Auditing

Auditing features do not secure your organization by themselves, but these features provide information about
usage of the system, which can be critical in diagnosing potential or real security issues. It is important that
someone in your organization perform regular audits to detect potential abuse. The other security features
provided by Salesforce are preventative. To verify that your system is actually secure, you should perform audits
to monitor for unexpected changes or usage trends.

Auditing features include:

Record Modification Fields
All objects include fields to store the name of the user who created the record and who last modified
the record. This provides some basic auditing information.
Login History
You can review a list of successful and failed login attempts to your organization for the past six
months.
Field History Tracking
You can also enable auditing for individual fields, which will automatically track any changes in the
values of selected fields. Although auditing is available for all custom objects, only some standard
objects allow field-level auditing.
Setup Audit Trail
Administrators can also view a Setup Audit Trail, which logs when modifications are made to your
organization's configuration.

Monitoring Login History

Available in: All Editions

User Permissions Needed

To monitor logins:
“Manage Users”

On this page, Administrators can monitor the successful and failed login attempts for their organization and
enabled portals. The columns on this page provide information about each login attempt. The login history page
displays the most recent 20,000 entries in the login history database. If you need to see more records, you can
download the information to a CSV or GZIP file.

To download the information into a CSV or GZIP file:

1. Click Your Name | Setup | Manage Users | Login History.

2. Click one of the following radio buttons:
 Excel csv file: This downloads a CSV file of all user logins to your Salesforce organization for the
past six months. This report includes logins through the API.
 gzipped Excel csv file: This downloads a CSV file of all user logins to your Salesforce
organization for the past six months. This report includes logins through the API. The file is
compressed and this is the preferred option for quickest download time.
3. Select the file contents. You can choose All Logins, IE6 Logins Only, or Web Site Logins Only.
4. Click Download Now.

Tracking Field History for Standard Objects

Available in: Contact Manager, Group, Professional, Enterprise, Unlimited, Developer, and Database.com
Editions
Standard Objects are not available in Database.com
 User Permissions Needed

To set up which fields are tracked:

“Customize Application”

To set up field history tracking:

1. Click Your Name | Setup | Customize.

2. Select the object you want to configure.
3. Click Fields | Set History Tracking. Note
4. For accounts, contacts, leads, and opportunities, select the Enable Account History, Enable Contact
History, Enable Lead History, or Enable Opportunity History checkbox.
5. Choose the fields you want tracked. You can select a combination of up to 20 standard and custom
fields per object. This limit includes fields on business accounts and person accounts.

Certain changes, such as case escalations, are always tracked.

You can’t track the following fields:

 Formula, roll-up summary, or auto-number fields

 Created By and Last Modified By
 Expected Revenue field on opportunities
 Master Solution Title or the Master Solution Details fields on solutions; these fields display only
for translated solutions in organizations with multilingual solutions enabled.
6. Click Save. Salesforce tracks history from this date and time forward. Changes made prior to this date
and time are not included.

Tracking Field History for Custom Objects

Available in: Contact Manager, Group, Professional, Enterprise, Unlimited, Developer, and Database.com
Editions
Standard Objects are not available in Database.com

User Permissions Needed

To set up which fields are tracked:
“Customize Application”

To track field history for custom objects:

1. Click Your Name | Setup | Create | Objects.

2. Click Edit next to the name of the custom object.
3. Select the Track Field History checkbox.Note.
4. Click Save.
5. Click Set History Tracking in the Custom Fields & Relationships section. This section allows you to set a
custom object’s history for both standard and custom fields.
6. Choose the fields you want tracked. You can select a combination of up to 20 standard and custom
fields per object. You can’t track:
 Formula, roll-up summary, or auto-number fields
 Created By and Last Modified By
7. Click Save. Salesforce tracks history from this date and time forward. Changes made prior to this date
and time are not included.
Monitoring Setup Changes
Available in: Contact Manager, Group, Professional, Enterprise, Unlimited, Developer, and Database.com
Editions
In Database.com, the setup audit trail history only audits setup changes for features that are included in
Database.com.

User Permissions Needed

To view audit trail history:
“View Setup and Configuration”

The setup audit trail history helps you track the recent setup changes that you and other administrators have
made to your organization. This can be especially useful in organizations with multiple administrators.

To view the setup audit trail history, click Your Name | Setup | Security Controls | View Setup Audit Trail. To
download your organization’s full setup history for the past 180 days, click the Download link.

The setup audit trail history shows you the 20 most recent setup changes made to your organization. It lists the
date of the change, who made it, and what the change was. Additionally, if a delegate (such as an administrator
or customer support representative) makes a setup change on behalf of an end-user, the Delegate User column
shows the delegate's username. For example, if a user grants login access to an administrator and the
administrator makes a setup change, the administrator's username is listed.

The setup audit trail history tracks the following types of changes:

Setup Changes Tracked

Administration  Company information, default settings such as language or locale, and company
message changes
 Multiple currency setup changes
 User, portal user, role, permission set, and profile changes
 Email address changes for any user
 Deleting email attachments sent as links
 Creating, editing, or deleting email footers
 Record type changes, including creating or renaming record types and assigning
record types to profiles
 Changes to divisions, including creating and editing divisions, transferring divisions,
and changing users’ default division
 Adding or deleting certificates
 Domain name changes
 Enabling or disabling Salesforce as an identity provider

Customization  Changes to user interface settings, such as collapsible sections, Quick Create, hover
details, or the related list hover links
 Page layout and search layout changes
 Changes made using inline editing
 Custom field and field-level security changes, including changes to formulas, picklist
values, and custom field attributes like the format of auto-number fields or masking of
encrypted fields
 Changes to lead settings, lead assignment rules, and lead queues
 Changes to activity settings
 Changes to support settings, business hours, case assignment and escalation rules,
Setup Changes Tracked

and case queues

 Any changes made by salesforce.com Customer Support at your request
 Changes to tab names, including tabs that you reset to the original tab name
 Changes to custom apps (including Service Cloud console apps), custom objects, and
custom tabs
 Changes to contract settings
 Changes to forecast settings
 Enabling or disabling Email-to-Case or On-Demand Email-to-Case
 Changes to custom buttons, links, and s-controls, including standard button overrides
 Enabling or disabling drag-and-drop scheduling
 Enabling, disabling, or customizing similar opportunities
 Enabling or disabling quotes
 Changes to data category groups, data categories, and category-group assignments to
objects
 Changes to article types
 Changes to category groups and categories
 Changes to Salesforce Knowledge settings
 Changes to ideas settings
 Changes to answers settings
 Changes to field tracking in feeds
 Changes to campaign influence settings
 Activating or deactivating critical updates
 Enabling or disabling Chatter email notifications
 Enabling or disabling Chatter new user creation settings for invitations and email
domains

Security and  Public groups, sharing rule changes, and organization-wide sharing, including the
Sharing
Grant Access Using Hierarchies option
 Password policy changes
 Session settings changes, such as changing the session timeout setting
 Changes to delegated administration groups and the items delegated administrators
can manage. Setup changes made by delegated administrators are tracked as well.
 How many records a user emptied from their Recycle Bin and from the organization's
Recycle Bin
 Changes to SAML (Security Assertion Markup Language) configuration settings
 Changes to Salesforce certificates
 Enabling or disabling identity providers
 Changes to service providers

Data  Mass delete use, including when a mass delete exceeds the user's Recycle Bin limit of
Management
5000 deleted records. The oldest, excess records will be permanently removed from
the Recycle Bin within two hours of the mass delete transaction time.
 Data export requests
 Use of the campaign member import wizard
 Mass transfer use
Setup Changes Tracked

 Changes to analytic snapshots, including defining, deleting, or changing the source

report or target object on an analytic snapshot
 Import wizard use

Development  Changes to Apex classes and triggers

 Changes to Visualforce pages, custom components, or static resources
 Changes to custom settings
 Changes to remote access definitions
 Changes to Force.com Sites settings

Various Setup  Creation of an API usage metering notification

 Changes to territories
 Changes to Workflow & Approvals settings
 Changes to approval processes
 Creation and deletion of workflow actions
 Changes to Visual Workflow files
 Packages from Force.com AppExchange that you installed or uninstalled

Using the  Changes to account team and opportunity team selling settings
application
 Activation of Google Apps services
 Changes to mobile configuration settings, including data sets, mobile views, and
excluded fields
 A user with the “Manage Partners” permission logging into the partner portal as a
partner user
 A user with the “Edit Self-Service Users”permission logging into the Salesforce
Customer Portal as a Customer Portal user
 Enabling or disabling a partner portal account
 Disabling a Salesforce Customer Portal account
 Enabling or disabling a Salesforce Customer Portal and creating multiple Customer
Portals
 Creating and changing entitlement processes and entitlement templates
 Enabling or disabling self-registration for a Salesforce Customer Portal
 Enabling or disabling Customer Portal or partner portal users