What does Delegated Administration enable?

Delegated Administration grants limited admin functions (like user management or custom object admin) to non-admins within a specific scope.

What's a common use case?

A common pattern is delegating user management for a specific department to a department manager, scaling admin capacity without compromising governance.

Are delegated admins limited in scope?

Delegated admins are strictly constrained to the roles, profiles, objects, and permission sets defined in their delegated group.

Delegated Administration

Administration🔴 Advanced

Definition

Delegated Administration allows non-admin users to perform a limited set of administrative functions for specific groups or organizational units without granting full system admin access. Delegated admins can manage users, reset passwords, and perform other tasks for their assigned group while respecting security and governance boundaries.

Real-World Example

Consider a scenario where an admin at Redwood Financial is working with Delegated Administration to ensure the Salesforce org runs smoothly and securely. They configure Delegated Administration during a scheduled maintenance window, test it in a sandbox first, and then deploy to production. The result is tighter security and a more streamlined experience for all 200 users in the org.

Why Delegated Administration Matters

Delegated Administration in Salesforce allows non-admin users to perform a limited set of administrative functions for specific groups or organizational units without granting full system administrator access. Admins create Delegated Groups in Setup, specifying which roles, profiles, custom objects, and permission sets the delegated admins can manage. Delegated admins assigned to a group can then create and manage users, reset passwords, assign profiles and permission sets, and modify the specified custom objects within their scope.

Delegated Administration is the right answer when you want to distribute admin work without distributing admin power. A common pattern is delegating user management for a specific department to a department manager, so they can handle joiners and leavers within their team without filing tickets to the central admin team. Another pattern is delegating custom object administration to an application owner. In all cases, delegated admins are constrained to their assigned scope, so they can't accidentally break things outside their area. Properly used, Delegated Administration scales the admin function without creating governance risk.

How Organizations Use Delegated Administration

•Redwood Financial — Delegated user management for each business unit to a unit-specific delegated admin. Department managers handle joiners and leavers without filing central tickets, and the central admin team focuses on org-wide work.
•Skyline Consulting — Recommends Delegated Administration to clients with multiple departments or business units. The pattern scales admin capacity without compromising governance.
•NovaScale — Built delegated groups for application owners so each owner can manage the custom objects for their app without affecting other apps in the shared org.