The certification is the foundation; the daily practice is what separates good admins from great ones. The patterns below come from observing what experienced admins do that newer admins skip; none are required by the platform, all compound over time.
- Build a personal sandbox for every change
Spin up a developer sandbox, build the change, validate, then push to production. The sandbox-first discipline is the single largest determinant of org stability over the years.
- Maintain a change log alongside the platform audit trail
The Setup Audit Trail captures most changes but not the why. Maintain a parallel change log with date, change, why, stakeholder. The log is the artifact compliance and successor admins will reference.
- Adopt naming conventions early
Custom field names, validation rule names, flow names, permission set names. Conventions established on day one compound; conventions imposed in year three never quite work because the legacy names persist.
- Use permission sets, not profile customizations
Salesforce is moving away from profile-based permissions toward permission sets. Build new access with permission sets even when profiles would work; future migration is easier from a permission-set baseline.
- Run Salesforce Optimizer and Health Check quarterly
Both reports surface configuration issues admins overlook in daily work. Quarterly review with the security and platform owner catches the easy issues before they become hard ones.
- Document stakeholder decisions in the work item
Every non-trivial change should have a Jira ticket, ServiceNow request, or equivalent with the requesting stakeholder, the requirement, and the approval. The documentation is the audit trail when the change is questioned later.
- Learn the AI-assisted Setup tools early
Setup with Agentforce, Flow Creation with Einstein, the Agentforce Specialist content. The admin role is shifting toward judgment work; the admins who learn the new tools in 2026 are positioning for the role in 2028.
Developer, Developer Pro, Partial Copy, Full Copy. Trade-off is data fidelity vs refresh cost and storage.
Change sets, source-tracked sandboxes, DevOps Center, third-party (Gearset, Copado). Drives change velocity and audit completeness.
Profile-based vs permission-set-based vs hybrid. Permission-set-first is the modern Salesforce-recommended pattern.
Spreadsheet, ticketing system, dedicated change log app. The format matters less than the discipline of maintaining it.
Maintenance modules per release, plus targeted skill expansion (Agentforce, Data Cloud, Industries) per quarter.
- Building directly in production accumulates brittleness faster than admins expect. Sandbox-first is the single most important discipline.
- Profile-based permissions are harder to migrate to permission sets later than building permission-set-first now. Salesforce is moving away from profiles; build accordingly.
- Naming conventions are easy to skip on day one and impossible to retrofit in year three. Establish conventions before the first custom field.
- Documentation written after the fact rarely matches the original intent. Maintain change logs and stakeholder approvals as the work happens, not at audit time.
- AI-assisted Setup will reshape admin work over the next two years. Admins who treat Setup with Agentforce as optional in 2026 will be at a skill disadvantage by 2028.