r/salesforce

Hey everyone,

I'm 22 and I've been going in circles for months and I'm exhausted.

Here's my situation:

I can build apps fast using AI (Flutter, React, Next.js, whatever). I don't have deep traditional coding knowledge but I can ship real working products quickly using AI-assisted development, which everyone is doing right now.

I have real resources through Microsoft for Startups: $611 Azure credits expiring June 30, $500 MongoDB credits, GitHub Enterprise, LinkedIn Premium, Stripe, and more.

And I have $0 in my bank account.

My dream is to make real money. Not "comfortable freelancer" money. Real wealth. But right now I can't even get started and every direction I try leads nowhere.

I've tried platforms. I've researched ideas for months. I keep spinning in the same circle should I freelance? Build a SaaS? Find clients? Every time I pick a direction something blocks me or I lose confidence that the idea is even good.

I'm not looking for motivation. I'm looking for someone who's been here and got out.

What would you actually do?

Hey everyone, I really need to vent and maybe get some advice, because the bureaucracy here is just blowing my mind.

My buddy and I have been working on a new AppExchange app after hours for the last 2 years. The package has been 100% ready for a month now. We followed the docs, got everything prepped, submitted the app for the Security Review, and happily paid the $999 fee.

Now, we are being told by the review team that we need to build/move it to a Partner Business Org (PBO). Okay, sure. But when I applied for the ISV partnership to actually get that PBO, I got hit with this automated brick wall:

>Thank you for your reply... partnership inquiry remains under internal review as we prioritize which new partners to work with. There is no decision or anticipated timeline that we can provide. We have saved your partnership proposal and will reach out in the future should we decide to move forward.

I’m genuinely frustrated. I work as a Salesforce Architect daily, so I know the technical side of this platform inside out, but this administrative Catch-22 is absolutely ridiculous.

How is it systematically possible that Salesforce allows you to initiate the Security Review process and gladly processes your $999 payment, but then denies you the basic mandatory tool (PBO) required to complete it because "you aren't a partner yet"? xD

I have a requirement for getting all the related lists that are available for the custom object via api;

I just want these list, that are available in the page layout for the object(see the image)
Anything works;(any api for this, or if you can give this result by doing operations on the results from any api , will also work)

just need this red area list.

https://preview.redd.it/8p1kn88t2h2h1.png?width=3008&format=png&auto=webp&s=38101ce307999e92f9ffd49bc80e0f83d55e17ed

Noticing that most modern Salesforce projects now focus heavily on Lightning Web Components, UI customisation, and JavaScript skills.

At the same time, Apex is still the backbone for automations, integrations, and backend logic.

So for someone learning Salesforce in 2026:

• Should they prioritize LWC over Apex?
• Is JavaScript becoming more important than deep Apex knowledge?
• In real projects, what do companies expect more from developers today?

Would love to hear from experienced devs, architects, and even freshers working on current Salesforce projects.

Just wanted to share my excitement! This test has had me super stressed for the past few weeks, so it feels like a huge weight has been lifted off my shoulders. It was an employer requirement as well.

Overall, It took me a little less than a month to prepare with zero salesforce knowledge beforehand (Didn't study some days cause of school + part time job).

Study materials I used:

- Trailhead: Good for foundation and hands on practice but very high level.

- Focus on Force: Bought the practice exams and the study guide. I did three out of the six practice exams and a couple topic tests. Got a 66% on the first one, 75% on second and 71% on the third.

The practice exams were quite solid but more difficult compared to the actual exam imo. They're more memorization based and ask questions about very specifc features or exact numbers. The actual exam is much more vague and has more situational based questions. I still think Focus on Force is the best resource for practice exams though.

The study guide was also decent for learning missed topics. However, it is VERY comprehensive and detailed. Almost a little too detailed.

- Cert++: Shout-out to u/MoleManMattG. The free study checklist was FANTASTIC for last minute review on exam day. Very well organized by topic.

- Salesforce Ben: Has articles for individual topics with great explanations. They broke down some concepts I was having trouble with into easily digestible info.

Hopefully, this helps/encourages anyone preparing for the admin exam. It's a hard exam but you can do it!

Hi, i am planning to attend dreamforce 2026 in san fransico. Since the tickets are cheaper if 5 people buy it together, im looking to find other people interested in attending together. Please dm me if interested.

Does anyone know of a native way (or a unique solution) to track changes to validation rules?

When editing an existing rule, I'll save the prior version temporarily to my clipboard, but there are times when a rule has been edited multiple times over the years, and I wish I could see how it's evolved. Often, creating or modifying a user role or deploying a new Flow has downstream impacts, and before I go and make another exception to the existing rule, I'd like to understand how/why it was originally designed to better understand the intent.

Thanks in advance for any tips!

Hey fellow Salesforce folks,

I’ve been tasked with putting together an evaluation document to compare different AI tools for our org. Right now, we’ve narrowed it down strictly to Claude Code and Agentforce (we are not considering Copilot or Codex).

In my hands-on testing, Claude Code feels significantly ahead, especially when it comes to the depth of its analysis and adherence to strict coding standards. However, "it just feels better" won't fly with our business leadership. I need to back this up with concrete, objective evidence.

For those of you who have evaluated or used both in production or deep spikes:

1. What specific advantages have you observed in Claude Code over Agentforce? (e.g., handling complex Apex architectures, context window management, refactoring, etc.)

2. How did you articulate the technical superiority of Claude Code into "business value" for non-technical stakeholders?

Also, if anyone has a framework or template for how to structure this kind of comparison document for leadership, I’d love to hear how you categorized your sections.

Thanks in advance for the insights!

EDIT: Specifically was asking about agentforce and Salesforce AI features. Not AI outside of Salesforce.

I sometimes consult for very small nonprofits with extremely limited budgets. I'm currently working on one that takes in a lot of case submissions via a form requesting help in some form. This group in particular is run by one person, part time.

I was wondering if I could use AI to make their lives ever-so-slightly easier. The use case I wanted to try as a proof-of-concept was using using AI to populate a a brief summary in under 255 characters.

Is something like this available to such small nonprofits yet?

They might not have the best UI but content wise they are good! Contents are updated regularly. Score percentage was accurate. I was able to get my admin,BA, and agentforce certs with the help of their practice exams. The new platform is k2 universe is so slow.

Do you guys have any recommendations for a platform like FOF that offers practice exams? Thanks!

Hello Everyone! You're probably already thinking it but yes this is going to be yet another post asking for opinions and thoughts to help decide which certification to do next, any feedback is highly appreciated. Would like to take and pass the next certification exam before August.

A bit about me, I have 7 years of experience working in various Salesforce roles and projects as a Functional Consultant/Analyst, Team Lead, Project Lead and now currently as a Business Analyst. So I am and have usually been on the client facing and stakeholder management side of things.

In my current project, I work daily in FSC and Experience Cloud (worked extensively in Experience Cloud for my last project as well) and Platform Admin ll is on my radar as I like the idea of reinforcing my general overall knowledge of Salesforce.

At the moment, I have the Admin, Platform App Builder, Business Analyst, Sales Cloud and Service Cloud consultant certifications. Due to my experience and current project, I am thinking of doing the Experience Cloud Consultant, FSC Accredited Professional or even Platform Admin ll although I'm unsure which one of these would be most valuable to do.

My company nor my project has no preference of which one to do next, so I'm basically free to choose.

For those who took the FSC exam, how did you study for it? In the past I've relied heavily on FoF practice exams to exam prep so it seems a bit daunting going in blind without doing any practice tests.

Is the Platform Admin ll cert that relevant these days? Would it be useful for someone with my experience and for my future path as I plan to stay on the functional side of things? I also guess having the Experience Cloud certification under my belt wouldn't hurt, even if it's not the most sought after.

Thanks for any input you have!

I built an open-source Salesforce security CLI tool based on the Salesforce Baseline Standard — SBS — a community security spec created by Pablo Gonzalez and others in the Salesforce community.

The idea is simple:

Salesforce security should not live only in someone’s head, a spreadsheet, or a once-a-year review.

Admins, developers, architects, and RevOps teams need a practical way to understand where an org may have risk hiding in plain sight.

Repo here:

https://github.com/Berrismi/sbs-audit-engine

I also recorded a walkthrough video here:

https://youtu.be/S0XgBN400zA

A few areas I’m thinking about:

- Permission and access model risk
- Profile and permission set hygiene
- Session and authentication controls
- Guest user exposure
- Metadata/configuration gaps
- SBS-aligned checks that can be made more repeatable

I’d love feedback from this community:

1. What Salesforce security checks would you want prioritized?
2. What output would actually be useful — JSON, CSV, HTML, summary report, GitHub Action output?
3. What are the security areas you see companies ignore until it becomes painful?
4. Any concerns with how this should inspect orgs safely?

Not pretending this replaces a full security review.

The goal is to make the first layer of visibility easier, faster, and more repeatable.

The ones that haunt you. The 4 hour bugs that turned out to be a checkbox. The migration that broke because of a trailing space. The Flow that wouldn't fire because someone deactivated a profile in 2019.

Drop yours. The dumber the better.

Mine: spent half a day debugging why an Apex trigger wasn't firing on a specific record type. Turned out the test class was passing because someone wrote `System.assert(true)` and called it covered.

Dodi Friedenberg, the legend, has given me permission to share her original post here and we all need to absorb and understand this! Show her love on LinkedIn, she is awesome.

Her post follows bellow:

Important updates for Salesforce Admins:

1) On a rolling basis starting July 1, users with System Administrator privileges will no longer be able to use the Salesforce Authenticator App to log in and will be required to set up phishing-resistant multi-factor authentication, such as Windows Hello or Touch ID on Mac, if you have those enabled, or physical key (e.g. YubiKey or Google Titan). A Password Manager like Bitwarden may also be adequate.

Here are steps you can start taking today:
a. Make a note of your Org’s ID and keep it somewhere safe. Find it in Setup->Company Information (in case you need to log a case with Salesforce later)

b. Setup->Identity Verification, select “Let users verify their identity with a built-in authenticator such as Touch ID or Windows Hello” and save.

c. Each user with the System Administrator profile - or with Modify All Data, View All Data, Customize Application, or Author Apex - must specify a “Built-in” authenticator.

Click the Avatar or photo top right in Salesforce, choose “Settings,” choose “Advanced User Details,” scroll down to “Built-in Authenticators.” Click “Add.” Authenticate as you normally do. Click “Register.” Since I didn’t have Windows Hello enabled, but do use Bitwarden, this popped up Bitwarden for me. Under “Save passkey,” I chose my org. Next I named the Built-in Authenticator and Saved. (The default name says #1. You may have more than one in your password vault, but it may or may not be possible to add more than one Built-in Authenticator per Salesforce org.)
Link 1
Link 2

2) “Step-Up Authentication” - a requirement to reauthenticate when exporting - and perhaps also for viewing - reports. On or after May 27, we can tweak how often users will need to reauthenticate in order to export (or view?) reports - between 2 and 120 minutes. Default is 120 minutes. Setup->Identity Verification->“Require step-up authentication within cool-down period” session-level policy for Reports and Dashboards.
Link 3
Link 4

3) Email-based login will become the default login experience for the UI of login.salesforce.com and test.salesforce.com - scheduled to start in September. While users can still choose to log in with a username and password, prepare them for email to appear as the primary option.
Link 5

4) Salesforce now sends email only from verified domains. If you haven’t already set up (or updated) DKIM, here are two resources:
Video
Article

~ END OF HER POST ~

My thoughts: these changes are total overcorrections by Salesforce. Instead of feeling like security, they come across as an in-your-face attempt to detach us from the UI of the system. Anyone else feel the same?

Is anyone else currently losing their minds over the upcoming Phishing-Resistant MFA enforcement (July 2026)?

We are trying to get our Shibboleth IdP compliant, but Salesforce’s documentation (Article 005321563) is impressively vague. It feels like they wrote these specs for Okta/Azure shops and completely ignored anyone running a standard SAML setup.

The most frustrating part is the "Authentication Strength Tiers" table. They list generic values like ⁠user⁠ as a "Phishing-Resistant" signal for SSO.

What is an architect supposed to do with the value ⁠user⁠? That’s not a technical standard; that’s an ambiguous placeholder that gives us zero guidance on what to actually configure in our SAML assertion.
We aren't looking for marketing fluff—we need technical specs…

Where is the SAML Profile? There is no clear technical blueprint for exactly how our IdP needs to format assertions to be officially recognized as "phishing-resistant."

Does Salesforce actually expect us to map the string ⁠user⁠ to our ⁠AuthnContextClassRef⁠? That is not an industry-standard definition for phishing resistance. Where is the documentation mapping these to NIST/FIDO standards?

Salesforce admits that SAML ACR values aren't even recorded in Login History yet. They are asking us to comply with a mandate that we can’t even audit or verify in our own logs.

We’re a Shibboleth organization, and it feels like we’re being held to a standard that Salesforce hasn't bothered to document for SAML users.

Is anyone else hitting this wall? Has anyone managed to get a straight answer from a Salesforce Architect on what the actual expected SAML assertion looks like? Or are we all just waiting for the July "surprise"?

I work as a Salesforce consultant for a company in that primarily works on a specialized managed package. Right now the job has become a horrendous environment that makes me beg for a layoff. My CEO is an asshole. He berates and belittle the women daily. He yells at the Gen Z staff and calls them morons and idiots almost daily. He purposely makes some the people waiting on green card work over 24 hours straight. Hes yelled at me for configuring dkim for customers because “I should let the devs do it” He’s forcing us to use his own AI agent to build PowerPoints and processes for presentation. Which would be good if it didn’t constantly f up and put stuff that isn’t part of their BRD and confuses our own damn clients. I’ve been made to look like a fucking idiot 3 times by him telling me with 10 minutes notice “do this presentation and read off the script” and 3 times customers have stopped and said “this doesn’t make sense” god i miss the days i was a business analyst or support. I want to get out but i know the job market is shit.

I don’t know what I expect from posting this but I just needed to let this out to fellow people that work on the platform.

I work for a larger healthcare company in the north east. I was hired to have full architectural control of a departments Salesforce environment. Upon joining, leadership was new and we both found out that the development of the Salesforce organization is controlled by an internal team instead of an outside consultant. We were told that under no circumstances would I be able to have full admin access. We then had to have multiple meetings to finally get me a developer sandbox to understand how things work. I’ve now become a product owner/analyst role. I’ve been working to clearly define KPI’s and add the needed fields to Salesforce as well as required fields and tooltips. I was told that I need to go to the business analyst on the development team, have them submit a user story, then I sign off on it, then it goes to development, then QA, then UAT to test, then deployed. This is all fine with me but it takes a very long time to get things deployed.

A new field with no dependencies takes anywhere from 2-4 months to get deployed. Being able to create related records when a new person account is converted from a lead or created has taken 7 months to get to UAT. I came from a smaller company where we didn’t custom LWC and apex everything if we didn’t need to.

Is this development timeline normal in the industry?

Spending hours manually comparing Flows between Sandbox and Production.

Even with deployment tools like Copado and Gearset, finding all the small (but dangerous) differences in elements, resources, decisions, loops, and variables was still painful and risky. I’ve seen deployment issues caused by missed Flow changes more times than I can count.

So instead of keep complaining about it… I decided to build a solution.

I’m currently developing the Salesforce Flow Comparator Browser Extension that will let you:

• Instantly compare any two orgs (Sandbox ↔ Production, Sandbox ↔ Sandbox, etc.)
• Get a clear side-by-side diff view of Flow metadata
• Highlight added, removed, or modified elements
• Save massive time during release validation

It’s still a Work in Progress (MVP is almost ready), but I’m genuinely excited about it.

I’d love your help and feedback:

• Would this tool solve a real pain for you?
• What features would make this a “must-have” tool for you? (e.g. support for other metadata types, exportable report, dark mode, VS Code integration, etc.)
• Any specific Flow comparison problems you face that I should solve?

If you’ve ever lost sleep before a big go-live because of Flow differences — drop a comment! 👇

Looking forward to your thoughts! 🔥

https://preview.redd.it/we1dxd3z152h1.jpg?width=1120&format=pjpg&auto=webp&s=da9e708176d4e5a49d3256c0f3a6d0f95451ab87

https://preview.redd.it/i2rade3z152h1.jpg?width=1264&format=pjpg&auto=webp&s=22d17e88495681551a64a0c461a1482a78caabc0