The pattern: monitor the page weekly, alert on critical thresholds, correlate failures with endpoint logs, use the data to drive remediation or migration. The history is operational furniture; without active use, failures persist longer than they should.
- Open Delegated Authentication Error History weekly
Setup, Security, Delegated Authentication Error History. Review failure types and counts. Note trends.
- Build alerts on critical thresholds
Flow or scheduled Apex that queries DelegatedAuthenticationLogEntry and posts to Slack or PagerDuty when failures exceed threshold.
- Correlate failures with endpoint logs for diagnosis
Pull the endpoint's logs for the failure window. Match by source IP and username to reconstruct what happened.
- Document remediation per failure pattern
Endpoint outage runbook, certificate rotation runbook, timeout investigation runbook. Reusable runbooks speed response.
- Capture quarterly summaries for compliance evidence
Total failures, types breakdown, mean time to remediation. The summary supports audit evidence and migration cases.
- Use trend data to support migration planning
Repeated outages or certificate issues are the operational case for moving to SAML or OAuth.
- Retain summaries beyond the 21-day platform window if compliance requires
The platform-side history rolls off; manual extracts to a long-term log preserve the trail.
Weekly for active Delegated Authentication deployments; daily during incident response.
Per error type, per time window. Configure to balance alert fatigue against detection latency.
Matching source IP and username to reconstruct full request context.
Platform retains 21 days; long-term retention requires manual export to external log.
Quarterly for SOC 2 / ISO 27001 evidence; per-incident for specific audit requests.
- The platform retains only the last 21 days of entries. Long-term retention requires manual export.
- Endpoint-side logs are necessary to fully diagnose most failures. Without them, the Salesforce side alone is incomplete.
- Without alerts, failures linger until users complain. The page is operational furniture only when actively monitored.
- Certificate Invalid errors are rare but high-impact. Add to the cert-rotation inventory; expirations on the endpoint side are silent on the Salesforce side until they occur.
- The history is read-only. Admins cannot edit, delete, or annotate entries; correlations and remediation notes live in external runbooks.