Portal Health Check
Portal Health Check is a Setup tool that evaluates the security configuration of Experience Cloud sites (formerly Community portals) against Salesforce's recommended security standards.
Definition
Portal Health Check is a Setup tool that evaluates the security configuration of Experience Cloud sites (formerly Community portals) against Salesforce's recommended security standards. It identifies vulnerabilities such as excessive guest user permissions, insecure sharing rules, and missing authentication requirements.
In plain English
“Here's a simple way to think about it: Portal Health Check catches the over-permissive sharing rules guests can exploit. It scans Experience Cloud configuration against a security baseline and flags issues - guest user permissions, sharing rules that expose records publicly, missing auth.”
Worked example
The admin at GreenLeaf Organics runs Portal Health Check on their customer self-service portal and receives a score of 65. The tool identifies that guest users have access to the Account object (unnecessary for the FAQ-only portal), the session timeout is set too long, and HTTPS is not enforced on all pages. She fixes each issue and raises the score to 92.
Why Portal Health Check catches the over-permissive sharing rules guests can exploit
Experience Cloud sites (formerly Communities) have unauthenticated guest users, and configuring access for those users is the part most likely to go wrong. Portal Health Check is Salesforce's automated audit. It scans your Experience Cloud configuration against a security baseline and flags the issues that matter most: guest user profiles with too much access, sharing rules that expose records publicly, missing authentication requirements, weak session handling.
The reason it's worth running periodically is that secure-when-launched doesn't stay true automatically. New objects get added with default sharing, new fields get exposed with overly broad field-level security, new sharing rules get created without the guest-access implications considered. Run Portal Health Check whenever you change the configuration of an Experience Cloud site, after any Salesforce release that touches sharing, and on a quarterly cadence regardless. It's free, it's fast, and it catches the kind of mistake that becomes a public news story.
How organizations use Portal Health Check
Quarterly Portal Health Check caught a guest profile with overly broad Account access; remediated before any external user noticed.
After every Experience Cloud change, the team runs Portal Health Check as part of release readiness.
Compliance audits use Portal Health Check findings as evidence; public-data-exposure findings dropped to zero.
Trust & references
Straight from the source - Salesforce's reference material on Portal Health Check.
- Portal Health CheckSalesforce Help
About the Author
Dipojjal Chakrabarti is a B2C Solution Architect with 29 Salesforce certifications and over 13 years in the Salesforce ecosystem. He runs salesforcedictionary.com to help admins, developers, architects, and cert/interview candidates sharpen their fundamentals. More about Dipojjal.
Test your knowledge
Q1. In which area of Salesforce would you typically find Portal Health Check?
Q2. Why is understanding Portal Health Check important for Salesforce admins?
Q3. What is the primary benefit of Portal Health Check for Salesforce administrators?
Discussion
Loading discussion…