

7 Hidden Gems in Salesforce Setup YouProbably Didn’t Know About
Salesforce is a feature-rich platform, and even experienced admins and developers often overlook some powerful tools buried deep within Setup. These lesser-known features—what we like to call “hidden gems”—can significantly improve org management, visibility, security, and developer productivity. In this article, we’ll spotlight 7 hidden gems in Salesforce Setup that deserve more attention.
1. Security Health Check
Salesforce Health Check is a comprehensive review of a Salesforce implementation that provides insights into areas for improvement and recommendations for best practices. The Health Check covers a wide range of topics, including data quality, security, performance, automation, and more. By performing a Health Check, users can identify potential issues and optimize their org to ensure it is running at peak efficiency
Where to find it: Setup > Security > Health Check
This underrated tool audits your org’s security settings and compares them against Salesforce’s baseline. You’ll see a percentage score and a list of:
- High, medium, and low-risk vulnerabilities (e.g., maximum invalid logins, password policies, session timeouts, guest user access)
- Recommendations for quick wins
The tool calculates a security score between 0 and 100, indicating how closely your settings align with best practices. Higher scores mean better security. Scores are categorized as:
- 90–100: Excellent
- 80–89: Very Good
- 70–79: Good
- 55–69: Poor
- 54 and below: Very Poor

It’s like a Salesforce security checklist—but automated. Admins can fix issues individually by clicking the Edit link next to each setting or using the Fix Risks button to align all settings to recommended values at once.
Pro Tip: Combine this with a manual review of Profile and Permission Set access because even if your Security Health Check score is 100%, permission misconfigurations could leave your data vulnerable. Combining both reviews gives you true security assurance.
Learn more about Monitoring & Auditing Tools in Salesforce.
2. Login Forensics
Where to find it: Setup > Event Manager > Scroll down to ‘Login Event’ > Select ‘Enable Storing’ from the dropdown against Login Event.
Salesforce Login Forensics is a security feature designed to help administrators identify suspicious login activity and prevent identity fraud within Salesforce organizations. It provides detailed insights into user login behaviour, enabling security teams to detect potentially compromised accounts or unusual access patterns. Login Forensics provides visibility into:
- Logins from suspicious IP ranges
- Detect users logging in during non-business hours
- Login activity location
- The average number of logins per user over a specified time period, helping to establish normal login behaviour
This data is critical for auditing and identifying potential security threats. It requires Event Monitoring enabled, and Salesforce Shield or Event Monitoring add-on. You can also access data without these by executing standard SOQL queries but this access is limited compared to what you get with Salesforce Shield or the Event Monitoring add-on.
Accessing data using standard SOQL queries:
Query to view who has logged in:
SELECT EventDate, UserId, Username, UserType, Browser, Country, Status
FROM LoginEvent
ORDER BY EventDate DESC

Query to view no. of logins per user:
SELECT UserId, COUNT(Id) loginCount
FROM LoginHistory
WHERE LoginTime >= 2025-06-01T00:00:00Z AND LoginTime <= 2025-06-30T23:59:59Z
GROUP BY UserId

Use case: If you suspect brute-force login attempts or API token misuse, this is your first stop.
3. Object Limits
Where to find it: Setup > Object Manager > Object > Object Limits
This screen shows limits specific to each object, like: max custom fields, max relationships, validation rules, rollup summary fields, approval processes, etc.

It’s especially helpful when designing complex data models and wondering how close you are to platform constraints.
Architect tip: Use this view before implementing highly customized objects to avoid surprises later.
4. Login Flow
Login flows in Salesforce is one of the greatest Arsenal that could be used to collect information from users during Login process. You could also use Login flows to show “Terms & Conditions” page or “Privacy policy” Page and make users Accept during Login. Login flows will come to your rescue during deployments and release to stop users from logging into the System.
Where to find it: Setup > Login Flows
Login Flows allow you to insert a Flow right into the login process. Use this to:
- Show announcements
- Collect survey feedback
- Enforce terms & conditions
- Capture MFA opt-ins
Unlike traditional flows, Login Flows run before the user lands in the app, which makes them powerful for onboarding, alerts, or security measures.
To implement a new login flow:
- First, create a new screen flow.
- Add the required components to the flow and activate it.
- Then navigate to the Login Flow menu and click the New button.
- Select the created screen flow and save.



5. App Launcher Branding
Where to find it: Setup > Themes and Branding
Want to give your Salesforce org a visual refresh? The App Launcher Branding section allows you to:
- Customize background colours
- Set loading page messages
You can either activate an existing theme or create a new one. To preview/activate an existing theme, select the option: Preview or Activate, from the dropdown against the preferred theme.

To create a new theme, click the New Theme button. Fill in the details, and add your custom logo and colours. Save, preview, and activate the theme.
This improves the user experience, especially in multi-org environments or client-specific portals.
Note: This branding is per-org, so you can tailor it for dev/test vs. production.
6. Session Settings for Lightning Login, Browser Caching, and Clickjack Protection
Where to find it: Setup > Session Settings
This panel is a goldmine of nuanced controls:
- Disable session timeout warnings
- Enable Lightning Login (biometric login via mobile app)
- Control caching behaviour
- Prevent clickjacking via framing protection

Often overlooked, but critical for balancing security and usability.
7. External Services Usage Monitor
Where to find it: Setup > Quick Find > External Services
This section displays five usage gauges for connected external APIs and Services, showing current consumption vs limits. Valuable for tracking integrations and API limits in real-time.
Final Thoughts
While Salesforce Setup has a reputation for being vast and sometimes overwhelming, hidden within it are tools that can boost security, speed up development, and improve system governance. Exploring these lesser-known areas doesn’t just make you a better admin or developer—it empowers your entire team to work smarter.
Before you create another flow or trigger, spend a few minutes digging through Setup. You might just uncover a gem that saves you hours or improves your org’s health in unexpected ways.