For Your IT Team
No setup required in your Salesforce org
Permission & FLS Audit requires zero configuration in Salesforce. There is no package to install, no Connected App to create, and no settings to change.
No Connected App installation
This tool does not use Salesforce OAuth and does not require a Connected App. It authenticates using the user's existing browser session — the same session cookie (sid) that Salesforce sets when the user logs in normally.
No IP whitelist required
The tool makes outbound HTTPS calls from our server to your Salesforce instance URL on port 443. No inbound firewall rules, IP whitelisting, or network changes are required on your side.
How authentication works
When a user clicks the bookmarklet on a Salesforce page, the tool reads the active Salesforce browser session and submits it securely to our server, which uses it to call the Salesforce APIs on behalf of the user.
The session is stored in a signed server-side cookie and is never written to our database.
Required Salesforce permissions
The user's Salesforce account must have:
- API Enabled — system permission
- View Setup and Configuration — system permission
- Read access on Profile, PermissionSet, ObjectPermissions, FieldPermissions, User objects
System Administrator profiles satisfy all of these. Other profiles will need the permissions above added explicitly.
Supported Salesforce editions
Professional Edition (API access required), Enterprise, Unlimited, Developer, and Sandboxes.
Session lifetime
The tool inherits the Salesforce session lifetime (default: ~2 hours). When the session expires, users are redirected to reconnect — there is no persistent or background access.
Data boundary
KeelCadence is not a Salesforce data export tool. It reviews metadata, configuration, permission structures, and aggregate counts where needed for diagnostic scoring. It does not export customer records, files, attachments, emails, Chatter content, or transactional data. The report maps access configuration, profiles, permission sets, object permissions, and field-level security — not the underlying field values users may have access to.
Data handling summary
- Session ID: held in signed browser cookie only — never in database
- Metadata read: profiles, permission sets, object permissions, FLS, user list
- Record data read: none — no Accounts, Contacts, Opportunities, or any business record object is queried
- Files, attachments, emails, Chatter, transactional data: not accessed
- Data stored: org ID, org name, username, run date, Excel report file
- Report retention: 90 days, then permanently deleted
Does KeelCadence export Salesforce records or files?
No. KeelCadence does not export customer records, files, attachments, emails, Chatter content, or transactional data. The reports are based on Salesforce metadata, configuration, permission structures, and aggregate counts where needed for diagnostic scoring.
Questions?
Email security@keelcadence.com for IT-related enquiries.