Guest User
A Salesforce user profile associated with unauthenticated visitors to Experience Cloud sites or Sites.com pages, with highly restricted permissions that control what data and features anonymous vis…
Definition
A Salesforce user profile associated with unauthenticated visitors to Experience Cloud sites or Sites.com pages, with highly restricted permissions that control what data and features anonymous visitors can access.
In plain English
“A Guest User is the special user profile for unauthenticated visitors to Experience Cloud sites or Sites.com pages. Anonymous people who haven't logged in are using this profile, and it has very tight permissions to control what data they can see.”
Worked example
On the public help center at Cypress Therapeutics, an unauthenticated visitor browsing for medication-side-effect FAQ articles is served by the Guest User profile. The profile grants read-only access to published Knowledge articles tagged for public visibility - but blocks access to everything else: no patient records, no internal Cases, no employee directory. When the visitor creates an account on the patient portal, their identity transitions from Guest User to a customer user with broader (but still tightly scoped) access.
Why Guest User matters
A Guest User in Salesforce is the user profile associated with unauthenticated visitors to Experience Cloud sites or Sites.com pages. When someone visits a public page on an Experience Cloud site without logging in, they're operating as the Guest User, with the permissions defined on the Guest User profile for that site. These permissions are typically highly restricted to prevent anonymous visitors from seeing or modifying sensitive data.
Guest User security is one of the most important configuration considerations for any Experience Cloud deployment because misconfigured Guest User access can expose customer data publicly. Salesforce has tightened Guest User security significantly over recent releases, requiring explicit grants for most data access and removing many default permissions that Guest Users used to have. Mature organizations audit Guest User access carefully, follow the principle of least privilege, and test sites regularly to verify that anonymous visitors can't see anything they shouldn't.
How organizations use Guest User
Audits Guest User permissions on every Experience Cloud site they build, applying least privilege and testing for accidental data exposure.
Built a public knowledge base using Guest User access for unauthenticated visitors, with carefully scoped sharing rules ensuring only public articles are accessible.
Treats Guest User configuration with extreme caution because of HIPAA compliance; any misconfiguration could expose PHI publicly.
Test your knowledge
Q1. What is a Guest User?
Q2. Why is Guest User security important?
Q3. What's a best practice for Guest User configuration?
Discussion
Loading discussion…