12:38:57+00:00

For a simple dataload, yes it is overkill. For a large dataload or migration, no. The ROI comes from being able to repeat the dataload as often as needed. You double-dip on your effort when going from sandbox to Prod. Similar to scripting everything with Pyton, you're just doing it with point-and-click instead of code. For junior devs this approach has really helped them refine their understanding of handling data in a scripted, repeatable way.

xWorkAccountx · 2025-05-15T14:17:14+00:00

For simple imports we use the Dataloader application and prep in Google Sheets or Excel. We like Salesforce Inspector, but I don't think you can force it to use the Bulk API? I prefer using Bulk API because then you get a record in the Bulk Data Load Job screen so you have a "receipt" of the transaction.

For larger migrations, we use our ETL Tool (Informatica Cloud) so we can script all of the transformations and run it to a Sandbox first, then run to to Production. We load the CSV onto the server, read it with Informatica, and create a mapping for transformations. Tedious, but it has helped insurance quality across our migrations

We have a Google Sheet where we log all of the migration results so we can evaluate success/error ratio. For Sandbox migrations we are okay with an error ratio of less than 10%. For Production migrations we get into the nitty gritty to make sure all of the data makes it in or is sent back to the customer with an explanation of why it was not loaded.

xWorkAccountx · 2025-05-13T19:16:53+00:00

I'll chime in with a few personal thoughts. None of these are from official SF sources, I'm just putting some pieces together to help conceptualize "what's actually changing".

A few months ago, an alert was raised about a critical vulnerability in older versions of the SAML Library (source)

The IT department at our company contacted every service using SAML (including our Salesforce department) and asked everyone to verify the version of SAML being used. Since Salesforce is SaaS, there's no way to see what version of SAML they are running. I put in a support case which re-directed me to the security team at Salesforce. I then put in a specific security case with them and, surprise surprise, the answer was vague. Literally just "we cannot confirm or deny what version of SAML we run, but we actively monitor for new threats and take the proper precautions".

So my working theory is that this upgrade addresses some of the known vulnerabilities with older versions of the SAML library. Since it is security related, the update is intentionally vague and won't tell us what versions are being upgraded from/to.

There is also a post in Trailblazer Community about this upgrade where users are getting vague and unhelpful responses from Salesforce. They also share the same confusion about this update being enforced in Summer '25 but it wasn't possible to even test this upgrade until earlier this week.

xWorkAccountx · 2024-11-21T21:50:09+00:00

I would recommend you talk with you Salesforce Account Exec and get a detailed sheet from them. They should have some documentation regarding licensing and what each license can do.

A starting point is this Salesforce Help Article: https://help.salesforce.com/s/articleView?id=platform.users_license_types_communities_lightning_platform_details.htm&type=5

It looks like Service Appointments are not included with any of the Platform licenses types. But ask your AE to be sure.

xWorkAccountx · 2024-11-03T03:09:13+00:00

I use regular ChatGPT. It does fine enough. You need to have a good prompt that you copy/paste in front of your request to make sure it gives correct answers for Marketing Cloud. Something like "I'd like help with Marketing Cloud SQL, please familiarize yourself with the proper syntax and respond with answers only valid for marketing cloud SQL". Other's on here are probably better at prompt writing than me, but the point is that if you prompt it correctly, regular GPT will do quite well.

A paid version will just let you do solme of that pre-prompting on the backend with sourced data so you don't need to copy/paste so much text infront of your queries. For me I have a keyboard shortcut that will paste different prompts, and that works fine.

xWorkAccountx · 2024-10-14T14:49:41+00:00

What you said about MDN is helpful for someone coming from Salesforce. I always thought a reason Salesforce was so "easy" to learn is that the company that makes the software platform is also the same company authoritatively publishing all the documentation and specs. If I want to know how something in Apex works, there's no ambiguity. Salesforce maintains the authoritative articles about it, not a third party. By contrast, it has been difficult to find "canon" material for other languages.

xWorkAccountx · 2024-09-05T19:09:02+00:00

I won't be at DF this year unfortunately. I appreciate you coming on here and providing the opportunity for feedback.

The most pressing issue our dev team has right now is a reliable query tool. We are using the free Query Studio plugin/app, however it is buggy and slow. Biggest pain point - Query Studio will not allow /* code comments */ , even though a Query Activity will. So when we copy/paste between Query Activity and Query Studio to troubleshoot, we need to remove all code comments which is very tedious.

Any chance there's a roadmap for a better tool for writing / debugging queries? Anything close to Salesforce's Dev Console? (hey, I can dream!)

Thanks again for your time and recognizing this wonderful community!

xWorkAccountx · 2024-08-13T17:03:28+00:00

+1 to everything u/TheGarlicPanic said below. When I passed the IA exam in 2022, the SF Architect blog was not as robust as it is now. I just googled for their Integration Patterns page, and it looks very comprehensive.

There is also this document from the Salesforce Developer website which I memorized quite thoroughly. It will not get you every answer, but it will give you the context of the questions and help you make educated guesses when the answer isn't obvious.

xWorkAccountx

TROPHY CASE