Category: CRM & Sales
Secure Salesforce browsing
Secure Salesforce browsing means protecting CRM logins, sessions, and customer data from phishing and session theft while sales teams work in the browser.
Salesforce security is often framed as identity and permission design, but the operational risk usually starts in the browser. Reps move fast between email, records, pricing docs, meeting links, and AI tools, which makes CRM access vulnerable to the same phishing and session-replay patterns that hit other browser-heavy teams.
Quick answer
Legba can isolate browser sessions while your team uses Salesforce.
Sales tools are link-heavy and often connected to inbound email and outreach. Isolation helps reduce exposure from external links and downloads that reach Salesforce users.
This page does not imply an official integration with Salesforce. It is a guide to securing browser workflows around the app.
Last updated
2026-04-09
Common browser risks
- Lookalike Salesforce login pages and SSO prompts that steal credentials or tokens.
- Session hijacking that reuses an authenticated session to access customer data.
- Phishing links embedded in records, emails, or integrations that route reps to malicious destinations.
- Data leakage when reps copy customer details into untrusted tools or AI prompts.
- Malicious downloads from external links (pricing sheets, PDFs) clicked during sales workflows.
Typical sensitive data in Salesforce
- Customer and prospect PII (names, emails, phone numbers).
- Pipeline details, deal notes, and pricing information.
- Contracts, quotes, and order forms.
- Support and account history linked to records.
- Integration tokens and connected app permissions (depending on setup).
- User access roles and login history.
Recommended policies by role
Sales
- Open unknown external links from records and emails in isolation by default.
- Restrict downloads from unfamiliar domains; use a scan-and-release workflow for shared PDFs and docs.
- Avoid pasting customer PII into untrusted web tools or AI prompts; use approved systems.
IT Admins
- Enforce SSO and strong session controls; require re-auth for sensitive changes.
- Use browser policies to restrict extensions and risky permissions across sales teams.
- Isolate ad-click and unknown domains to reduce phishing exposure without blocking research.
Security
- Monitor for anomalous logins and session behavior; investigate new OAuth grants and connected apps.
- Use isolation for investigation of suspicious links and external file shares.
- Prioritize controls for roles with broad CRM exports and admin access.
What to do next
For CRM-heavy teams, the right default is not more vigilance. It is less endpoint exposure during the moments when reps follow unknown links, download external files, and handle sensitive customer context in adjacent tabs.
Each guide is written by our team, reviewed by a named security contributor, and cited against primary sources such as OWASP, CISA, NIST, and MITRE. We update pages when the underlying guidance changes. See our contributors and company.
FAQs.
References
- 01Salesforce TrustSalesforce
- 02Cloudflare: Browser IsolationCloudflare
- 03
