Salesforce B2C Commerce 24.7 > B2C Commerce Security Guide > B2C Commerce Security Model

Security Managed by Customer

Salesforce provides a variety of configurable security controls that authorized administrators can use to secure their instances on the Salesforce B2C Commerce platform. Customers can use additional controls to further customize their security footprint.

B2C Commerce provides the following types of security controls.

  • IP Allowlisting to restrict application-level access, for example, by setting combinations of IP and Geo IP restrictions.
  • Secure communication protocols, including HTTPS and SFTP, to enforce communication security.
  • Certificate Management, which allows Business Manager administrators to upload and manage their own certificates to securely integrate with other systems.
  • Two-Factor Authentication (2FA) is enforced on sensitive customer-managed interfaces.
  • Customizable roles and granular entitlement to define user access roles, permissions, and robust user provisioning processes.
  • Password and session management settings to define password settings and how sessions are managed.
  • Encryption to use industry-accepted encryption products to protect customer data and communications during transmissions to B2C Commerce platform; Salesforce offers PCI DSS compliant encryption for supported payment field types at rest and in transit. You can encrypt additional data, if required.
  • Audit logs to review and export data to user access logs; the audit log records all actions performed in the Control Center, regardless of which user performed the action. A user with administrator privileges can see all entries in the log.
  • Trust and compliance documentation that provides further details about the B2C Commerce platform.

As best practice, consider deploying the following security controls:

  • Secure design and implementation of custom code
  • Secure sourcing, deployment, and maintenance of third-party integrations and extensions
  • Continuous monitoring and incident response on customer and custom third-party integration assets
  • Anti-abuse, fraud detection, and prevention measures
Related concepts
Control Center
Related information
Trailhead Module: Salesforce B2C Commerce Trust Site
Security Advisories
B2C Commerce/Commerce Cloud Trust and Compliance Documentation
B2C Commerce Security, Privacy and Architecture

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.