Prevent Using Standard External Profiles for Self-Registration and User Creation (Security Alert and Critical Update, Enforced)

This update restricts the use of standard external profiles for self-registration and assignment to users.

Where: This change applies to Lightning and Salesforce Tabs + Visualforce communities accessed through Lightning Experience and Salesforce Classic in Essentials, Enterprise, Performance, Unlimited, and Developer editions.

Who: This change applies to all orgs using standard external profiles associated with the following licenses:
  • BronzePartner ExternalAppsPlusLogin
  • CSPLitePortal
  • CustomerCommunity
  • CustomerCommunityLogin
  • CustomerCommunityPlus
  • CustomerCommunityPlusLogin
  • CustomerPortalManager
  • CustomerPortalManagerCustom
  • CustomerPortalManagerStandard
  • ExternalAppsLogin
  • ExternalAppsMember
  • ExternalAppsPlusMember GoldPartner
  • HighVolumeCustomerPortal
  • HighVolumePortal
  • IdeasOnlyPortal
  • LimitedCustomerPortalMgrCustom
  • LimitedCustomerPortalMgrStandard
  • OverageAuthenticatedWebsite
  • OverageCustomerPortalMgrCustom
  • OverageCustomerPortalMgrStandard
  • OverageHighVolumeCustomerPortal
  • Partner
  • PartnerCommunity
  • PartnerCommunityLogin
  • PlatformPortal
  • SilverPartner AuthenticatedWebsite

Why: This update prevents using standard external profiles for self-registration and user creation. For self-registration, we recommend that you assign users to a cloned community profile, rather than a standard community profile. We also recommend that you use cloned community profiles for new users.

How: To allow self-registration and user creation using standard external profiles, go to Setup | Communities Settings and enable the new Allow standard external profiles for self-registration and assignment to users preference. Force.com and legacy portal users can enable the preference using Metadata API.
Note

Note

Allowing self-registration and community user setup with standard external profiles is not a Salesforce best practice. Review the object permissions and field-level security settings for all standard external profiles before turning on the preference.

Tip

Tip

This update is both a critical update and a security alert, and appears in both the Critical Update Console and the Security Alerts page in Setup. To ensure a smooth transition, follow the step-by-step recommendations on the Security Alerts page.