Definition
Portal Health Check is a Setup tool that evaluates the security configuration of Experience Cloud sites (formerly Community portals) against Salesforce's recommended security standards. It identifies vulnerabilities such as excessive guest user permissions, insecure sharing rules, and missing authentication requirements.
Real-World Example
The admin at GreenLeaf Organics runs Portal Health Check on their customer self-service portal and receives a score of 65. The tool identifies that guest users have access to the Account object (unnecessary for the FAQ-only portal), the session timeout is set too long, and HTTPS is not enforced on all pages. She fixes each issue and raises the score to 92.
Why Portal Health Check Matters
Portal Health Check is a Setup tool that evaluates the security configuration of Experience Cloud sites (formerly Community portals) against Salesforce's recommended security standards. It scans for common vulnerabilities including excessive guest user permissions, insecure sharing rules, overly permissive object access, missing authentication requirements, and session security settings. The tool generates a security score and a prioritized list of findings, making it easy for administrators to understand their portal's security posture and take corrective action. This is especially important because Experience Cloud sites expose Salesforce data to external users, creating a larger attack surface than internal-only configurations.
As organizations deploy customer portals, partner communities, and self-service sites, Portal Health Check becomes a non-negotiable part of the security governance process. Guest user profiles in Experience Cloud are a frequent source of data breaches when configured too permissively — attackers have exploited misconfigured guest access to extract Account, Contact, and custom object data from production orgs. Regular Portal Health Check audits should be conducted after every portal deployment, after permission changes, and on a recurring monthly schedule. Organizations that neglect this tool risk regulatory fines, customer data exposure, and reputational damage. The goal should be a score above 90, with any finding rated 'High' or 'Critical' resolved immediately.
How Organizations Use Portal Health Check
- GreenLeaf Organics — GreenLeaf's admin runs Portal Health Check on their customer self-service portal and receives a score of 65. The tool identifies that guest users have access to the Account object, session timeout is too long, and HTTPS is not enforced. After fixing each issue, the score rises to 92, and a subsequent penetration test confirms no exploitable vulnerabilities.
- Pacific Partners Network — Pacific runs Portal Health Check after launching a partner community and discovers that sharing rules allow partners to see other partners' Opportunity data. The tool flags this as a Critical finding. The admin immediately tightens sharing rules to restrict partners to their own records only, preventing a potential competitive intelligence leak.
- Meridian Financial Services — Meridian conducts monthly Portal Health Check audits as part of their SOX compliance process. Each audit report is documented and stored for regulatory review. When auditors request evidence of portal security governance, Meridian provides 12 months of scored reports showing consistent improvement from 72 to 95, demonstrating proactive security management.