Introducing Metazoa Spotlight Org Health and Security Optimizer

February 15, 2022

Imagine that a team of experts evaluated every aspect of your Salesforce org. They conduct over 150 different tests on org data, metadata, and architecture. Then they deliver a comprehensive color-coded report that details every problem including security risks, compliance audits, forgotten assets, technical debt, user adoption, inactive users, best practices, and code quality. Better yet, each line of the report has a link that will take you to a solution for the problem. Sounds great? This is exactly what Metazoa Spotlight does. But instead of a team of experts, Metazoa has taken 15 years of experience managing complex Salesforce orgs and encoded this knowledge into a single application that can automatically scan any org as often as needed. This is a game-changing capability that will encourage best practices for org management and greatly benefit every Salesforce developer and administrator.

This description may remind you of Salesforce Optimizer, which is a free service that looks at some aspects of org health. But Optimizer covers less than 30 different tests, and many of those are focused on encouraging use of various Salesforce products. Few aspects of data or code quality are considered. The parameters that Optimizer uses are hard coded and cannot be adjusted to account for the differences between orgs. This is why Metazoa Spotlight was created with over 150 comprehensive tests in eight different categories. We cover five times the territory that Optimizer does. You can adjust all the parameters for your org, and the output generated for each test is much more comprehensive

Running Metazoa Spotlight

Metazoa Spotlight is available on the AppExchange, here is a link to the listing. Just download our desktop application, log into any Salesforce org, and start running selected tests. This desktop application communicates directly between your personal computer and your Salesforce account using the Salesforce data and metadata API. Since all data and metadata remains under your control, Spotlight is a completely secure way to evaluate org health. Even better, you don’t have to install a managed package. The application works instantly on any type of Salesforce org. Every type of authentication is supported as well.

On the main screen, log into any Salesforce org and click the Launch button at below right. The first time you run a test, Spotlight will download a metadata snapshot of your org. For large orgs this can take some time. Every time org metadata changes Spotlight will take a new snapshot. The information in the snapshot is used for all of the different tests that Spotlight conducts.

The Main User Interface

The main interface for this application is simple. You can select up to 150 different tests from eight categories in the list at left. Use the Quick Find text entry box to search for tests by name. Try right clicking the list to select or deselect all the tests in any category. The currently selected test is shown in blue. The results for the selected test are available on the second Preview Report tab. You can adjust the various parameters for each test with the user interface at right. Go back and forth between adjusting the parameters and seeing the results on the second tab until you are satisfied with the selected test. The initial parameters for each test represent industry accepted best practices for Salesforce administration and org management. You can restore the initial parameters by clicking the Default Values button in the upper right corner of the screen.

The Display Report Tab

Check the green boxes next to the tests that you want to include in the final report. When you go to the Display Report tab, all of the tests that have been checked will be run. A really simple way to run the entire report is to right click and select all tests from the list and then advance to the Display Report tab. Each test will be summarized in the first table, and a more detailed report for each test is available in an additional table below. The color-coding can be adjusted for each test if desired.

The final report can be exported as CSV, HTML, PDF, and XLSX, which is the native Excel format. To the right of each table is a link into the Lightning Interface that will jump to the specific problem that was detected. In the summary table, the link will take you to the relevant documentation for our Snapshot Org Management product. Snapshot provides tools that can automatically fix many of these problems. An example of the report summary table is shown below. Now let’s look in more detail at all of the various different tests that are available.

Security Risks

This category provides 10 tests that make sure that org limits and user roles and permissions are secure. You can include the Salesforce reports for Security Health Check, Org Limits, and Release Updates that are overdue. Older orgs can check for formula fields that still use JavaScript, and guest site users that have access to data. Lastly, you can evaluate any profile or permission sets that have changed since the last time you ran the audit. Permission changes can expose sensitive information or give important capabilities to the wrong users.

  • Security Health Check Warnings
  • Org Resources With Low Availability
  • Release Updates That Are Overdue
  • Users With Administrative Privileges
  • Formula Fields That Use JavaScript
  • Queues And Groups That Have Guest Site Users
  • Sharing Rules That Grant Access To Guest Site Users
  • Objects With Default External Access For Guest Site Users
  • Profile Permissions That Have Changed
  • Permission Sets That Have Changed

Compliance Audit

This category provides 15 tests that look for compliance problems including missing documentation, confusing labels, and GDPR violations. You can test for orgs that have too many reports, profiles, and permission sets relative to the number of users. You can test for fields that contain personal information but are not encrypted. Another test looks at page layouts that have too many required fields. Lastly, you can calculate the percent of multiselect picklists compared to all fields. Multiselect picklists complicate reporting and formulas.

  • Metadata Assets That Have Been Deprecated
  • Metadata Assets With Missing Descriptions
  • Fields With Missing Compliance Information
  • Fields With Missing Descriptions And Help Text
  • Personal Data Fields Missing Compliance Information
  • Personal Data Fields That Are Not Encrypted
  • Fields With Labels That Look Like Other Fields
  • Objects With Labels That Look Like Other Objects
  • Administrative Profiles With Limited Field Access
  • Administrative Profiles With Limited Object Access
  • Too Many Reports Compared To Active Users
  • Too Many Profiles Compared To Active Users
  • Too Many Permission Sets Compared To Active Users
  • Too Many Multiselect Picklists Compared To All Fields
  • Too Many Required Fields On Page Layouts

Forgotten Assets

This category provides 45 tests that look for metadata assets that are hidden, inactive, disconnected, or improperly configured. Some of these problems indicate the need for org cleanup, but in other cases, immediate action may be required.

  • Approval Processes That Are Not Active
  • Assignment Rules That Are Not Active
  • Auto Response Rules That Are Not Active
  • Business Processes That Are Not Active
  • Custom Application Components That Are Hidden
  • Custom Applications Not Visible In Profiles And Permission Sets
  • Custom Objects Not Referenced By Other Assets
  • Custom Sites That Are Not Active
  • Custom Page Web Links Not Referenced By Home Page Components
  • Custom Tabs Not Visible In Profiles And Permission Sets
  • Data Category Groups That Are Not Active
  • Duplicate Rules That Are Not Active
  • Email Templates Not Referenced By Other Assets
  • Entitlement Processes That Are Not Active
  • Escalation Rules That Are Not Active
  • Fields Not Referenced By Other Assets
  • Field Sets Not Referenced By Other Assets
  • Flow Definitions That Are Not Active
  • Flows That Are Not Active
  • Global Value Sets Not Referenced By Custom Objects
  • Groups Not Referenced By Other Assets
  • Home Page Components Not Referenced By Home Page Layouts
  • Keyword Lists Not Referenced By Moderation Rules
  • Letterheads Not Referenced By Email Templates
  • Live Chat Buttons That Are Not Active
  • Live Chat Sensitive Data Rules That Are Not Enabled
  • Matching Rules That Are Not Active
  • Moderation Rules That Are Not Active
  • Page Layouts Not Assigned By Profiles
  • Path Assistants That Are Not Active
  • Permission Set Groups Not Assigned To Active Users
  • Permission Sets Not Assigned To Active Users
  • Portals That Are Not Active
  • Profiles Not Assigned To Active Users
  • Queues Not Referenced By Other Assets
  • Quick Actions Not Referenced By Page Layouts
  • Record Types Not Visible In Profiles And Permission Sets
  • Remote Site Settings That Are Not Active
  • Report Types Not Referenced By Other Assets
  • Roles Not Assigned To Active Users
  • Skills Not Referenced By Other Assets
  • Transaction Security Policies That Are Not Active
  • Validation Rules That Are Not Active
  • Web Links Not Referenced By Page Layouts
  • Workflow Rules That Are Not Active

Technical Debt

This category provides 7 tests that make sure that fields, picklists, reports, and dashboards are being fully utilized. You can scan for fields that mainly have empty values, picklists with lots of junk values, and reports, dashboards, and email templates that have not been used in a long time. You may want to adjust the objects that have been selected for each test. The default selection just covers the Account, Case, Contact, Lead, and Opportunity objects. Lastly, custom profiles and permission sets assigned to few active users are a source of metadata bloat and should be deprecated.

  • Fields With Too Many Empty Values
  • Picklists With Too Many Junk Values
  • Reports That Have Not Been Run Recently
  • Dashboards That Have Not Been Refreshed Recently
  • Email Templates That Have Not Been Used Recently
  • Custom Profiles Assigned To Few Active Users
  • Permission Sets Assigned To Few Users Or Groups

User Adoption

This category provides 2 tests that make sure that users are logging in, making changes, and adopting lightning. You can select the group of users and the selected objects for the tests. The default selection covers the Account, Case, Contact, Lead, and Opportunity objects. The list of objects and users can be adjusted with the parameter values on the first tab at right.

  • Users That Have Not Logged In Recently
  • Users That Have Not Modified Any Record Recently

Inactive Cleanup

This category provides 45 tests that make sure that inactive users are not connected to important enterprise systems. Some of these problems indicate the need for org cleanup, but in other cases, immediate action may be required. For example, if active users are reporting to inactive managers then many problems can occur. If a dashboard’s running user is not active then the dashboard will not function. In other situations, the old email addresses of inactive users can be left hiding out in the org. All these problems will be detected.

  • Accounts That Have Inactive Team Members
  • Active Users That Make Requests To Inactive Delegated Approvers
  • Active Users That Report To Inactive Managers
  • Analytic Snapshots With Inactive Running Users
  • Apex Email Notifications Sent To Inactive Users
  • Apex Email Notifications Sent To Inactive Users Address
  • Approval Processes With Inactive Allowed Submitters
  • Approval Processes With Inactive Named Approvers
  • Assignment Rules With Items Assigned To Inactive Users
  • Auth Providers With Inactive Execution Users
  • Auto Response Rule Emails Sent By Inactive Users Address
  • Case Settings Routing Emails Sent To Inactive Users Address
  • Case Settings With Inactive Case Owners
  • Case Settings With Inactive Default Case Owners
  • Case Settings With Inactive Default Case Users
  • Cases That Have Inactive Ad Hoc Team Members
  • Cases That Have Inactive Predefined Team Members
  • Closed Opportunities That Have Inactive Team Members
  • Connected App Contact Emails Sent To Inactive Users Address
  • Custom Sites With Inactive Guest Record Owners
  • Custom Sites With Inactive Site Administrators
  • Dashboards With Inactive Running Users
  • Email Services Functions With Inactive Running Users
  • Escalation Rule Emails Sent To Inactive Users Address
  • Escalation Rules With Inactive Assigned Users
  • Escalation Rules With Inactive Notification Users
  • Groups That Have Inactive Members
  • Knowledge Settings With Articles Assigned To Inactive Users
  • Live Chat Configurations Associated With Inactive Users
  • My Domain Discoverable Logins Where Inactive Users Execute Apex
  • Open Opportunities That Have Inactive Team Members
  • Package Licenses Assigned To Inactive Users
  • Permission Set Groups Assigned To Inactive Users
  • Permission Set Licenses Assigned To Inactive Users
  • Permission Sets Assigned To Inactive Users
  • Portals With Inactive Administrators
  • Queue Owner Emails Sent To Inactive Users Address
  • Queues That Have Inactive Members
  • Roles That Have Inactive Members
  • Transaction Security Policies Where Inactive Users Execute Apex
  • Transaction Security Policies Where Inactive Users Receive Notifications
  • Workflow Alert Emails Sent To Inactive Users Address
  • Workflows Where Inactive Users Are Assigned Tasks
  • Workflows Where Inactive Users Receive Email Alerts
  • Workflows Where Inactive Users Send Outbound Messages

Best Practices

This category provides 20 tests that make sure that objects, fields, and records are following best practices. You can test for fields with missing compliance information and confusing labels. Objects that have too many required fields, record types, validation rules, and triggers. Cases and opportunities that were created and closed the same day. Contacts and leads without valid information. Opportunities and cases that are overdue or have never been updated.

  • Objects That Need More Formula And Rollup Fields
  • Objects With Too Many Validation Rules
  • Objects With Too Many Required Or Unique Fields
  • Objects With Too Many Record Types
  • Objects With Too Many Lookup Relationships
  • Objects With Too Many Apex Triggers
  • Objects With Too Many Record Trigger Flows
  • Objects That Mix Triggers, Workflows, and Flows
  • Records That Are Missing Record Type Information
  • Records That Are Owned By Inactive Users
  • Cases That Are Overdue
  • Cases Created And Closed On The Same Day
  • Contacts That Don’t Have Any Valid Information
  • Contacts That Are Not Connected To An Account
  • Leads That Don’t Have Any Valid Information
  • Opportunities That Are Overdue
  • Opportunities Created And Closed On The Same Day
  • Closed Won Opportunities With No Activity Records
  • Opportunities That Have Never Been Updated
  • Tasks That Have Been Open For Too Long

Code Quality

This category provides 6 tests that make sure that Apex code quality and coverage are working correctly. This category provides a wealth of information with static code analysis. You can test for Apex triggers that reference multiple assets. Apex classes and triggers with low code quality, low code coverage, or obsolete version numbers.

  • Apex Triggers That Reference Multiple Assets
  • Apex Classes And Triggers With Low Code Quality
  • Apex Classes And Triggers With Low Code Coverage
  • Apex Classes And Triggers With Low Version Numbers
  • Apex Classes That Call External Services
  • Apex Classes Called By External Services

Conclusion

There you have it. Metazoa Spotlight is the first comprehensive org health and security optimizer available for Salesforce. This report covers five times the territory of Salesforce Optimizer. This application can be run any time there are major changes to an org. Every aspect of health and security will be evaluated. Please give this report a try and let us know of additional test that we can cover in the future versions of the product.

 

Bill Appleton

CTO Metazoa

Spotlight Website Link: https://www.metazoa.com/spotlight/

AppExchange Link: https://appexchange.salesforce.com/appxListingDetail?listingId=a0N300000016cejEAA

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *