Avoiding the Data Access Trap Door You Didn’t Know Existed
If you thought you dodged a bullet when Salesforce delayed the End of Life for Permissions on Profiles until Spring ’26—think again. This isn’t the time to celebrate; it’s time to rethink how you manage permissions before you accidentally open a Pandora’s box of data exposure that’s quite painful to close. At The CRM Firm, we want to make sure you stay ahead of the curve (and avoid unnecessary panic attacks). So, let’s talk about why Permission Sets should be your new best friend and why relying on Profiles for permissions is like balancing a house of cards—one wrong move, and everything comes crashing down. Not sure what that is? Don’t worry—we’ve got you.
If Not Another Hal 9000, Then What is SAML?
First, we can assure you it is NOT the next evolution of HAL from 2001: A Space Odyssey. In fact, SAML (Security Assertion Markup Language) is the behind-the-scenes tech that allows users log in once and access multiple systems without needing separate usernames and passwords for each one. This is often called:
- SSO (Single Sign-On) – Logging in to Salesforce using another account (like your company login)
- SLO (Single LogOut) – Logging out everywhere at once when you sign out
If your team uses Okta, Azure AD, or any other login system to access Salesforce—or if Salesforce is used to log in to other apps—this update might impact you.
Access Granted . . . Or Denied?The Shake-Up
This Summer, Salesforce is upgrading its SAML technology to step up its security. This is not to say that their security isn’t solid right now, more so to address the ever-increasing pace of technological advancements and to ensure Salesforce’s security is on the leading edge. So, this is great news—but, if you’re not prepared, this could muck up your whole login setup.
This means users could suddenly get locked out. No one wants to see Access Denied!
Ssoooooo, Should I Worry?
Uh, yes, you should—especially if your company uses:
- SSO (Logging in to Salesforce through another system)
- Connected Apps (Logging in from Salesforce into other apps)
- Salesforce Experience Cloud Sites (For portals or partner communities)
- SLO (Logging out of all systems at once)
If any of these options sound familiar to you when you login,it’s time to prepare!
What In The SAML Do I Do?
1. Find Your SAML Setups
In Salesforce, go to:
-
- Setup > Identity > Single Sign-On Settings
- Check your Connected Apps
- Don’t forget Experience Cloud and logout settings!
2. Play In Your Sandbox to Test
Salesforce gives you a test environment (called a Sandbox) that will get the Summer ’25 update before your real system does. Use It!
-
- Copy your login settings
- Test logging in and out
- Fix anything that breaks before the real upgrade hits
If any of these options sound familiar to you when you login, it’s time to prepare!
3. Use Salesforce Trust
Go to Salesforce Trust and check your sandbox and production upgrade dates so you know when to start testing.
TL;DR, Here’s Your To-Do List:
- Find your SAML logins in Salesforce
- Spin up a sandbox once it gets the Summer ’25 update
- Test all your logins and logouts
- Fix any issues before your live system gets updated
- Enjoy a drama-free login experience
If you’re still wondering what half this stuff means or how to test it, don’t stress. The CRM Firm team can help decode the tech and make sure your login flows are smooth sailing. Hit us up—we’re good at this stuff and we tell bad puns while doing it.
