How a Need for Multi-Org Health Checks Became OrgMonitor

Gathering the stats necessary to evaluate the basic security posture of a wide portfolio of Salesforce Orgs is no easy feat. Salesforce’s built-in security settings tool, Health Check, helps tremendously, but still requires to touch each Org individually, and that quickly becomes slow and inefficient. The internal Salesforce Security team needed a central place to surface health check data plus other signals, so I built OrgMonitor.

OrgMonitor is an web application written in Node.js that interacts with your Salesforce Orgs as a Connected App; it’s designed to monitor the size/utilization and basic security posture of multiple Salesforce Orgs — production or sandboxes.

The OrgMonitor homepage lists all Orgs that have been connected to it so far and includes the ability to add Org names and descriptions in order to have a reference as to what those Orgs are used for.

Connecting a new Org to OrgMonitor is easy and requires no access to data and a very limited set of permissions, namely “View Health Check” and “View Setup and Configuration”.

The application connects to each Org via API through standard Oauth2 authentication and runs a set of SOQL queries against all connected Orgs on an hourly basis. OrgMonitor collects a set of important metrics and stores historical results in an underlying PostgresSQL database to provide a concise but in-depth view of the security health of all your orgs.

As you can see from the screenshot above, OrgMonitor

• Surfaces Health Check score and risks
• Answers to questions such as how many Users, Profiles, Permission Sets, Roles, Pages, Classes, Objects do we have?
• Provides visibility into users with high-level privileges (View All Data, Modify All Data, Author Apex, etc)
• Other metrics such as unused Roles and custom Profiles, Profiles without IP restrictions and Users without predefined corporate email addresses

The goal of OrgMonitor, as previously hinted at, is to provide a sense of size/utilization and basic security posture of multiple Salesforce Orgs.

Metrics shown with a “sparkles” icon can be drilled into to show the underlying data, here for example we can see the list of health check risks and the recommended values for this particular Org.

The application also provides a “Rank” view which allows to sort the Orgs that have been connected to the application by any of the collected metrics in order to quickly identify which orgs are the most used or those that we need to focus on to improve their health check score.

We are constantly looking for ways to improve OrgMonitor. Some current items on our Roadmap include:

• Enable Administrators to self-service and improve the overall security posture of the Orgs through actionable insights — right on the application’s UI — and proactive notifications.
• Get these metrics into the Health Check framework so all this data can be obtained through a single interface.

Stay tuned for more updates on OrgMonitor.

Follow us on Twitter: @SalesforceEng
Want to work with us? Let us know!