On February 13, 2020, Salesforce released a Security Notification to address the security of publicly-accessible sites. This change affects all customer organizations with Salesforce public sites built on site.com, force.com, or communities.

Ultimately, these changes will work together to enhance the protection of your data, but please note, they do not address protection against malicious content – ransomware, malware, or viruses. For that, you will need to connect EZProtect to each live Salesforce environment.

On March 1, 2020, Salesforce will begin a phased deployment of Guest User Security updates on all public sites (sites accessed by guest/unauthenticated users). At this time, the changes will be auto-enabled, however, and customers will have the ability to “opt-out” by disabling the new settings.

In the Summer ’20 release, these changes will be mandatory and there will no longer be an opt-out option. Visit the “Securing Community Cloud” Trailblazer group for additional roll-out plan details.

While these changes will secure Guest Users and increase the protection of customer data, they may change your org’s expected behavior and affect workflows. For this reason, they strongly recommend you opt-in to test the new security features and assess their overall effect on your org prior to enforcement on March 1, 2020.


Below, please find several resources that further discuss the importance of these changes, how they benefit your organization, and how (and why) to secure your organization.

If you have additional questions, please contact Salesforce via the monitored “Securing Community Cloud” Trailblazer group. If you need additional support, please refer to our “Guest User Security, Requesting Additional Support” Knowledge Article.

EZAssign Version 1.31 Pre-Release for Customers Attending Dreamforce this week? Look for EZAssign and EZProtect in the Developer Lounges!