WithSecure™ Identity Protection for Salesforce
A Single Compromised User Identity Can Expose Your Salesforce Environment
Identify compromised, weak, or over-privileged Salesforce users early, and gain sustained control and a clear overview of your identity risk posture.
Why Identity Risk Matters in Salesforce
Salesforce access starts with identity: Every employee, partner, and community user accesses Salesforce through an identity. That identity defines what data, workflows, and integrations they can access.
30%
of employees reuse corporate credentials
Identical passwords and company email addresses are reused across multiple services, potentially exposing credentials to unauthorized usage.
Source: SpyCloud 2024
…I
Credentials are regularly exposed in data breaches
User credentials are regularly exposed in third-party data breaches and can be used in cyber attacks.
Lack of visibility is a real problem
Without visibility, organizations don’t know which users are safe — or which identities expose their Salesforce environment the most.
Native Identity Protection, Built for Salesforce
WithSecure Identity Protection is a core capability of WithSecure Cloud Protection for Salesforce, designed to work natively inside the Salesforce platform.
Native Salesforce compatibility
It integrates directly into Salesforce without external connectors, additional portals, or complex setup. Identity risks are detected and surfaced where Salesforce teams already work, using native workflows and familiar interfaces.
Included in
Cloud Protection for
Salesforce by WithSecure
As part of the broader Cloud Protection for Salesforce solution, Identity Protection works alongside file and threat protection to deliver a unified, Salesforce-native approach to securing users, data, and workflows.
Malware protection
Stop malicious files
URL protection
Stop malicious links
Identity protection
Protect your Salesforce users
Protection for Agentforce
Protect your AI agents
QR code protection
QR scan code threats
How Identity Risk Turns
into a Salesforce Incident
1. Credentials are reused across services
Employees often reuse business email addresses and passwords across multiple third-party services. This creates a shared credential footprint across systems and increases exposure if any one service is compromised.
2. Credentials are exposed in data breaches
A third-party service used by an employee or partner suffers a data breach. Reused credentials are exposed and become available to cybercriminals, increasing the risk of unauthorized access to other services.
3. Unauthorized access occurs
A reused credential successfully authenticates into Salesforce as a legitimate user, bypassing many traditional security controls and increasing the risk of undetected access.
4. Actions are performed under trusted access
The compromised identity operates with the user’s existing permissions, enabling access to data, integrations, and workflows that may exceed what is strictly necessary.
Detect Compromised Credentials
Before They Become Incidents
Continuous credential exposure monitoring
Scans Salesforce internal and community user accounts against the latest data breach and dark-web intelligence to detect exposed credentials early — before they can be misused for access.
Community and external user protection
Extends visibility beyond employees to partner and community users — a frequent blind spot exploited for social engineering and fraud.
Visibility into risky user behavior
Provides alerts for users with breached credentials, risky permission sets, and abnormal activity, such as suspicious file uploads, downloads, or URLs.
Respond to identity-based risk
Enable timely response to identity risks by freezing accounts or forcing password resets before issues escalate.
Breach context and exposure history
Provides detailed breach context and up to 12 months of exposure history to help teams assess severity, prioritize response, and act faster.
We are committed to high compliance
We provide all necessary certificates and information to reassure you and your stakeholders. See more details on our Trust Center.
ISAE 3000 Type 2
WithSecure™ Cloud Protection for Salesforce has ISAE 3000 Type 2 (international equivalent of SOC2 Type 2) assurance report, ensuring your data is managed securely,
ISO 27001
WithSecure™ is ISO 27001 certified, validating our rigorous data security practices. This prestigious certification confirms our adherence to the highest information standards.
EU GDPR
WithSecure™ helps organizations adhere to General Data Protection Regulation (GDPR) requirements, ensuring the secure handling of European citizens’ personal data.
SecurityScoreCard
WithSecure™ holds the highest cyber security vendor ranking from SecurityScoreCard, which evaluates companies on 10 key security factors, including remediation speed and risk mitigation.
Frequently asked questions
What is Identity Protection in WithSecure Cloud Protection for Salesforce?
Identity Protection is a feature in WithSecure Cloud Protection for Salesforce that detects Salesforce user credentials exposed in third-party breaches.
Early detection of credential compromise enables Salesforce administrators and security teams to act before attackers get the chance to exploit stolen credentials – for example by enforcing password reset.
Why is Identity Protection needed in Salesforce?
Salesforce doesn’t monitor for exposed credentials, and stolen logins are involved in 22% of all data breaches globally (Verizon DBIR 2025).
When users reuse the same passwords across different services, which is known as password reuse, a breach in one system can compromise many others.
If an employee, partner, or community user’s credentials are leaked elsewhere, attackers can use those logins to access Salesforce as a trusted user.
Identity Protection provides early detection and visibility inside Salesforce. Existing security tools have no scalable coverage for community user monitoring.
Which Salesforce users does Identity Protection monitor?
Identity Protection in WithSecure Cloud Protection for Salesforce covers both internal and external user types:
Internal Salesforce users: Employees, administrators, and system accounts. Detect compromised credentials early to prevent unauthorized access or privilege escalation.
Community and partner users: Experience Cloud and partner logins often fall outside corporate security controls. WithSecure Cloud Protection for Salesforce uniquely monitors these accounts at enterprise scale — reducing the risk of impersonation, supply-chain abuse, and data exposure.
How does Identity Protection work?
Identity Protection continuously scans Salesforce user email identifiers (securely hashed) against a combination of proprietary, commercial, and dark-web breach intelligence feeds. Human analysts infiltrate dark web forums to uncover threat intelligence that is not available with traditional credential scraping tools.
This hybrid approach detects new exposures 3–6 months earlier than any public or open-source lists.
If a user’s credentials appear in a known data leak, the system flags it directly in the Cloud Protection for Salesforce dashboard, complete with breach metadata and severity information.
You’ll know:
Which users were exposed — and when
The breach source and password format
How severe the risk is
How often does Identity Protection run scans?
By default, Identity Protection scans run automatically every week.
Threat intelligence feeds for credential compromises are updated daily.
Does Identity Protection automatically block or disable users?
No. Identity Protection provides early detection and visibility, but control for response actions stays with the administrator to avoid unwanted disruption.
You decide when to reset credentials or apply other remediation steps.
How is Identity Protection different from other breach-detection tools?
Identity Protection is a feature of WithSecure Cloud Protection for Salesforce – a 100% Salesforce-native app, with no external connectors, or unnecessary data traffic outside the platform.
It covers Experience Cloud and community users (like partner accounts) at scale. User risks related to these Salesforce user types fall outside current enterprise security tools.
How does this support compliance and audit readiness?
Each detection event and admin action is logged, creating a verifiable audit trail.
This supports today’s compliance frameworks, and helps demonstrate proactive identity-risk management for internal and regulatory audits.
What are common use cases for Identity Protection?
Key use cases for Identity Protection feature include:
Detecting exposed employee Salesforce user credentials before attackers log in.
Monitoring high-risk external community users in partner and community portals built on Salesforce.
Strengthening third-party and supply-chain security posture in Salesforce.
Reducing the risk of fraud, impersonation, or data theft across Salesforce and connected systems.
What attack methods does Identity Protection protect against?
What attack methods does Identity Protection protect against?
Identity Protection helps prevent attacks that rely on compromised or reused credentials, including:
Supply-chain compromise — Attackers use compromised partner or customer logins to submit fraudulent transactions, upload malicious files, or move laterally into your systems. Detecting exposed external accounts stops these supply-chain attacks before they escalate.
Credential stuffing — Automated login attempts using usernames and passwords leaked from other services.
Account takeover — Using stolen credentials to access Salesforce as a legitimate user.
Social engineering with trusted identities — Using compromised user accounts to send phishing links or fraudulent requests inside Salesforce.
Early prevention is always cheaper than breach recovery.
Does Identity Protection process personal data?
Some personal data may be processed in the Identity Protection feature, namely the email address and related breach data. Such personal data is stored in encrypted form and processed in accordance with the Data Processing Agreement. Please note that the data in the Identity Protection feature may be processed outside your normal data processing data region.
For more information on privacy in WithSecure Cloud Protection for Salesforce, please see the WithSecure Cloud Protection for Salesforce Privacy Policy.
Get a Free Demo
THE #1 SALESFORCE MALWARE PROTECTION SOLUTION
Fill the form and get:
Free 15-day trial – test the product without limitations
Real attack simulation and product demo
Free customized and actionable risk assessment
