Now that we've explored how to implement Transaction Security Policy visibility, it's time to discuss using safe practices. Errors in these processes are somewhat rare but can happen. Knowing how to avoid issues and respond quickly when they happen will go a long way to maintaining peace in your business.
Avoid Login Lockouts
Transaction Security Policies give you the power to implement highly customizable logic in policy evaluation flows. However, with this flexibility comes the risk of introducing errors or exceptions that can disrupt critical processes—like user login.
If your custom Login Policy causes an unhandled error, users may encounter a screen similar to the one above. The challenge here is that the policy evaluation occurs before authentication, leaving no way to bypass the issue. If this happens, you must:
-
Open a Case with Salesforce Support.
-
Provide your Org ID.
Salesforce can disable the Transaction Security Policy on their end, restoring access. While this resolves the issue, it may result in temporary user frustration until everything returns to normal.
Handling Errors in Other Policies
Errors in other types of Transaction Security Policies are less severe but still require immediate action. For example, if you encounter an error while modifying a Permission Set, the best approach is to:
-
Temporarily disable the Transaction Security Policy causing the issue.
-
Investigate and resolve the underlying problem.
Alternatively, you can exempt specific users from certain Transaction Security Policies. Note: User exemptions do not apply to Login Policies.
How to Avoid Policy-Related Issues
The answer to these potential tripping hazards is simple. TEST, TEST, TEST. Even though you can click and configure Transaction Security Policies and SightLane Policy Events, it is strongly recommended that teams configure ALL policy elements in lower environments first and test all possible scenarios of those policies being triggered (and not triggered). Just like any new feature, issues should be discovered in a safe environment rather than in production.
Final Thoughts
While we've highlighted potential challenges, there's no need to be alarmed. With proper development and rollout practices, you can avoid these headaches entirely. Salesforce Shield and SightLane for Shield are powerful tools that, when used thoughtfully, will deliver operational intelligence to empower your admins and protect your Salesforce org.