TrueSolv — Header Component

Agentforce World Tour Boston 2026

Agentforce World Tour Boston 2026 recap — key deployment themes and Dreamforce 2026 preview

Agentforce World Tour Boston happened on June 24 at the Hynes Convention Center. One full day, thousands of Salesforce customers, partners, developers, and admins, and a consistent message that came out of every session: the companies seeing real results from Agentforce are the ones that treated it as a workflow redesign, not a feature rollout. Here is what stood out and why it matters for the rest of 2026. 01Workflow first, agent secondEvery successful deployment in Boston case studies started with a specific painful workflow and built the agent around solving it — not the reverse.→ Start with the problem. The agent is how you solve it at scale. 02Data quality blocks everything upstreamEvery breakout session on Agentforce hit the same wall: outdated knowledge articles, inconsistent field population, product usage data never synced to CRM.→ Clean the data before building the agent. The gap is almost always upstream. 03Two agents before full orchestrationOrchestration sessions focused on the one-plus-one pattern: one primary agent, one specialist. Realistic first step before a full multi-agent build.→ Full orchestration comes after learning the single-agent failure modes. The deployment pattern that is actually working The Agentforce deployments generating real, demonstrable outcomes at Boston — the ones that made it into session case studies and partner showcases — had one structural thing in common: they started with a specific, painful workflow and built the agent around eliminating that pain. Not “we want to use Agentforce” and then a use case search. A specific problem, a defined success condition, an agent built to address both. The orgs that struggled described the opposite process. They had access to Agentforce, they had enthusiasm from leadership, and they started configuring agents before they had clearly defined what the agent was supposed to fix. The result was a technically functional agent that did not map to a meaningful business outcome — which, in practice, means it did not get adopted and did not get measured, so it could not be improved. Treat the first Agentforce deployment as a workflow redesign project that happens to produce an agent, not an AI project that happens to touch a workflow. The workflow is the thing. The agent is how you deliver the redesign at scale. Summer ’26 features in the room Multi-Agent Orchestration drew the most attention in the architecture and developer sessions. The pattern most discussed was not the full multi-agent system — which most attendees acknowledged they were not ready to build — but the simpler version: one primary agent with one specialist. A service agent that delegates billing questions to a billing specialist, handles the rest itself, and escalates complex cases to a human. That two-agent step before a full orchestration build is more realistic for teams deploying Agentforce for the first time. The Agentforce Self-Service live demos were notable for accuracy. Showing the 10-click setup in a real sandbox rather than a polished demo environment gave attendees a realistic view of what quick setup means — and what the knowledge grounding and topic configuration work looks like after the 10 clicks. The knowledge grounding sessions in particular were practical: the gap between “agent is activated” and “agent answers your specific questions accurately” is almost entirely a content gap, and Boston gave admins a concrete picture of how to close it. The data quality conversation, again This was the most consistent theme across breakout sessions regardless of the specific topic. Whether the session was about churn prediction agents, renewal automation, or sales qualification workflows, the technical blockers were almost always upstream of the agent itself. Outdated knowledge base articles that caused the agent to give stale product information. Inconsistent field population that made the account summary unreliable. Product usage data that was flowing to a data warehouse but never made it into Salesforce, so the agent could not see it. Integration users that had logged into Salesforce once during setup and never had their MFA enrolled, creating a credential problem on July 20 enforcement day. The point is not new — data quality as prerequisite to AI deployment has been said at every Agentforce event since launch. What Boston added is specificity: practitioners describing the exact gaps that blocked their specific workflows, and the order in which those gaps need to be closed. Looking forward: Dreamforce 2026, September 15–17 Platform Trajectory — Boston to Dreamforce 2026 (September 15–17) Platform Status — Late June 2026 ✅Multi-Agent Orchestration GA — available but most orgs still learning single-agent patterns before adopting orchestration ✅Agentforce Self-Service GA — 10-click setup available; knowledge grounding and topic tuning remain the primary post-setup work ✅Data 360 MCP Server in Developer Preview — early adopters experimenting; write-back and production access pending GA ✅Flow Orchestration free — included in Enterprise and above; first wave of adoption beginning ⚠️MFA enforcement approaching — July 1 and July 20 deadlines; admin preparation still in progress across the ecosystem What Dreamforce 2026 May Bring 🔮Orchestration reference patterns — Q1 of production deployments will produce validated architecture templates; DF26 typically codifies these into platform guidance 🔮Data quality tooling — Boston’s consistent data quality theme signals platform investment; expect metadata hygiene or Data Cloud enhancements addressing the upstream gap 🔮Enterprise integration layer — connecting Agentforce to non-Salesforce systems at scale is the next frontier after within-org orchestration 🔮Agent governance for regulated industries — compliance-grade audit trails for agent behaviour are the gap preventing regulated industry adoption; strong candidate for Winter ’27 preview at DF 📅Dreamforce 26 — September 15–17, 2026 Moscone Center, San Francisco Boston’s core message was practical, not aspirational: start with the workflow, keep the first deployment small, fix your data before your agent. The organisations that take that framing into Dreamforce will be in a meaningfully better position than the ones arriving with a blank slate. Agentforce World TourSalesforceAgentforceDreamforce 2026Salesforce Events Share: LinkedIn Twitter / X Copy link In this article 01The deployment pattern that works 02Summer ’26 features in the room 03Data quality — again 04Looking forward to Dreamforce Dreamforce 2026 Sep 15–17

Salesforce MFA Enforcement July 2026

Salesforce MFA Enforcement July 2026

Salesforce is not asking anymore. Starting July 1 in production, users who open a report will need to re-verify their identity even if they just logged in. By July 20, every internal user in every production org will need multi-factor authentication — not as a recommendation, but as a locked system setting that admins cannot disable. Five enforcement changes, three deadline dates, and zero tolerance for orgs that are not ready. Date What changes Who it affects July 1 Step-up MFA on every reportAny user who runs or views a report is prompted to re-verify identity, even after a recent login. All orgs, not Shield-only. All users who access reports. Users not enrolled in MFA are blocked at this step-up prompt — not just at login. July 1 Phishing-resistant MFA for privileged usersSystem Admins and users with Modify All Data, View All Data, or Manage Users must switch to hardware keys or passkeys. Authenticator apps no longer qualify. System Administrator profile users, plus anyone with Modify All Data, View All Data, or Manage Users via permission set — not just via profile. July 13 Transaction Security Policies auto-created for Shield orgsShield orgs without a custom export TSP get one auto-created for exports over 10,000 records. Shield-licensed orgs only. Orgs with existing export TSPs are unaffected. Auto-created policies may need review before this date. July 20 Full MFA locked for all internal usersSalesforce locks the MFA setting. Admins cannot disable it. Any user not enrolled is blocked from login entirely. All internal users in all production orgs. No exceptions, no grace period. Unenrolled users cannot log in after this date. July 20 MFA Opt Out permission stops workingThe self-service exemption permission for automation and integration users ceases to function. Integration users and automation service accounts currently using the opt-out permission. Must file a Salesforce Support case before July 20 for a supported exemption. Change 1: Step-up MFA on every report — July 1 From July 1, any user who runs or views a report in Salesforce is prompted to verify their identity again, even if they authenticated at login minutes earlier. This applies to all reports, not just exports, and not just Shield-licensed orgs. It is platform-wide. The practical impact on end users is a second prompt in their session flow when they access report functionality. Orgs with high report usage — sales dashboards, weekly pipeline reviews, regular operational reporting — should communicate this change to their users in advance. A verification prompt that appears without warning reads as a potential security incident to users who were not expecting it. The enrollment implication is more significant: any user who accesses reports and is not enrolled in an MFA method will be blocked at this step-up verification. Enrollment must be complete before July 1 for report-heavy users specifically, not just before July 20 for the general rollout. Change 2: Phishing-resistant MFA for privileged users — July 1 System Administrators and users with Modify All Data, View All Data, or Manage Users permissions must switch to a phishing-resistant authentication method by July 1. An authenticator app — the method most admins currently use — no longer qualifies for these privilege levels. Phishing-resistant methods at GA include hardware security keys compliant with FIDO2 (YubiKey and similar devices) and passkeys stored on a trusted device. Biometric authenticators on modern devices qualify when configured as passkeys. The action required for admins right now is an audit of which users hold elevated permissions in production. The Admin profile is obvious. The less obvious group is permission sets that grant Modify All Data, View All Data, or Manage Users without giving the System Administrator profile — these users are subject to the same requirement and are frequently missed in pre-enforcement preparation. Change 3: Transaction Security Policies for report exports — July 13 Shield-licensed orgs that do not have a custom Transaction Security Policy governing report exports will have one automatically created by Salesforce on July 13. The auto-created TSP applies to exports over 10,000 records and adds a verification step or block depending on the default configuration. Orgs with Shield that have already configured export TSPs are unaffected. Orgs with Shield that have not configured them should review the auto-created policy before July 13 and determine whether the default behavior is appropriate for their specific export patterns. Auto-created policies are a starting point, not a final configuration. Change 4: Full MFA for all internal users — July 20 On July 20, Salesforce locks the Multi-Factor Authentication setting in all production orgs. The setting cannot be disabled by an admin after this date. Any internal user who is not enrolled in an MFA method is blocked from logging in until enrollment is completed. What gets blocked if users are not enrolled on July 20: complete login block for any internal user without an enrolled MFA method. They cannot log in at all — not to read email, not to view their opportunities, not to run a report. The fix is to complete enrollment, which takes time that may not exist in the middle of a blocked login incident. The recommended approach is to complete enrollment for all internal users before July 13 — one week before the final deadline — to allow time to address any enrollment issues before the lock takes effect. Change 5: MFA exemption permission stops working — July 20 The MFA Opt Out of Multi-Factor Authentication permission, which some orgs have used to exempt automation users and integration service accounts from MFA requirements, stops functioning on July 20. Integration users and automation service accounts that use this permission for their login flow must be handled through an alternative path before the deadline. The supported path for integration and automation users who require a login flow incompatible with MFA is a Salesforce Support case filed before July 20, documenting the specific use case and requesting an exemption through the supported process. The self-service permission-based exemption will not be available after enforcement. ⚠What gets blocked —

Salesforce Flow Orchestration is Free in Summer 26

Salesforce Flow Orchestration is Free in Summer 26

Flow Orchestration used to cost extra. Now it does not. Starting with Summer ’26, Flow Orchestration runs are included in Enterprise, Performance, Unlimited, and Developer editions without usage-based limits. If you ruled it out before because of the pricing, that calculation is gone. Here is what Flow Orchestration actually does, and why it is worth a fresh look. What Flow Orchestration actually is A regular Flow handles a trigger and a sequence of automated steps. It runs, completes, and is done — typically in seconds, with no pause for a human to weigh in partway through. Flow Orchestration is built for a different category of process: multi-step, multi-user business processes that require coordination across people, systems, and time. The work needs to pause, wait for a specific person to make a decision, branch based on that decision, and continue — all in a monitored, auditable way, potentially over hours, days, or weeks. The distinction matters because many processes that orgs currently handle through a combination of email, manual task assignment, and someone remembering to follow up are exactly the kind of process Orchestration is built for. The reason most orgs have not built these in Salesforce is that Orchestration previously carried a usage-based cost that made it hard to justify for internal process automation rather than customer-facing workflows. Characteristic Regular Flow Flow Orchestration Duration Runs and completes in seconds. No pause for human input mid-process. Can span hours, days, or weeks — pauses at human steps and resumes when action is taken. Human involvement Limited to triggering the flow or responding to a single approval step bolted on separately. Built-in stages where specific people are assigned tasks, make decisions, and the process branches based on their input. Visibility No persistent status view. Once running, you cannot easily see “where” the flow currently is. Defined stage model — anyone can see which stage a process instance is currently in and who owns it. Multi-department coordination Difficult — typically requires chaining multiple flows and manual handoffs between departments. Native — parallel and sequential stages across different teams with a single coordinated process instance. Best for Record updates, notifications, single-step automations, data validation, immediate actions triggered by a record change. Onboarding processes, approval chains, multi-department workflows — anything where “who does this next and when” is the core challenge. Cost (Summer ’26) Included in all editions, as always. Now free Included in Enterprise, Performance, Unlimited, and Developer editions — no usage-based limits. A simple orchestration, structurally The shape of an orchestration is consistent regardless of the specific process: a system step does something automatically, a human step pauses and waits for a person to act, the orchestration branches based on what that person decided, and the process continues — potentially with more human steps, more branches, and a final system step that records the outcome. A Simple Flow Orchestration — Four Stages Stage 1 System action e.g. create record AUTOMATED Stage 2 Human approval Manager reviews and decides PAUSES & WAITS Stage 3 System action e.g. update fields AUTOMATED Stage 4 Branch → Approved path → Rejected path OUTCOME RECORDED Status, owner, and stage are visible to anyone checking on the process — not just whoever is currently assigned. What makes this different from a Flow with an Approval Process attached is the structure and visibility. Orchestration gives you a defined stage model — each stage has a clear owner, a clear set of possible outcomes, and a status that is visible to anyone checking on the process, not just the person whose turn it currently is. For processes spanning multiple departments, that visibility is often the missing piece. Three workflows worth building now that it is free New employee onboarding across IT, HR, and the hiring manager Onboarding touches multiple departments with sequential and parallel dependencies: IT needs to provision accounts, HR needs to complete paperwork, the hiring manager needs to prepare the first-week schedule, and some of these steps depend on others completing first. An orchestration can sequence IT provisioning after HR confirms the start date, run HR paperwork and manager prep in parallel, and surface a single status view to whoever is coordinating the new hire’s first day. The alternative — the current state at most orgs — is a checklist in a shared document and a series of Slack messages asking whether each step is done yet. Orchestration replaces the asking with visibility. Contract approval chain with parallel legal and finance review A contract above a certain value needs review from legal and finance before it reaches an executive for final sign-off. Legal and finance review can happen in parallel — neither depends on the other — but the executive sign-off step depends on both being complete. Orchestration models this directly: a parallel stage for legal and finance, a convergence point that waits for both to complete, then a sequential executive approval stage. The audit trail shows who reviewed what and when, without anyone needing to track it manually. Deal desk workflow for non-standard pricing approvals Non-standard pricing requests — discounts above a threshold, custom payment terms, non-standard contract clauses — typically need sign-off from sales leadership, finance, and sometimes RevOps, in an order that depends on the specific request. An orchestration can route the request to the right combination of approvers based on the deal characteristics, track where it currently sits, and notify the rep when a decision is made. The business value here is speed: deal desk requests that currently take days because they sit in someone’s inbox move faster when the orchestration actively routes and tracks them, and the rep has visibility into where the holdup is rather than just waiting. 3 Workflows Worth Building Now That Orchestration Is FreeProcesses most orgs currently run on email, shared docs, and hoping someone follows up 👋New employee onboardingIT provisioning, HR paperwork, and hiring manager prep — sequenced and parallelised with a single status view for whoever is coordinating the new hire’s first day.Stages: HR confirms start date

Salesforce Data 360 MCP Server Is in Developer Preview

Data 360 MCP Server architecture diagram showing Data Cloud connecting to AI agents via Model Context Protocol

On May 26, Salesforce announced that the Data 360 MCP Server is now in Developer Preview. The idea is direct: every piece of data in your Salesforce Data Cloud is now reachable by any AI agent that speaks Model Context Protocol. Your CRM context, unified customer profiles, real-time data streams — accessible from Claude Code, Cursor, or any MCP-compatible agent tool without writing a custom API wrapper. Data 360 MCP Server — How Data Cloud Connects to AI Agents Salesforce Data Cloud • Unified customer profiles • Audience segments • Calculated insights • Data streams • Identity resolution exposes Data 360 MCP Server Developer Preview Trust Layer protected tool calls MCP-compatible AI agents Claude Code Cursor / Codex Agentforce Studio Custom MCP clients Any agent that speaks MCP No custom API wrapper required. Data arrives through the same trust layer as other Agentforce data access. What the Data 360 MCP Server actually exposes The server gives AI agents structured access to Data Cloud data — unified customer profiles, audience segments, data streams, calculated insights, and identity resolution outputs. These are the data objects that previously required SOQL-like queries against the Data Cloud query engine or custom API development to surface. Through the MCP interface, an agent can retrieve a unified customer profile by identity, query segment membership for a specific individual, pull calculated insight values for an account, or read real-time data stream events — using the same tool-call pattern it would use to interact with any other MCP server, without learning a proprietary API. The significance is in the combination. An agent building a renewal recommendation previously had access to Salesforce CRM data — the account record, the opportunity history, the activity log. What it did not have was the Data Cloud layer: the calculated health score from product usage, the segment membership that reflects behavioural patterns, the cross-channel identity resolution that unifies how the same customer appears across touchpoints. The Data 360 MCP Server adds that layer. Why this changes how agents reason The practical difference between an agent with CRM access and an agent with CRM plus Data Cloud access is the difference between structured records and contextualised customer intelligence. An agent reviewing a renewal opportunity can currently see: account name, ACV, contract end date, last activity log, open support tickets. With the Data 360 MCP Server, that same agent can also see: the customer’s health score calculated from product usage patterns, their segment membership indicating they are in a high-churn-risk cohort, and their identity resolution confirming that two separate records in the CRM are the same individual. Because the data arrives through the MCP interface with the same trust layer protections as other Agentforce data access, the agent’s data handling governance applies uniformly — no separate security configuration needed for the Data Cloud layer. What is available in Developer Preview vs. what is coming Capability Available in Developer Preview Expected at GA Unified customer profile retrieval ✓ Query by identity, return full profile with attributes — Audience segment membership ✓ Query segment membership for a specific individual or account — Calculated insights reads ✓ Return health scores, propensity scores per record — Identity resolution queries ✓ Cross-reference unified identity across touchpoints — Data stream reads ✓ Basic event stream data — subject to Data Cloud sync latency Real-time streaming subscriptions Write-back to Data Cloud ✗ Not yet available Agents will be able to update Data Cloud records based on reasoning output Complex data stream subscriptions ✗ Not yet available Subscribe to data stream events as part of agent trigger logic Production org access ✗ Developer Edition orgs with Data Cloud only Full production org access at GA Developer Preview gives access to the core unified profile retrieval, segment queries, and calculated insight reads. The key constraint is data freshness: Data Cloud data surfaces through the MCP Server with the same refresh latency as the underlying Data Cloud sync. For most use cases this is acceptable. For agents reasoning about real-time events, it is worth understanding the lag characteristics of your specific data streams before building workflows that depend on sub-second freshness. Developer Preview access path Data 360 MCP Server — Developer Preview Access Path4 steps 1Confirm your org has Data Cloud enabledDeveloper Edition orgs with Data Cloud access qualify for Developer Preview. If you do not have a Data Cloud-enabled org, spin up a Developer Edition at developer.salesforce.com — the fastest path to experimenting. 2Enable the Data 360 MCP Server in SetupOpen Setup → search for MCP Servers. The Data 360 MCP Server appears in the available server list for Developer Preview-enrolled orgs. Enable it and configure which agents have access to which data objects.Setup → MCP Servers → Data 360 MCP Server → Enable 3Connect an MCP-compatible clientClaude Code, Cursor, Agentforce Studio, or any MCP-compatible development environment can connect once the server is enabled. The server returns a tool manifest — no custom authentication code required beyond the standard MCP handshake. 4Test with a unified profile retrievalPull a known profile by ID, confirm the MCP Server returns the same data as the Data Cloud UI, and verify that segment membership and calculated insights are included in the response. This confirms the data path is working before building agent logic on top of it. Developer Preview is the right time to experiment, not the right time to build production workflows. Map your architecture, test your data access patterns, and identify what works before GA removes the preview caveats. The orgs that move through this now will deploy faster when GA lands. Data 360MCPData CloudSalesforce DevAgentforce Share: LinkedIn Twitter / X Copy link In this article 01What it exposes 02Why it changes agent reasoning 03Preview vs. GA capabilities 04Access path — 4 steps Developer Preview status Unified profilesQuery by identity — live Segment membershipPer individual — live Calculated insightsHealth scores — live Write-backExpected at GA Production orgsDev Edition only now Quick access path 1️⃣Enable Data Cloud in org 2️⃣Setup → MCP Servers → Enable 3️⃣Connect MCP

Salesforce Summer 26 Release Features

Salesforce Summer 26 release features summary — Multi-Agent Orchestration Agentforce Self-Service Security Mesh

Salesforce announced Summer ’26 on May 11 and set the general availability date for June 15. The headline: 17 major capabilities, all pointing in one direction. Agentforce is no longer a feature layer on top of the platform. In Summer ’26 it is becoming the operating layer underneath everything else. Here is what actually landed and what it means for your org. Salesforce Summer ’26 — Five Changes That Shape the Platform 🤝Multi-Agent OrchestrationAgents delegate to specialist agentsOne customer-facing contact point, multiple specialist agents working behind the scenes. Triage → delegate → coordinate — without the customer switching interfaces.GA — Summer ’26 ⚡Agentforce Self-ServiceHelp Agent in 10 clicks or fewerDeploy a Help Agent to your public website, Portal, or WhatsApp in a guided setup — designed for teams who want to trial Agentforce without a multi-week implementation.GA — Summer ’26 🛡️Security MeshUnified security fabric + risk scoringDisconnected security alerts across Service Cloud, Sales Cloud, and Experience Cloud unified into a single fabric with AI-generated risk scores. Agentforce activity included.GA — Summer ’26 🔄Flow Orchestration — FreeIncluded in Enterprise and aboveFlow Orchestration moves from a usage-limited add-on to included in Enterprise, Performance, Unlimited, and Developer editions. No usage caps, no add-on cost.Now included 📊Tableau over Model Context ProtocolAnalytics engine exposed to Agentforce agentsTableau’s analytics engine is now reachable by Agentforce agents over MCP, protected by the Agentforce Trust Layer. Agents can query revenue trends, spend analytics, and historical reports as part of their reasoning — without requiring a human to pull the report first. Closes the gap between CRM data and the BI layer.GA — Summer ’26 Multi-Agent Orchestration For most of Agentforce’s history, an agent was a single system handling a single domain. A service agent answered product questions. A sales agent qualified leads. Each worked independently and each required its own configuration. Multi-Agent Orchestration changes that architecture. Agents can now delegate tasks to specialist agents within the same org. One customer-facing contact point, multiple agents working behind the scenes: a triage agent receives the request, determines which specialist — a billing agent, a technical support agent, a returns agent — should handle it, delegates the task, and coordinates the result back to the customer without the customer ever switching interfaces. The practical implication for orgs with complex service or sales workflows is that you can build specialist agents for distinct domains and let orchestration handle the coordination, rather than trying to build one agent that knows everything. Simpler individual agents, more reliable outcomes at the orchestration level. For developers, the build model changes too. Agent teams can be tested and deployed independently. Failures in one specialist agent are contained rather than cascading through the entire interaction. Agentforce Self-Service The barrier to deploying an Agentforce Help Agent drops significantly in Summer ’26. Agentforce Self-Service is a setup path that gets a Help Agent deployed in 10 clicks or fewer — configured, grounded in your knowledge base, and ready to go on your public website, the new Portal experience, or WhatsApp. The positioning is explicit: Salesforce is targeting the orgs that have heard about Agentforce but found the implementation path too complex for their team size or technical capacity. Self-Service is designed to remove that barrier without removing the ability to customise later. For admins at smaller orgs who have been waiting for a way to trial Agentforce without a multi-week implementation project, this is the most directly actionable Summer ’26 announcement. For larger orgs, the Self-Service path is worth understanding as a rapid prototyping route before committing to a full agent build. Security Mesh Security Mesh unifies data sources across the Salesforce platform into a single security fabric and transforms disconnected access logs and alerts into intelligent risk scores. Instead of reviewing separate security events across Service Cloud, Sales Cloud, and Experience Cloud independently, Security Mesh provides a unified view with AI-generated risk assessment. The practical value for compliance-minded orgs is in audit efficiency. Security events that previously required cross-referencing multiple tools to understand their combined significance are now surfaced as correlated risk signals. Additionally, Security Mesh integrates with the Trust Layer that governs Agentforce agents, meaning agent activity is included in the unified risk picture rather than existing as a separate data source. Flow Orchestration now free Flow Orchestration moves from a usage-limited add-on to an included feature in Enterprise, Performance, Unlimited, and Developer editions without usage-based limits. This removes the licensing conversation from any multi-step process automation project. The timing is intentional. As Agentforce agents become more common in Salesforce orgs, the need to coordinate complex multi-step workflows across agents, humans, and systems increases. Flow Orchestration is the tooling that handles that coordination on the Salesforce side. Making it free removes the last friction point from adopting it broadly. For orgs that evaluated Flow Orchestration and passed because of cost, Summer ’26 is the time to revisit any approval workflows, cross-department handoff processes, or multi-system coordination tasks that are currently running on manual steps or basic Flow. Tableau over Model Context Protocol Tableau’s analytics engine is now exposed to Agentforce agents over the Model Context Protocol, protected by the Agentforce Trust Layer. An agent reasoning about a customer renewal can query Tableau for historical revenue trends. An agent managing a procurement workflow can pull spend analytics directly from the BI layer without requiring a human to run the report first. For data-heavy orgs, this is the most architecturally significant Summer ’26 addition after Multi-Agent Orchestration. It closes the gap between Salesforce CRM data — which agents have had access to — and the analytical layer that lives in Tableau but has been outside the agent’s reach. Role Most relevant Summer ’26 feature What to do now Admin Agentforce Self-Service lowers the barrier to deploying a Help Agent to your website or Portal. Flow Orchestration now free removes the licensing blocker for multi-step approval workflows. Explore Try the Self-Service setup in a sandbox. Identify one approval workflow worth rebuilding in Flow Orchestration now that cost is not a

Salesforce Time Tracking Sales

True Time Tracker Salesforce dashboard showing rep time split between selling admin and meetings

A sales manager can tell you the quota number for every rep on their team. Ask them how many hours per week those reps spend on actual selling versus admin work, meetings, and CRM updates — and the answer is usually a guess. The gap between what managers think their team is doing and what they are actually doing is where revenue goes quietly missing. True Time Tracker closes that gap, inside Salesforce, without a new tool, a new login, or a new workflow. Actual selling: 27% Typical B2B Sales Rep Time Split Actual selling activity27% Admin work and CRM updates28% Internal meetings19% Non-selling email and comms17% Other (travel, training, etc.)9% Source: Salesforce “State of Sales” research benchmarks. Your team’s split may vary — that is exactly the point. Why this gap exists at the 20 to 50-person stage At 10 people, a sales manager knows what every rep is doing because they are next to them. At 20 to 50 people, that changes. Reps are distributed, partially remote, or simply moving fast enough that day-to-day time patterns are invisible to leadership. Most sales tools track outcomes — deal value, close rate, pipeline stage. None of them track inputs in a way that is actionable. Pipeline reports tell you what happened. Time data tells you why it happened and what is likely to happen next. Without time visibility, the only lever a manager has when results are underperforming is to ask the rep what they think the problem is. That is a useful conversation but not a reliable diagnostic. Three decisions that become better with actual time data Account coverage Time allocation visibility lets managers see the full picture: a rep spending 14 hours a week on three legacy accounts — accounts that are renewing at stable rates and require minimal active management — while high-potential accounts get two hours each. The result shows up in pipeline three months later, not in this week’s activity log. With time data in Salesforce, the conversation changes from “why are these deals not progressing” to “let us look at where the time is going and redistribute it deliberately.” That is a more productive conversation with a more actionable outcome. Coaching conversations Most coaching conversations in sales are about results: close rate, pipeline coverage, deal velocity. These are lagging indicators. They tell you what already happened. Time patterns are leading indicators. A rep spending 60 percent of their selling time on proposals and zero time on prospecting will have an empty pipeline in six weeks. A rep who has not had a discovery call with a new prospect in 14 days is building the same problem. Time data surfaces these patterns before the pipeline report does. Headcount decisions Before hiring the next sales rep, most companies look at pipeline coverage and close rates. The more direct question is: how are current reps actually spending their time, and where are they constrained? If reps are spending three hours a day on admin that could be automated or systematised, the capacity problem is not a headcount problem. If they are spending all available hours on active selling and the pipeline still cannot grow, it is. Time data makes the distinction visible before a hiring decision is made. Decision Without time visibility With True Time Tracker Account coverage Manager asks rep why deals are not progressing. The real issue — hours disproportionately allocated to low-ARR accounts — is invisible. Manager sees actual time per account vs ARR per account. Reallocation conversation is data-driven: “You spent 14 hours on these three accounts. Here is what the time looks like vs revenue potential.” Rep coaching Coaching is based on close rate, pipeline coverage, deal velocity — lagging indicators. Manager reacts to what already happened. Coaching is based on time patterns — leading indicators. Rep spending 60% of time on proposals and 0% on prospecting will have an empty pipeline in 6 weeks. Manager can see and address this now. Capacity planning Headcount decision based on pipeline coverage and close rates. Team looks busy. Manager hires another rep. Productivity problem continues. Time data shows reps spending 3 hours/day on admin that could be systematised. Bottleneck is process, not people. Automation before hiring saves the cost of a rep. Pipeline forecasting Manager estimates based on rep self-reporting. Forecast accuracy is moderate at best and degrades as the quarter progresses. Time patterns on high-value accounts are a leading indicator of deal velocity. Time data improves forecast input quality before the pipeline report catches up. How True Time Tracker works inside Salesforce True Time Tracker logs time natively inside Salesforce, against the records that time relates to: Opportunities, Accounts, Activities, or custom objects. Reps log time in the same interface they use to update deals. Managers see time data in dashboards alongside pipeline data, without switching tools. The most common objection to time tracking is rep resistance — a perception that it is surveillance rather than a management tool. True Time Tracker addresses this by making the data visible to the rep as well as the manager. Reps can see their own time patterns, which is often the most effective way to surface inefficiencies that they were not aware of. Three questions True Time Tracker answers that your pipeline report cannot Pipeline reports track results. Time data tracks what produces them. 1Are my reps spending time on the right accounts?Time per account vs ARR per account reveals coverage misalignment immediately. High-potential accounts receiving low time allocation show up clearly — weeks before the missed deal shows up in pipeline.Pipeline report answer: “Here are the deals and their stages.” — Not useful for spotting coverage problems. 2What is actually taking up my reps’ selling time?If a rep’s capacity is constrained, the question is whether it is constrained by selling activity or by admin and meetings. Time data gives you that breakdown. The intervention is different depending on the answer.Pipeline report answer: “The rep has 12 open opportunities.” — Does not tell you why

Salesforce Summer 26 Admin Checklist

Salesforce Summer 26 pre-production upgrade checklist with mandatory and recommended items for admins

The Summer ’26 production upgrade is landing on June 5 and June 12 for most Salesforce orgs. Sandboxes have been on preview since May 8, which means there is no excuse for surprises on production upgrade weekend. Here is the pre-upgrade checklist every admin needs before their org flips. Summer ’26 Production Upgrade Weekends 🚨 June 5 — TomorrowMain production waveMost orgs on NA, EU, and AP instances. If your org is on this wave, the checklist below needs to be complete today — not this weekend. 📅 June 12 — 8 daysFinal production waveRemaining instances. You have until June 11 EOD to complete all mandatory items. Use the time — do not save this checklist for June 10. The mandatory items — these break things if skipped 1. SAML migration New SAML defaults are enforced in Summer ’26. If your org uses SSO via SAML — whether Salesforce is the identity provider, the service provider, or both — you need to verify your Auth Provider configuration and test the full login flow in your Summer ’26 sandbox before production upgrade. A SAML configuration that worked in Spring ’26 may fail after the upgrade if the new defaults require updated settings. Additionally, Triple DES signing for SAML SSO stops working entirely in Summer ’26, as announced in Spring ’26. Any SAML configuration using Triple DES as the signing algorithm breaks on upgrade regardless of whether you took any other action. 2. Apex sharing and security defaults New Apex security behaviors are enforced. Custom Apex code that relies on specific sharing model assumptions from earlier releases needs review. If your org has custom Apex classes managing record-level access or security, test them against the Summer ’26 sandbox before your production upgrade date. 3. Standard Omni-Channel retirement Standard Omni-Channel was retired June 1. If your production org has not migrated to Enhanced Omni-Channel Routing, this is now urgent — not scheduled. Completing the migration before your production upgrade date is the priority. See the dedicated Omni-Channel migration article for the correct four-step sequence — channel migrations must happen before the routing switch is enabled. 4. Legacy PDF generation retirement A legacy PDF rendering behavior is retired in Summer ’26. Any process that generates PDFs from Salesforce — Quote PDFs, Visualforce-generated reports, any custom PDF output — should be tested in the Summer ’26 sandbox to confirm the output is correct before production upgrade. PDF rendering changes are difficult to detect until something generates incorrectly in front of a customer. Summer ’26 Pre-Production Upgrade ChecklistBefore June 5 or June 12 Mandatory — breaks things if skipped SAML auth provider configuration verifiedMandatoryNew SAML defaults enforced. Test full SSO login flow in Summer ’26 sandbox. Triple DES signing algorithm stops working entirely — update to SHA-256 if still using Triple DES.↳ Breaks: SSO login fails for all SAML-authenticated users after upgrade Custom Apex sharing code reviewedMandatoryNew Apex security defaults enforced. Custom Apex classes managing record-level access or sharing rules need testing in sandbox against the new defaults. Run Apex tests in the Summer ’26 sandbox before production upgrade.↳ Breaks: Record access violations or unexpected sharing behaviour in Apex-governed objects Enhanced Omni-Channel migration completeMandatory · UrgentStandard Omni-Channel retired June 1. Migrate service channels (Live Agent, SMS, Messenger) first, then enable Enhanced routing. Test agent login and work item routing in sandbox end-to-end.↳ Breaks: Agents cannot log in to Omni-Channel, work items stop routing entirely PDF generation processes tested in sandboxMandatoryLegacy PDF rendering behaviour retired. Any process generating PDFs from Salesforce — Quote PDFs, Visualforce reports, custom PDF output — must be tested in Summer ’26 sandbox.↳ Breaks: Incorrectly formatted or failed PDF generation for customer-facing documents Recommended — should be done; will not immediately break Agentforce agent configurations reviewedRecommendedSummer ’26 changes agent lifecycle defaults. If your org has agents in production, review the Agentforce Summer ’26 release notes and test agent initialisation, session handling, and error surfacing in sandbox. Evaluate Flow Orchestration for existing processesOptional upsideFlow Orchestration is now free in Enterprise, Performance, Unlimited, and Developer editions. Review multi-step approval processes or cross-object coordination workflows that could benefit from rebuilding in Orchestration. Exact production upgrade date confirmedRecommendedSetup → Company Information → Instance. Then trust.salesforce.com to find your exact upgrade weekend. Some instances upgraded May 15 — if yours was in that wave, your production org is already on Summer ’26. The items you should do but that will not break immediately 5. Flow Orchestration is now free Flow Orchestration is included in Enterprise, Performance, Unlimited, and Developer editions without usage limits in Summer ’26. If your org has been avoiding Flow Orchestration due to licensing cost, that barrier is gone. Evaluate whether any current multi-step approval processes or cross-object coordination workflows would benefit from rebuilding in Orchestration. 6. Review Agentforce configurations Summer ’26 changes agent lifecycle defaults for orgs running Agentforce in production. If your org has agents in production — even in early access or limited deployment — review the Summer ’26 Agentforce release notes and test agent behaviour in sandbox before production upgrade. 7. Confirm your exact upgrade date Do not assume June 5 or June 12. Your specific upgrade date depends on your Salesforce instance. Check: Setup → Company Information → Instance field. Then confirm your upgrade date at trust.salesforce.com. Some instances upgraded May 15. If your org is on one of those instances and you are reading this on June 4, your production org may already be on Summer ’26. Summer ’26 is the release where “I’ll check the sandbox later” becomes a problem. The June 5 wave is tomorrow. If your sandbox has been on preview since May 8 and you have not looked at it yet, today is the day. Salesforce Admin Summer ’26 Salesforce Release SAML Upgrade Checklist Share: LinkedIn Twitter / X Copy link In this article —Mandatory items 01SAML migration 02Apex security defaults 03Omni-Channel migration 04PDF generation —Recommended items 05Flow Orchestration free 06Agentforce review 07Confirm your date Upgrade dates May 15First wave — already liveCheck if

Standard Omni-Channel Retirement Salesforce

Salesforce Enhanced Omni-Channel migration checklist — four steps in correct order before Summer 26 production upgrade

Today is June 1. Standard Omni-Channel in Salesforce is officially retired. If your org has not migrated to Enhanced Omni-Channel Routing and your production instance hits the Summer ’26 upgrade before you are ready, your agents will not be able to log in to Omni-Channel and work items will stop routing entirely. This is not a beta warning. This is now. ⚠What breaks if your org upgrades without completing the migration Agent loginAgents see an error when attempting to log in to Omni-Channel. They cannot set themselves as Available and cannot receive routed work items until the migration is completed. Work routingIncoming cases, chats, and calls stop routing entirely to any queue using Standard Omni-Channel logic. Work items queue without assignment until an admin completes the migration. Specific channelsLive Agent (Chat), standard SMS, and Facebook Messenger queues are the highest-risk channels. Each requires individual migration before Enhanced routing is enabled — enabling Enhanced routing first on these breaks them even if the main switch was working. ResolutionThe fix requires completing migration steps in production under time pressure, potentially during a service outage. The correct time to do this is now, in a sandbox, not after the upgrade breaks routing. Step 1: Check your current Omni-Channel status Open Setup and search for Omni-Channel Settings. If your org shows Standard Omni-Channel Routing as active, you have not completed the migration. If Enhanced Omni-Channel Routing is enabled, check whether all service channels have been migrated — it is possible to have Enhanced routing active but individual channels still on the legacy configuration. The specific channels that require individual migration steps before you enable Enhanced routing are: Live Agent (Chat), standard SMS channels, and Facebook Messenger. Enabling Enhanced Omni-Channel routing before migrating these channels will break routing for those specific queues. Step 2: Check your production upgrade date Not all production orgs upgrade on the same weekend. The Summer ’26 production upgrade runs across three windows: some instances upgraded May 15, the main production wave is June 5, and the final wave is June 12. Your upgrade date determines how much time you have. Find your instance: Setup → Company Information → Instance field. Then check your specific upgrade date at status.salesforce.com. If your instance upgrades June 5, you have four days from today. If it upgrades June 12, you have eleven. How to find your production upgrade date 1Open Salesforce Setup → search for Company InformationSetup → Company Information → Instance 2Note the instance name (e.g. NA87, EU15, AP5) 3Go to trust.salesforce.com → select your instance → find the Summer ’26 maintenance windowtrust.salesforce.com/status/maintenance Summer ’26 Production Upgrade Waves May 15First wave — selected instances already upgraded. If your org is on this wave, you are already on Summer ’26.Already live June 5Main production wave — majority of orgs. This is Thursday. The window to prepare is today.Tomorrow June 12Final wave — remaining instances. You have until June 11 EOD if your instance is in this wave.7 days left Step 3: Migrate in the correct sequence Enhanced Omni-Channel Migration — Correct SequenceDo in this order 1Migrate individual service channels firstLive Agent (Chat), standard SMS channels, and Facebook Messenger must be individually migrated before you enable Enhanced routing. Enabling Enhanced routing before these migrations breaks them. This is the step most orgs get wrong.Do this before anything else 2Enable Enhanced Omni-Channel RoutingAfter channel migrations in Step 1 are complete, open Omni-Channel Settings in Setup and enable Enhanced Omni-Channel Routing. This is the main routing switch — only flip it after Step 1 is confirmed complete.Only after Step 1 3Verify agent capacity model settingsEnhanced routing uses capacity-based logic that may differ from your Standard configuration. Review queue settings and capacity model assignments in your Summer ’26 sandbox. Confirm routing rules behave as expected with simulated work items.In sandbox first 4Test full agent login and work item routing end-to-endHave a test user log into Omni-Channel in the Summer ’26 sandbox, set status to Available, and accept a routed work item through the full flow. Confirm the item closes and activity is logged correctly before applying these settings to production.Verify before production Step 4: Check for exemptions Two specific scenarios may affect your migration timeline. If your org has a legacy Chat implementation that qualified for a legacy-chat exemption, you may have additional transition time — check your org’s Salesforce communication history for any exemption notification. If your org has not yet agreed to Hyperforce AWS terms, certain Enhanced Omni-Channel features may be unavailable until those terms are accepted. If your production org upgrades before this migration is complete: agents will see an error when attempting to log into Omni-Channel, and work items will not route. The fix requires completing the migration steps under time pressure in a production environment. Completing them now, in a sandbox, is the better version of this conversation. Salesforce Admin Omni-Channel Summer ’26 Service Cloud Share: LinkedIn Twitter / X Copy link In this article 01Check your Omni-Channel status 02Find your upgrade date 03Migrate in the correct sequence 04Check for exemptions ⚠ What breaks if you skip this Agents can’t log in to Omni-Channel All work items stop routing Chat, SMS, Messenger break individually Fix in production = outage pressure Migration sequence 1Migrate channels first 2Enable Enhanced routing 3Verify capacity model 4Test end-to-end in sandbox About the Author ST Sergey Trusov CEO & Salesforce Architect at TrueSolv

Salesforce Q1 FY27 Earnings Preview

Salesforce Q1 FY27 earnings preview — FY26 baseline numbers Agentforce ARR deal count and three watch questions

Salesforce reports Q1 FY27 earnings on June 3. Last quarter: $11.2B in revenue, 29,000 Agentforce deals closed, $800M in Agentforce ARR — and guidance for continued Agentforce-led growth. The question everyone will be watching is not whether the revenue number grew. It is whether Agentforce ARR is accelerating and how many of those 29,000 deals turned into real deployments. Salesforce FY26 Full-Year Results — The Baseline for June 3 Q1 FY27 earnings reported June 3, 2026 after market close $41.5B+10% YoYFY26 full-year revenue — highest annual total in company history $800M+169% YoYAgentforce Annual Recurring Revenue at end of FY26 29,000+50% QoQAgentforce deals closed since launch — commercial and public sector $72BRPORemaining Performance Obligations — contracted future revenue Source: Salesforce FY26 Q4 Earnings, February 25, 2026. Q1 FY27 results on June 3 are the first post-FY26 signal on whether Agentforce momentum is accelerating or plateauing. Watch 1: Agentforce ARR trajectory FY26 closed with $800M in Agentforce ARR after 169 percent year-over-year growth. Q1 FY27 is the first full quarter with three key products in market simultaneously: Agentforce Sales went GA on March 16, Agentforce Operations went GA on April 29, and Agentforce Contact Center is live in Enterprise and Unlimited editions. The ARR number on June 3 is the first clean signal of whether enterprise adoption is compounding from the FY26 base or plateauing as initial deal signings convert into measured deployments. A significant step-up from $800M suggests acceleration. Flat or modest growth suggests the 29,000 deal count is still primarily pilots and signed agreements rather than active production deployments. Additionally, watch the combined Agentforce and Data Cloud ARR figure. In FY26, that number exceeded $2.9B. The Data Cloud layer is the data substrate that makes Agentforce agents reliably useful — its trajectory tells you something about the depth of enterprise adoption beyond surface-level AI feature adoption. Watch 2: Deployment signals versus deal count Twenty-nine thousand Agentforce deals signed is a pipeline number. The more interesting metric is what proportion of those deals moved from signed to live in production. Salesforce provided proxy signals for this in FY26 — token consumption (nearly 20 trillion tokens processed) and agentic work units (2.4 billion delivered) — as evidence of real operational output rather than just signed contracts. Q1 FY27 will either extend those proxy metrics significantly or provide a more cautious signal about deployment pace. Token consumption accelerating quarter-over-quarter is the clearest indicator that the deal count reflects real production usage, not pipeline optimism. Three Questions to Watch on June 3Earnings preview 1 Is Agentforce ARR accelerating from the $800M FY26 base? Q1 FY27 is the first full quarter with Agentforce Sales (GA March 16), Operations (GA April 29), and Contact Center all in market. A significant step-up signals compounding enterprise adoption. Flat growth signals deals are still converting slowly from signed to deployed. Bullish signal: ARR significantly above $800M run rate 2 Are the proxy deployment metrics (tokens, agentic work units) accelerating? FY26 reported nearly 20 trillion tokens and 2.4 billion agentic work units — operational evidence of real production usage. If these numbers step up materially in Q1 FY27, it confirms a meaningful proportion of the 29,000 deals are live in production. Bullish signal: token consumption and agentic work units significantly higher 3 Any signal on Agentforce traction below the enterprise segment? FY26 Agentforce growth was primarily enterprise-led. The Spring ’26 release — AgentExchange consolidation, Salesforce Setup for SaaS, managed package templates — signals intent to accelerate mid-market and SMB adoption. Commentary on sub-enterprise traction would be significant. Watch for: SMB and mid-market Agentforce references in prepared remarks Watch 3: SMB and mid-market traction FY26 Agentforce growth was predominantly enterprise-led. Large deals with named enterprise customers drove the majority of the ARR. The Spring ’26 release — including the Salesforce Setup for SaaS initiative, the AgentExchange marketplace consolidation, and the acceleration of managed package templates for specific verticals — signals intent to bring Agentforce adoption into the mid-market and SMB segments. Salesforce’s $41.5B revenue base was built primarily on SMB and mid-market customers. The long-term Agentforce story depends on whether the platform can deliver agent value at that tier, not just at the enterprise level where implementation complexity is more manageable. One more thing: the Earnings Show format Salesforce moved its earnings calls to a more informal ‘Earnings Show’ format that often includes customer CEO guests and a conversational structure alongside the traditional financial presentation. It is worth watching in full rather than reading the transcript — the customer case studies and Benioff’s commentary on platform direction often contain more signal about where the product is going than the prepared remarks alone. 📺 About the Salesforce Earnings Show — June 3 🕔Time: After market close on June 3, 2026. Typically begins 1 hour after close with the press release, followed by the live show. 🎙️Format: Conversational structure alongside traditional financial presentation. Often includes customer CEO guests discussing real deployment outcomes. 📊Beyond the numbers: Benioff’s commentary on Agentforce deployment depth, customer case studies, and any commentary on the SMB and mid-market motion. 🔗Where: investor.salesforce.com — live stream and replay. TrueSolv will be covering the call live on LinkedIn. The revenue number on June 3 will tell you how Salesforce is doing. The Agentforce ARR trajectory and the deployment signals will tell you whether the platform bet is compounding. Those are different questions and the second one matters more for anyone who depends on Salesforce as infrastructure. Salesforce Earnings Q1 FY27 Agentforce Salesforce News CRM Share: LinkedIn Twitter / X Copy link In this article 01Watch 1: Agentforce ARR trajectory 02Watch 2: Deployment vs. deal count 03Watch 3: SMB & mid-market 04The Earnings Show format FY26 baseline — key numbers $41.5BFY26 full-year revenue $800MAgentforce ARR (end of FY26) 29KAgentforce deals closed $72BRemaining Performance Obligations $2.9BAgentforce + Data Cloud combined ARR June 3 — what to watch 📈Agentforce ARR step-up from $800M ⚙️Token consumption acceleration 🏢Sub-enterprise traction signals 📺Earnings Show — watch in full About the Author DS Daria Savelieva Salesforce Consultant &

Salesforce Field Level Security Summer 26

Salesforce Object Manager Field Access tab showing field level security across profiles and permission sets

Any Salesforce admin who has ever done a field-level security audit knows the process: open a profile, navigate to object settings, find the field, note the access, repeat for every other profile, then repeat for every permission set. It is tedious, error-prone, and nobody does it as often as they should. Summer ’26 adds a Field Access tab directly to Object Manager that shows the full picture in one place. What the Field Access tab shows At the bottom of each object in Object Manager, a new Field Access tab lists every field on the object alongside a consolidated view of exactly how access is granted — across all profiles and permission sets — in a single interface. Previously, getting this view required navigating each profile individually, cross-referencing permission sets separately, and building a mental or spreadsheet-based picture of who can see and edit which field. For a mid-sized org with 20 profiles and 40 permission sets, that process takes hours and is almost guaranteed to miss something. The Field Access tab shows it in one view. One object, every field, all access configurations visible simultaneously. ⚡ Salesforce Setup → Object Manager → Opportunity → Field Access Opportunity Standard Object Details Fields & Relationships Page Layouts Validation Rules Field Access New All profiles and permission sets — one view Field Label Profile / Permission Set Access Granted Via Amount ✓ Read / Edit Sales Rep, Sales Manager Profile: Sales Rep · Profile: Sales Manager Annual Contract Value ✓ Read / Edit Finance, Admin📖 Read only Sales Rep Perm Set: Finance View · Profile: Admin Internal Deal Notes ✓ Read / Edit Sales Manager, Admin✗ No access Sales Rep, Support Perm Set: Manager Access · Profile: Admin Stripe Subscription ID 📖 Read only Finance, Admin✗ No access Sales Rep, Support, CS Perm Set: Finance View · Profile: Admin Read-only in Summer ’26. Edit permissions via Profile or Permission Set settings. Why this matters more than it sounds Field-level security is one of the most common gaps in Salesforce org audits. Orgs grow, permission sets multiply, profiles get copied from other profiles, and nobody has a clear picture of who can read or edit which field. Compliance audits, security reviews, and new admin onboarding all require this visibility — and getting it has always required more effort than it should. The Field Access tab does not change permissions. It makes the existing permissions visible and auditable at a glance. That distinction matters for compliance contexts specifically: the audit requirement is often to demonstrate that someone reviewed field access, not that they changed it. Summer ’26 makes that review faster, more reliable, and easier to document. Three situations where this saves significant time ✗ Before Summer ’26 1Open Profile 1 → Object Settings → navigate to field → note access level~3 min per profile 2Repeat for all 20 profiles. Build a spreadsheet.~60 minutes 3Open each permission set and check the same field. Add to spreadsheet.~30 min for 40 perm sets 4Cross-reference manually. Identify gaps. Probably miss one.~20 minutes 2+ hours. Error-prone. Often skipped. ✓ With Summer ’26 Field Access tab 1Open Object Manager → select object → click Field Access tab~30 seconds 2All fields listed. All profiles and permission sets in a single view.Immediate 3Search or scroll to the specific field. Access visible at a glance.~2 minutes 4Screenshot or export for the audit documentation. Done.~5 minutes total Under 10 minutes. Reliable. Auditable. Where the Field Access Tab Saves Significant Time 🔒Before a new team accesses sensitive account dataWhen a new department or external partner is being onboarded to Salesforce, reviewing field-level security on Account, Contact, or Opportunity objects is a required step. The Field Access tab makes this a 10-minute review instead of an afternoon, and makes the outcome documentable.Time saving: ~2 hours → ~10 minutes per object reviewed 📋GDPR and HIPAA-adjacent field visibility auditsDemonstrating controlled access to specific fields — email addresses, phone numbers, health-related custom fields — requires showing who has access and how it is granted. The Field Access tab produces that view without a manual cross-referencing exercise, making it audit-ready by design.Compliance requirement: access visibility is demonstrable in one screenshot 🔍Debugging a field not visible for a specific userA rep reports a field is missing from their record page. Previously: check profile → check permission sets → check page layout. With Field Access tab: search for the field, see all access configurations simultaneously, identify the gap in under 2 minutes.Debugging time: ~20 minutes → ~2 minutes What it does not do yet The Field Access tab is read-only in the initial Summer ’26 implementation. You can view field access across all profiles and permission sets, but you cannot edit permissions from this interface. Changes still require navigating to the profile or permission set and making edits there. Worth watching: The ability to edit permissions from the same view — which would make it genuinely powerful — is the likely Winter ’27 addition. The visibility improvement is real and significant now. Editing from the same surface is the logical next step. Field-level security has always been one of the hardest things to audit in a Salesforce org. Summer ’26 does not solve the permissions complexity — it makes it visible. That is the starting point for everything else. Salesforce Admin Summer ’26 Field Level Security Object Manager Salesforce Release Share: LinkedIn Twitter / X Copy link In this article 01What the Field Access tab shows 02Why this matters 03Three time-saving scenarios 04What it doesn’t do yet Field Access tab — quick facts 🆕Where: Object Manager → any object → Field Access tab (last tab) 📊Shows: All profiles and permission sets in one consolidated view 🚫Doesn’t do: Editing — read-only in Summer ’26 📅Available: Summer ’26 GA — sandboxes from ~May 9 Use this tab when… 🔒Onboarding a new team to sensitive data 📋Running a GDPR / HIPAA audit 🔍Debugging a missing field About the Author DK Dilyara Kolesnikova Salesforce Developer & Technical Writer at TrueSolv

TrueSolv — Footer Component