📈 Read the 2025 Salesforce Threat Landscape Report
  • Support
  • Configuration best practices

Configuration best practices

Get an overview of how to configure the app for the best protection.

This guide outlines the recommended configuration settings to ensure optimal security, visibility, and protection when deploying the solution. Following these practices helps maintain consistent threat coverage and reduces the risk of configuration-related gaps.

1. License Mode: Set to All Users

Recommendation:
Configure License Mode so that the solution protects all users within the environment.

    Why:

    • Ensures complete protection across the organization.
    • Prevents unmanaged accounts from becoming blind spots in threat detection.
    • Simplifies administration by avoiding manual user scoping.

    2. Connected App: Enabled

    Recommendation:
    Enable the Connected App integration for seamless platform connectivity and the most advanced threat detection capabilities.

      Why:

      • Increased file size: 12mb without Connected App  800mb with Connected App
      • QR Code Scanning
      • Scanning of URLs within files
      • Identity Protection
      • Deeper layers of recursive analysis and sandboxing to prevent zero day threats

      3. File Scanning: Enabled for Upload & Download (No Exclusions)

      Recommendation:
      Enable file scanning on both upload and download operations with no file-type.

      Why:

      • Provides full inspection of files entering or exiting the environment.
      • Prevents malware spread through cloud storage or collaboration tools.
      • Eliminates exploitable gaps that can occur when exceptions are present.

      4. URL Scanning: Enabled

      Recommendation:
      Enable URL scanning for all user activity. Enable Click-Time Protection for point-in-time scanning, every time.

      Why:

      • Blocks access to known malicious or suspicious domains.
      • Detects phishing attempts before credentials or data are exposed.
      • Enhances protection against drive-by downloads and browser-based threats.

      5. Identity Protection: Enabled

      Recommendation:
      Turn on Identity Protection for all internal and external users. Note: this requires the Connected App and a user-based licensing agreement.

      Why:

      • Provides continuous monitoring of users who may have had their credentials compromised in a public or private third-party breach
      • Protects high-value targets (admins, executives) from impersonation and account takeover.

      6. Agentforce Package: Installed (If Using Agentforce)

      Recommendation:
      Install the Agentforce package in environments that have Agentforce enabled.

      Why:

      Ensures real-time URL scanning across all Agentforce conversations

      Conclusion

      By configuring your security app as recommended, you ensure the highest level of protection for your Salesforce environment.