Here is what’s new in Sirius 3.2 and why it matters.
The threat Salesforce can’t see
Salesforce orgs are more complex than ever. Employees, contractors, partners, community users, AI agents — all operating with different levels of access inside your org. Every one of these identities has permissions. Permissions accumulate. Teams change. Nobody cleans up.
The result is a reality most Salesforce admins don’t have a clean answer to: who in your org has access they shouldn’t? And if one of those users had their credentials exposed in a third-party breach, would you know?
Stolen logins are behind 22% of all data breaches globally (Verizon DBIR 2025), and Salesforce has no native way to detect whether your users’ credentials have been compromised elsewhere. That’s the gap Identity Protection was built to close.
Identity Protection continuously monitors your Salesforce users against known breach databases, covering both internal employees and external community users, and surfaces compromised accounts before attackers can exploit them.
One view of every user that should be on your radar
Identity Protection gives administrators a single overview of every user that warrants attention, whether that’s because their email appeared in a data breach, because they’ve been assigned permissions that give them too much power, or because they’re missing a Cloud Protection license and flying under the radar completely.
But here’s what makes it really powerful. When you drill into a user, you don’t just see that they’re a risk; you see what they’ve been doing. What files have they uploaded or downloaded? What URLs have they accessed? What apps are connected to their account? This lets you map the potential impact of a compromised identity: what an attacker could reach, what may have already been touched, and where to focus your response.
Identity Protection 2.0: more visibility, faster response
Version 3.2 is a significant upgrade. Administrators can now see exactly which users carry excessive permissions and take action to enforce least privilege without leaving the dashboard. Reset passwords or freeze and unfreeze accounts directly from the Identity Protection interface and get email notifications when new breached user data is detected, so you’re never the last to know.
Not yet using Identity Protection? [Learn how to get started] or book a demo to see it in action.
Macro detection in files: flag the threat before it executes
Macros embedded in Microsoft Office and PDF files are one of the most common ways malwares get delivered, and they’re dangerous even when the file doesn’t contain malware at the time of scanning. Until now, files were only flagged when malicious content was actively detected.
Version 3.2 changes that. Files containing macros are now flagged regardless of whether malware is present, giving administrators the option to block or alert macro-containing files based on their organization’s risk tolerance.
A more reliable auto-update experience
Behind the scenes, the auto-update infrastructure has been redesigned for improved reliability. Administrators now have access to trail logs showing update history and will be alerted if an auto-update fails, so issues can be resolved quickly.
Available on AppExchange
Version 3.2 is available now. Here is when to expect updates:
- Available on AppExchange: April 20, 2026
- Automatic updates, sandbox environments: May 11, 2026
- Automatic updates, production environments: June 1, 2026
Already a customer? See the [Version 3.2 release notes] for the full technical details.
Not yet a customer? We’d love to show you what it can do for your organization. Book a demo and we’ll walk you through it personally. [Book a demo]
Our mission: security that keeps up with Salesforce
Salesforce is no longer just a CRM. It’s the operational backbone of modern businesses, running sales, service, marketing, and increasingly, AI-driven workflows. The attack surface has grown with it.
Our mission is to make sure security keeps pace. Every release we ship is a step toward a Salesforce environment where admins have full visibility into who is at risk, what an attacker could reach, and what to do about it. All without leaving the platform they already work in every day.
Version 3.2 is another step in that direction. We’re not done.