Auditing Salesforce Org: Setup Audit Trail, Login History, and Field History Tracking
In this salesforce tutorial we are going to learn about different auditing Salesforce org features. Auditing features do not provide security to the organization themselves but they provide information about usage of the system which will be helpful in diagnosing potential or real security issues. It is very important that to perform regular audits to detect potential abuse. We should perform regular audits to check unusual usage.
Auditing a Salesforce org means reviewing who logged in, who changed setup, who created or updated records, and which important field values changed over time. These audit records help administrators investigate configuration changes, user activity, data changes, and possible compliance questions. They are not a replacement for permissions, profiles, permission sets, sharing rules, or field-level security; they are monitoring and investigation tools that support a secure operating process.
Salesforce provides different types of application to monitor changes in our salesforce organisation, user activities and object history tracking. All these Auditing features and applications are managed and viewed by system administrator only.
Core Salesforce Org Audit Features Administrators Should Review
The most common audit areas in Salesforce are record modification fields, Login History, Field History Tracking, Setup Audit Trail, and, for orgs that need longer field history retention, Field Audit Trail. Each feature answers a different audit question, so administrators should not treat them as the same report.
- Record modification fields :- Every time when a record is created or updated salesforce automatically logs in the person who created the record and the person who modified the record last time.
- Login History :- Login history basically tells about which all the users who login in to the org, whether the login is successful or failure and how they they basically login, login via browser or login via Api. all these information available at login history. In login history we get information about login time, Source IP, location, Login type, status, Browser, Platform, Application, Client version and Api Type.
- Field History Tracking :- Field History Tracking is method used to capture the changes in the field. This can be done for supported standard objects and custom objects. Standard field history retention is limited, so administrators should review the current Salesforce retention rules before relying on it for long-term audit evidence.
- Setup Audit Trail :- Salesforce Audit Trail is available especially for administrators to track recent setup changes in the organization. Setup Audit trail feature is available only for user and administrators who have view setup and configuration permissions.
Record Modification Fields in Salesforce Audit Reviews
Record modification fields are the first place to check when the audit question is about a single record. Salesforce stores system fields such as who created the record, when it was created, who last modified it, and when it was last modified. These fields are useful for basic ownership and change checks, but they do not show every field-level change that happened between creation and the latest update.
Use record modification fields when you need a quick answer to questions such as “Who last updated this Account?” or “When was this Case last changed?” If you need the previous value of a specific field, enable Field History Tracking before the change occurs.
Login History for Auditing Salesforce User Access
Login History helps administrators review access attempts to the Salesforce org. It can show successful and failed logins along with details such as login time, source IP, login type, browser, platform, status, and application. This is useful when you investigate failed login patterns, unexpected access locations, integration login behavior, or a user reporting login problems.
Login History should be reviewed together with user permissions, profile assignments, permission sets, connected apps, and multi-factor authentication settings. A successful login only tells you that access occurred; it does not by itself explain what data the user viewed or changed after logging in.
Setup Audit Trail for Tracking Salesforce Configuration Changes
Setup Audit Trail records many setup and configuration changes in the org. It is useful when an administrator needs to know who changed a workflow, validation rule, custom field, permission setting, connected app, sharing configuration, or other setup item. Salesforce Setup Audit Trail is especially important in teams where multiple admins or release managers make changes.
Administrators can use Setup Audit Trail for recent investigation and can also download audit information when longer review or change management records are required. Salesforce documentation commonly refers to Setup Audit Trail data being available for up to 180 days, so teams that need longer retention should export and archive it as part of their governance process.
Field History Tracking for Auditing Salesforce Data Changes
Field History Tracking records changes to selected fields on supported standard and custom objects. When a tracked field changes, Salesforce can store details such as the field changed, old value, new value, user, and time of change. This is useful for important business fields such as Opportunity Stage, Case Status, Account Owner, Amount, Close Date, approval-related fields, or compliance-sensitive custom fields.
When Field Audit Trail is not enabled, Salesforce field history data is retained for a limited period, commonly up to 18 months in the user interface and up to 24 months through the API. Older history may require API export, Data Loader export, external archiving, or Field Audit Trail depending on the org’s compliance needs. For the current retention rules, review the official Salesforce Field History Tracking documentation at https://help.salesforce.com/s/articleView?id=xcloud.tracking_field_history.htm&language=en_US&type=5.
Field Audit Trail vs Field History Tracking in Salesforce
Field History Tracking is the standard feature used to track selected field changes. Field Audit Trail is a Salesforce Shield capability used by orgs that need stronger field history governance and longer retention control. The two features are related, but they are not the same. Field History Tracking answers “what changed on this tracked field?” while Field Audit Trail helps define and manage retention for field history data when the org has the required feature enabled.
| Audit feature | Primary audit question | Where it helps most |
|---|---|---|
| Record modification fields | Who created or last modified this record? | Quick record-level checks |
| Login History | Who attempted to log in, when, and from where? | Access review and login troubleshooting |
| Setup Audit Trail | Who changed org setup or configuration? | Admin change review and release governance |
| Field History Tracking | What changed on selected fields? | Important data change investigation |
| Field Audit Trail | How should field history be retained and governed? | Longer retention and compliance-driven audit needs |
How to Plan a Salesforce Org Audit Review
A useful Salesforce audit review starts with the question you need to answer. For example, a login issue points to Login History, a setup change points to Setup Audit Trail, and a value change on an important field points to Field History Tracking. Start with the smallest relevant audit source, then expand the review if the first source does not answer the question.
- Define the audit question. Decide whether you are investigating access, setup changes, record changes, field value changes, or retention gaps.
- Check the correct Salesforce audit source. Use Login History, Setup Audit Trail, record modification fields, or Field History Tracking based on the question.
- Review related permissions. Audit records should be compared with profiles, permission sets, permission set groups, sharing rules, and field-level security.
- Export audit data when needed. If your organization needs long-term evidence, define an export and archive process instead of relying only on UI history.
- Document the finding. Record the user, date, object, field or setup item, business impact, and action taken.
Salesforce Audit Trail and Field History Tracking Limitations
Salesforce audit features are helpful, but each one has limits. A record’s last modified details do not show all previous changes. Login History does not explain every action performed after login. Setup Audit Trail is focused on setup changes, not normal record edits. Field History Tracking only tracks selected fields and does not automatically cover every field in the org.
For important objects, administrators should decide in advance which fields must be tracked. Waiting until after a problem occurs is usually too late, because Field History Tracking captures changes only after tracking is enabled for that field. For regulated or long-retention requirements, review Salesforce Field Audit Trail documentation and your organization’s license before designing the audit process.
Official Salesforce Audit and Field History References
- Salesforce Field History Tracking documentation: https://help.salesforce.com/s/articleView?id=xcloud.tracking_field_history.htm&language=en_US&type=5
- Salesforce Field Audit Trail implementation guide: https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/field_audit_trail.htm
- Salesforce field history retention PDF: https://resources.docs.salesforce.com/latest/latest/en-us/sfdc/pdf/field_history_retention.pdf
Record modification, login history, field history tracking and setup audit trail are the four ways used for Auditing salesforce. In our upcoming Salesforce tutorial we clearly understand about all the four Auditing systems in salesforce.
Auditing Salesforce Org FAQ
What is auditing in Salesforce?
Auditing in Salesforce means reviewing system records that show user access, setup changes, record updates, and selected field value changes. It helps administrators investigate activity and support governance, but it does not replace access controls.
What is the difference between Setup Audit Trail and Field History Tracking?
Setup Audit Trail tracks changes made to Salesforce setup and configuration. Field History Tracking tracks changes to selected fields on supported objects. Use Setup Audit Trail for admin configuration changes and Field History Tracking for business data value changes.
Does Field History Tracking record every field change in Salesforce?
No. Field History Tracking records changes only for fields that are enabled for tracking on supported objects. Administrators should choose important fields before an audit need occurs.
How long is Salesforce field history retained?
Standard Field History Tracking has limited retention when Field Audit Trail is not enabled. Because retention behavior can depend on Salesforce features and current platform rules, administrators should verify the latest Salesforce Field History Tracking and Field Audit Trail documentation for their org.
Who can view Salesforce Setup Audit Trail?
Setup Audit Trail is intended for administrators and users with the required setup and configuration permissions. Access should be limited to users who are responsible for org administration, security review, or release governance.
Editorial QA Checklist for This Salesforce Org Auditing Tutorial
- Confirm that the tutorial separates Salesforce Setup Audit Trail, Login History, Field History Tracking, Field Audit Trail, and record modification fields clearly.
- Check that field history retention wording does not overstate long-term availability without Field Audit Trail or an export process.
- Verify that the existing internal links to Salesforce security, object history tracking, Login History, profiles, and permission sets remain unchanged.
- Review official Salesforce documentation links for Field History Tracking, Field Audit Trail, and field history retention before publishing future updates.
- Make sure the audit guidance explains that auditing supports investigation and governance but does not itself enforce Salesforce security.
TutorialKart.com