179 episodes
- Today on the Salesforce Admins Podcast, we talk to Jay Hurst, Senior Vice President of Product Management, and James Ferguson, Senior Director of Product Management, at Salesforce.
Join us as we chat about MFA step-up authentication and what it means for Salesforce Admins.
You should subscribe for the full episode, but here are a few takeaways from our conversation with Jay Hurst and James Ferguson.
Step-up authentication protects sensitive actions
Starting next week, Salesforce is requiring all users to use Multi-Factor Authentication (MFA). If you're a privileged user like, for example, an admin, you'll need to use a phishing-resistant MFA. That's why I sat down with Jay Hurst, VP of Product Management, and James Ferguson, Senior Director of Product Management, to talk about why these changes are vital to protect your org's data.
The first thing to know is that AI is making it easier than ever to launch targeted phishing attacks at scale. So while the MFA requirements provide a good first layer of protection, we want to make extra sure you are who you say you are before you're allowed to perform certain actions, like downloading a large number of records or running a big report.
Phishing-resistant MFA uses a passkey, like a fingerprint or facial recognition biometric, to verify that it's actually you and not just someone with access to your email account.
Balancing security with user friction
As Jay and James acknowledge, these changes will add some friction to your users' experience. However, with the pace at which these kinds of attacks are evolving, it's more important than ever to get serious about your security posture.
"We're trying to introduce a little more friction right now so that people start to think," Jay explains, "and start to build those habits of understanding when they're doing something that potentially could be considered a malicious attack, such as downloading that All Opportunities report."
They're also building out compensating controls that should make things easier in the future, allowing you to trust users from a certain IP range, for example.
Security is a journey, not a destination
The most important thing to realize is that these requirements are about more than just jumping through some extra hoops. Phishing and man-in-the-middle attacks are growing more and more sophisticated, and you need better protections than "Well, that hasn't happened yet."
Instead, James and Jay recommend viewing this as an opportunity to partner with other stakeholders in your org to develop a comprehensive security plan. As Jay says, "Security is a journey, not a destination. What is 100% secure today is not as secure tomorrow." The trick is to develop a security-focused mindset throughout your business that will protect you now and in the future.
Make sure to listen to my full conversation with Jay and James for more on step-up authentication and how admins can reduce friction for users. And make sure you're subscribed to the Salesforce Admins Podcast so you never miss an episode.
Podcast swag
Salesforce Admins on the Trailhead Store
Learn more
Salesforce Admins Podcast Episode: What Are Security Essentials for Salesforce Admins?
Salesforce Admins Blog Post: Securing Your Org: From Reactive to Proactive
Salesforce Help Article: Prepare for the upcoming Step-up Authentication requirements on Report Actions
Salesforce Help Article: Prepare for MFA Enforcement for All Employee Users
Salesforce Help Article: Prepare for Phishing-Resistant MFA Enforcement for Privileged Users including Admins
Salesforce Help Article: Security-Related Product Updates to the Salesforce Platform: User Identity, Data Protection, and Access Controls
Admin Trailblazers Group
Admin Trailblazers Community Group
Social
Jay on LinkedIn
James on LinkedIn
Salesforce Admins on LinkedIn
Salesforce Admins on X
Mike on Bluesky social
Mike on Threads
Mike on X
Full show transcript
Mike:
This week on the Salesforce Admins Podcast, we're talking with Jay Hurst and James Ferguson from Salesforce Product Management about MFA step-up authentication and what it means for Salesforce admins. As you know, security isn't just a front-door login decision anymore. It's about protecting sensitive actions, understanding risk, and designing systems users can trust.
So Jay and James are going to help us unpack phishing-resistant MFA, compensating controls, IP ranges, SSO, and why these changes matter in a world where data, automation and AI are all working together. For us Salesforce admins, this is a chance to think beyond features and really look at how we steward the entire system. So listen in, click that Subscribe button, and of course I would love if you could share it with fellow Salesforce admins or, hey, you know what? Let's make some friends in that security team. So with that, let's get Jay and James on the podcast. So Jay and James, welcome to the podcast.
Jay Hurst:
Thanks for having us, Mike.
James Ferguson:
Great to be here.
Mike:
Absolutely. Jay, let's start off with you. We kind of want to get to know a little bit about you, and James, we'll call on you second, but before we get into our topic today, can you just tell me a little bit about how you got to Salesforce and what you do?
Jay Hurst:
Sure, yeah. So I have been with Salesforce for almost 22 years now. I started in our customer support department, one of the first 12 phone support reps here at Salesforce. Did that for a couple years and helped found our Tier 3 organization in support. Eventually moved over to our customer-centric engineering department, stayed in there for a while. And then in 2012, had an opportunity to join the product management group for platform, and I moved over and ran a team called Force.com Canvas. And for the last, I guess, 12-ish years now, I've been kind of weaving my way upwards through platform. Currently, I lead our platform services subcloud, so all of the core foundational pieces of platform that you might think of are schema and metadata, APIs, eventing systems, connectivity systems, and also our identity area, which is what brings us here today to talk about MFA.
Mike:
Yeah. Boy, flashback. You called it the Force.com platform.
Jay Hurst:
Well, that's what it was called back then.
Mike:
I know. I know.
Jay Hurst:
And I can't remember all of the names we've had for it.
Mike:
Oh, that's okay. I'm sure there's a website that tracks all of them.
Jay Hurst:
I'm sure there is.
Mike:
James, fill us in. How'd you get to Salesforce, and what do you do here?
James Ferguson:
Well, I am, I guess compared to Jay, one of the newer members of the team. I've only been at Salesforce for about 16 and a half years, almost 17 years. Pretty much entirely on the platform product management side, working on various things people know and love like sharing and big objects and event monitoring and those things. And most recently I've taken over responsibility for the identity product team, responsible for all the login and auth and SSO and all of the wonderful things we'll talk about today.
Mike:
Oh, wow. Okay. So then just to be clear, I'm actually the newest person on this call. I've only been at Salesforce for a little over 12 years now, so I guess I still have my rookie stripes.
Jay Hurst:
Combined we're almost at 40, or just over 40.
Mike:
Yeah, combined. We almost get our AARP discount, right?
Jay Hurst:
Yeah, exactly.
Mike:
Jay, let's kick off. I know I did a podcast ... and I'll link back to it ... not that long ago with Laura Pelke talking about some of the new things that were coming out, and of course security is always big on admins' mind. She did a wonderful job of explaining step-up authentication to me, which was basically the airport analogy of you have to show your ID to get in and then you have to show your boarding pass to get onto the plane. I thought that really made sense to me, but let's talk about the new authentication that's coming out, if you call it that, and the new step-up concerns that Salesforce admins have.
Jay Hurst:
Sure. So I think as we move into the continued proliferation of agents and AI across the industry, security is obviously top of mind for a lot of our customers and for Salesforce as well, specifically because we have to help protect our customers. And so when we're thinking of that and how we ensure our customers' data is protected, with step-up authentication, it's really focused around in that same analogy, making sure you're providing your boarding pass at the right times when you're doing things. So just like you need to show your boarding pass when you go through the TSA gate and when you're on the plane and probably to the gate agent after you're on the plane, when you're doing certain things within Salesforce, we want to make sure you are who you actually are and your session hasn't been compromised.
So when you're doing certain higher sensitivity-type actions such as I want to download 10,000 records out of my system, maybe run a report, putting that end user through another verification of, "Hey, is this actually you? Prove it with your step-up," so that we have that confidence that we can release the records. And so this kind of helps prevent some of those man-in-the-middle phishing attacks where somebody gets you to log in and then steals your credentials or steals your session in the background. So it's kind of that second or third or fourth level of protection in the runtime.
Mike:
Wow.
James Ferguson:
I think that's an important shift that's worth calling out, because it's no longer about just putting a stronger lock on the front door and making sure somebody has better passwords, or even the later stuff, the more recent stuff with verification. But it's when sensitive things happen, we need to do a little extra even once you're inside the airport, if we want to continue that analogy. And so it's a shift from that front door to moving forward.
Mike:
Yeah. James, help me understand that a little bit more, because I think one of the things that admins always fight is user friction. How hard is it to do something? And now we're introducing something when it could disrupt their flow of work, but it's for a good reason.
James Ferguson:
Exactly. I would say that we are constantly balancing that. We're constantly balancing the need for security with the friction it does. And so we aren't expecting to do every click, for example, but just when you're exporting data from a report, which is potentially pulling a large amount of data out, we want to make extra sure. We're looking at some other things in the future around maybe when you're an admin changing some security configurations, we want to make sure you are who you are. And frankly, you see this more and more even in consumer websites where sometimes you're asked. If you're going to change a phone number, change a thing, you need to go back and sort of double-proof who you are. But it is a trade-off. It is a trade-off.
Mike:
Yeah. It's like once you're logged in, it's, "Oh, if you're going to change." I was trying to order tacos the other day through an app and I needed to update my credit card. And then right after I did that, they're like, "And you need to put your password back in." I'm assuming that was kind of the same situation.
James Ferguson:
Kind of the same situation.
Jay Hurst:
Yeah, exactly. Exactly. Yeah. And the other thing I'll add to this too is on the friction point. We always have to balance that. Like James said, we don't want people to become overly frustrated and not want to use Salesforce because it has too much friction. But the reality is over the last 20 years, we've edged so far on the line of not causing any friction that we've led admins down the path of not having that understanding of what their users are doing, and really not getting into that proper security-conscious mode. So we're trying to rubber band a little bit back on the other side, introduce a little more friction right now, so that people start to think and start to build those habits of understanding when they're doing something that potentially could be considered a malicious attack, such as downloading that all-opportunities report. So starting to get customers to think through that while we are continuing to build out what we call compensating control.
So the end goal here is not to provide friction and it's not to force you to do these one-time passwords for everything you need to do in the system. It's to give admins that layered capability of saying, "Well, if I have these five or six different controls I can put into place, then they can kind of compensate for one another." So where the most friction might be having to open up your email to get that one-time password to do the step-up, maybe we can compensate that through things like having a trusted IP range or already having a phishing-resistant authentication put in, or other controls that we will layer in. So we ultimately get to a posture where the admin can both reduce friction while choosing the proper set of controls for their needs.
Mike:
Yeah. No, that makes sense. You mentioned phishing-resistant MFA. Can you help me explain that if somebody's never heard that before?
Jay Hurst:
Yeah. So maybe I'm going to try and wiggle this airport analogy in. If we think way back in the day when you had your IDs, before REAL IDs and all of this, you didn't actually have good authentication on them. You might have a really bad picture, or in some cases IDs didn't have any pictures on them. They just had your name and your information, but they were accepted. Now, the problem with that is anybody could steal it if it doesn't have your picture, and they can pretend to be you.
So phishing-resistant MFA is kind of that same thing. Where a normal MFA might be a one-time password on your phone where you get that push notification that says, "Hey, your code is 123456, enter that code in," that's great because it means you have to have your phone in order to get that one-time password, but it's not as secure because it's sent over SMS. It doesn't really verify that you are who you say you are. It's only that you have access to that phone. Phishing-resistant adds another layer on top of that, so it's not just over SMS or in an app. It would be through what are called passkeys or other more cryptographically secure passes. So think of your face ID, your touch ID, some of those passkey-type implementations that you might see, where it's not just getting a code, but you have to unlock a vault that has your information in it and then you provide that information out.
So it's taking it from that ID that anybody can use if they just happen to steal your wallet into more of a REAL ID that also has some biometrics attached to it. So you can actually guarantee it's not just that you have the thing, but you have the thing and you are the person that should have the thing that identifies you. And so that's what we're implementing today that's starting to roll out tomorrow in production. We've already started pushing it into sandbox for admins where we want all of our administrative users across the system to enroll and use these phishing-resistant MFA capabilities, so that they're more secure.
Mike:
Yeah. I never even thought of that. All the time there's apps I log into and they send me a one-time passcode and I'm like, "Well, of course I have access to it." Never did I think that, "Oh, what if somebody already has access to my email, requests that code, and now they're essentially spoofing me?" And it never dawned on me until you think of, well, they're not really verifying that it's you, Mike. They're just verifying that whoever requested that code also has access to your inbox. And you're like, "Oh."
Jay Hurst:
Exactly. And that may not be a nice person.
Mike:
Right. So James, what are some questions that admins are asking online that we can kind of help answer for them, or equip them for when they get this rolled out to them?
James Ferguson:
They're certainly asking questions about phishing-resistant MFA versus regular MFA and the different sort of authenticators that are out there. I'll shift this around a bit. One of the things they aren't asking about, it's actually something that Jay mentioned in passing, which is the alternate controls. And for things like step-up, if you have login IP ranges on the org or on the user profile, or there's some session settings which force you to always be coming from the same IP address in your session, which is the case for most of us who are at a laptop at work or whatever it is. Those avoid step-up entirely because we have more certainty about who you are and where you're coming from. If your session's bouncing between Eastern Europe and Middle East and North Carolina and keeps hopping around, we start worrying more.
So you can do some things around IP ranges, which takes that friction away from the user altogether, and so those are some of the things that I would encourage admins to look into. Now, sometimes it doesn't work because of mobile providers or other network infrastructure, but it's also potentially a low-calorie way of really sort of avoiding at least the step-up part. They'll still have the MFA requirements.
Jay Hurst:
And one thing I'll add to that. When we add these types of controls to ... admins are human like the rest of us and we always want to make it as frictionless and easy as possible, but we don't want to trade off the security for it. So IP ranges specifically have been a little bit of our bane for the last six months, because we have a lot of customers who have said, "Well, I will just put in the entire internet range of IPs and go 000 to 255, 255, 255, 255. And then no matter where I'm coming from, I'm not going to get challenged and it's going to be great." And that works, or worked, but it's not secure. And so we don't want to trade off security for just checking the boxes. There are reasons for us doing this.
Now, with that one specifically, we have put in changes in place where we won't let you use such a broad internet range to get around it in that respect, where you actually have to put though into like, "Well, what is the internet range that I'm actually coming from and using?" And we have some friction still with that, I would say, with admins using very global deployments or salespeople that travel around a lot and using different VPNs. So we're working through that as one of those compensating controls rather than the primary control. But again, it is up to all of our admins to really think through.
We don't want you to just do the check the boxes that we're telling you to check because we want you to check a box. We really want you to think about these changes and what it means to your organization, why we're actually trying to implement these, and ultimately determine what makes the most sense for you and your company. And include your security officers and your CISOs to really validate what meets the requirements that your company has, so that everybody is protected both from a security perspective and ultimately a legal perspective as well.
Mike:
Yeah. No, absolutely. I mean, we did a security day at TDX, our team did, and we had a CISO in there and a Salesforce admin as one of the kind of breakout topics, and they were in lockstep with each other, and I've always said that. I remember the instance I was managing, once it grew beyond 10 users, I was like, "I really need to figure out what our security posture is and who's in charge of this, who sets password complexities," at the time and stuff like that, and it's not adversarial. It's you want to be in alignment with what the rest of the company's doing and also fall in line if there's a SSO requirement. Boy, I was quick to jump on that, because it also made logging in simpler for my users.
Jay Hurst:
100%, and that's the other side of this. All of these things do play with SSO. If you have implemented SSO that has phishing-resistant capabilities already built into it, great. We will take advantage of that from the Salesforce side. We'll trust your provider. We'll trust that your security team has already set up what is needed for your company and we'll let you log in. So we don't want to add these additional duplicative type of controls for you, but we also recognize that a lot of our customers, maybe they're smaller customers, maybe they're not the enterprise size of Salesforce and don't have as structured of a security posture. So in those cases, we want to partner with our customers and really help them define what this should look like when they're thinking about internet security and their data in the cloud.
Mike:
Jay, I'm going to continue with you because James brought up a really good point. I was thinking of, "I'm going to ask him the common questions that admins are asking online." And James, you flipped the script, and it's, "Well, here are the questions that worry us that they're not asking." Jay, I'd ask kind of the same question to you, is you've seen a lot of the questions that our community's asking online. What are the questions they aren't asking that you really hoped they would ask, or you're there to provide an answer for?
Jay Hurst:
Yeah, I think the biggest ones, James talked about the compensating controls. That's a good one. I think a lot of our customers, as they're approaching it from the first standpoint is really they're looking at this as a Salesforce tax. They're really looking at it as like, "Oh, gosh, this is another thing Salesforce is putting me through. I don't know why. Why don't you just let me get my job done?" That type of attitude, which is completely understandable, but I do think one of the things our admins aren't seeing at that first cut is really the threat landscape that exists out there. I think if you haven't been attacked, if your org hasn't been compromised, it's very easy to fall into complacency and just think, "Everything's perfect, I'm secure, nothing's going to happen." And like everything, security and protection is a spectrum and it's a journey. You are never 100% perfectly ready for every outcome, and you also can't assume that what worked yesterday will continue to work tomorrow.
So what I would love to see more of our admins and customers look through is how do I build the security and the continuing advancement of my security posture into my day-to-day, into my development scenarios, into my admin scenarios, where the first thing we should always be thinking about is, "Is this change I'm doing helping or degrading my security posture? And if it's degrading, how do I increase it? What do I do to make it better?"
So I would love to get to a point where our very wonderful and vocal admins out there are also pushing us to do even more things to help protect them. What are the other controls that they're seeing across other enterprise systems that they want to take advantage of? How can Salesforce make it easier for you without lowering that security posture? How can we make it so that the friction can be lowered faster because you acknowledge the acceptance of the controls, or something like that around really getting back to a true partnership with more of our customers that I wouldn't say we've lost, but it's easy to forget about when you're focused on the headless 360s of the world or how can I get more agents into my system. And we also still have to think about, "And how do I keep it protected and managed?"
Mike:
Right. Yeah. I mean, it's more people in your house, but also making sure that everybody shuts the door and locks it.
Jay Hurst:
And wipes their feet.
Mike:
Right. Takes shoes off.
James Ferguson:
I think Jay also touches on what maybe I would consider the elephant in the room, because I think, when going back to the original question you asked in terms of what are admins asking, most of them aren't asking the why. Most of them acknowledge the value of these things and the need to do it, but they do push back on the why immediately and why under these compressed timelines and why, and sort of those kind of questions. And I will acknowledge that the rollout of some of these controls has not been as smooth as we all would've hoped, and so there's been some schedule things bouncing around from a timing perspective, and so we're definitely working on all of that. But it does play to that level of risk, and these are the things we really felt we needed to roll out sooner rather than later, and so that's why some of these timelines are compressed.
I will add another, the flip side of that, to your point about what should admins be doing. We do find when we give notice, of like advanced notice of asking people to change things, they tend not to do it until the week before the enforcement date.
Mike:
Imagine that. Procrastination? Come on, now.
James Ferguson:
And so that's sort of, when our executives are looking at adoption rates or whatnot, it's sort of blunted. The desire to extend those out is blunted because, well, people are just going to wait anyways. But that said, I don't want to sort of ... We are pushing fast. We acknowledge that. We are making people a bit even uncomfortable, I would say. And we acknowledge that, but this is something, again, in the balance of the security posture we feel is important for the overall trust in the Salesforce platform and product.
Mike:
I mean, the one thing that I've always learned through all of the work that I've done with various teams at Salesforce is for every time you roll something out, another lock, there's always 10 people there trying to pick it, if they haven't already picked it. And so you both have mentioned that unfortunately it's compressed timelines, but it's timelines because we need to make sure that you're building locks and putting that stuff in place before people just have it to where they can blow through it, you know?
Jay Hurst:
Absolutely. The best defense is a good offense, I think is a very adequate app saying in this instance. We want to continue to make sure everybody is at a baseline security level, which is the phase we're in right now. It's this horizon zero of how do we get everybody to the minimum baseline, where we feel very comfortable that your data is going to be protected on the Salesforce platform? And it is painful, and it will be painful for the next couple months as these changes really roll out.
Once we get there, we start thinking about what's our horizon one and our horizon two look like where we can start to add in the extra controls, give customers more levers to pull for their specific use cases, really focus on the experience around this, because I will also fully admit and not try and gloss over the fact that sometimes the wordings of things in the UX that we provide you to turn them on and turn them off is confusing and it's not as easy as it should be, and we're sacrificing some of that ease of use right now for speed of deployment. But the efforts that we have with the Salesforce Trust platform, which is an expanded group that we now have here that is purely focused on how do we not just get everybody secure, but continue to add more and more security features to make sure that Salesforce is the premier example of how an enterprise SaaS company secures their customers' data.
So that is the journey we're on, and we're taking our customers with us. And as painful as it is, James and myself and the whole team here, we are looking for active feedback. We're engaging with the community on a day-to-day basis just to try and sand down these rough edges as much as we can until we can get the front door built, locked, and then we can really talk about how do we decorate our house now.
Mike:
Yeah. But also you mentioned, well, we're doing it and it's going to be painful. I guess I'm on the flip side of that, thinking, "Boy, if I had other applications and they're not going through this as well, that actually is more of a red flag to me," because then now I'm thinking like, "Well, do they not care as much about making sure all of my data on their platform is as secure as possible?"
Jay Hurst:
Absolutely. Like I said, it's a journey, not a destination. What is 100% secure today is not as secure tomorrow. With all of the new attack vectors that come out and these capabilities like Mythos and Fable and all of these really, really smart and frankly scary AI capabilities, we have to double and triple down even harder to make sure that we stay as far ahead of that as we can.
Mike:
Right. And as I've been reminded, security isn't always about being scary. Security is about being informed and making the right choices so that you have that protection and that understanding, which is really good.
James Ferguson:
It's risk management. It's risk management.
Mike:
Yeah, absolutely. James and Jay, I want to thank you guys for coming on and walking us through some of this. I know anytime that we offer anybody in our community, whether it's developers or architects or admins, a change, it's always extra work. But I feel like you're right there in answering the questions and helping through some of the hard parts, because I'll be honest, there's not a day that goes by that I don't learn something in security, at my current job and even when I was a Salesforce admin.
Jay Hurst:
Absolutely. And thank you, Mike, for helping amplify the message. One of the challenges I think we have at the product side is making sure our customers understand and get the information. We have our blog posts and our help documentation and we send out emails, but any extra we can do to megaphone this and get people aware is definitely valuable, so thank you for this opportunity.
Mike:
You bet.
James Ferguson:
And thank to all the admins who are out there who are also helping amplify this and helping support the rest of the community. It's one of the great things about Salesforce from the very beginning. It's the huge community support that exists. We couldn't do it if it was just the six PMs on my team. We need everybody involved.
Mike:
Yeah. And I think the part of that you take away is while I'm glad there's so many questions online that we had the idea to do this podcast, because that means there's so many people that are engaged and caring, as opposed to rolling something out and, "Hey, did anybody have any questions," and it's crickets. The reverse of that would also be kind of scary too, is there's questions because people care and because they want to understand. And also I think the one thing that I always had to do as an admin was I had to translate all of that from whatever the document said, or the podcast like this or the blog posts, to my users and to my executives, and it's a lot different once you have to take something in and digest it and then be ready for a Q&A. So there's always more to learn, but thank you guys for coming on. We'll definitely have to have you back on.
Jay Hurst:
Sounds great.
Mike:
Talk more security.
James Ferguson:
Appreciate it. Looking forward to it.
Mike:
Big thanks to Jay and James for helping us understand MFA step-up, phishing-resistant authentication, and the role admins play in protecting business systems. Now, of course, we know security is a shared responsibility, and admins are right in the middle of making it real for users, executives and, well, everybody in the organization. So be sure to listen, subscribe and share this episode out, and work through those security changes. You got this. Don't worry. Until next time, we'll see you in the cloud. - Today on the Salesforce Admins Podcast, we talk to Mofeyi Oluwalana, Director of Product Management at Salesforce. Join us as we chat about MuleSoft, Flow, Agentforce, and what happens when agents need to take action beyond Salesforce. You should subscribe for the full episode, but here are a few takeaways from our conversation with Mofeyi […]
The post How MuleSoft Helps Salesforce Admins Build Better Agents appeared first on Salesforce Admins. - Today on the Salesforce Admins Podcast, we talk to Mofeyi Oluwalana, Director of Product Management at Salesforce.
Join us as we chat about MuleSoft, Flow, Agentforce, and what happens when agents need to take action beyond Salesforce.
You should subscribe for the full episode, but here are a few takeaways from our conversation with Mofeyi Oluwalana.
MuleSoft creates agent-friendly business processes
Agentforce can be truly transformative for our business processes, but sometimes it's easier said than done—especially when multiple platforms are involved. That's why I sat down with Mofeyi Oluwalana, Director of Product Management for MuleSoft.
As Mofeyi explains, a problem many businesses run into when they're trying to implement AI is how to enable an agent to engage with something like a process that starts on a payment platform, goes through an OMS, and then ends up with a request to a warehouse for shipping. You can't just hand them the APIs and expect them to figure out the rest.
That's where MuleSoft comes in. It gives you the building blocks you need to codify your workflows into something an agent can understand.
Data mapping for real-time app integration
Building an agent-friendly business process begins with data mapping. What do you need and where is it located? You also need to understand the triggers that kick off each part of the process. Does it start with a Slack message, or when an order is created?
Often, these types of business processes don't start in the Salesforce ecosystem. MuleSoft allows you to translate these business requirements into APIs that an agent can use to take action.
How to present to stakeholders
As a product manager, Mofeyi frequently gives presentations to stakeholders, so I wanted to know if she had any advice for admins. "The most important thing when I walk into any room, regardless of the stakeholder, is who are they and what do they care about? Your ability to persuade and influence is largely due to your understanding of the three things that the people that you're talking to care about and how you align what you're talking about with those three things," she says.
Make sure to listen to my full conversation with Mofeyi for more about MuleSoft and mapping your business processes. And don't forget to subscribe to the Salesforce Admins Podcast for a new episode every Thursday.
Podcast swag
Salesforce Admins on the Trailhead Store
Learn more
Salesforce Admins Blog Post: How MuleSoft Helps Admins Get the Most out of Agentforce
Admin Trailblazers Group
Admin Trailblazers Community Group
Social
Mofeyi on LinkedIn
Salesforce Admins on LinkedIn
Salesforce Admins on X
Mike on Bluesky social
Mike on Threads
Mike on X
Full show transcript
Mike:
This week on the Salesforce Admins podcast, we're joined by Mofeyi Oluwalana, product management director at Salesforce to talk about MuleSoft, Flow, Agentforce, and what happens when agents need to take action beyond Salesforce. Now, for Salesforce admins, this conversation matters because agents are only as useful as the data, the actions, the permissions, and the business logic they can safely reach. So Mofeyi's going to explain to us why integrations are not just about moving data from one system to another. They're about helping Salesforce connect to the real processes your business depends on. We'll talk about the questions that admins should ask when working with other platform owners, how to think about triggers and data mapping and why business context is so important when you're designing actions for humans and agents. So give this episode a listen, subscribe wherever you get your podcasts, share it with another Salesforce admin who's maybe thinking about how Salesforce could connect to the rest of their business. And with that, let's get Mofeyi on the podcast. So Mofeyi, welcome to the podcast.
Mofeyi Oluwalana:
Thank you so much.
Mike:
I'm excited. We don't do a whole lot of episodes outside a core platform. And I know my Salesforce admins ... My ... The Salesforce admins of the world work everywhere and especially now with Agentforce and agents and really just the whole bringing people together and giving a complete view of data, integrating data and working with MuleSoft and tools like that are super important. So I'm glad to have you on. I'm glad we got connected, but let's start off and learn a little bit about you. What was your path to Salesforce and becoming a product management director?
Mofeyi Oluwalana:
Yes. So I started at Salesforce a little over four years ago. I actually came through the APM program, also known as the Associate Product Manager Program. It's a two-year rotational program for folks coming out of university, getting their start in product. So I was able to come in through that program. I did three rotations all across Salesforce. I spent some time in Commerce Cloud working on how to run promotions on Black Friday.
Mike:
Oh, holy cow.
Mofeyi Oluwalana:
And I spent a lot of time in experience services, thinking about how we can make it easier for marketers to build nice looking emails. And I ultimately landed in MuleSoft, which is where I continued working with the MuleSoft team on how to make it easier for our customers to connect the systems that they need to, both for traditional use cases, but also for the agentic ones as well.
Mike:
Yeah. It's funny, for the longest time in my career, I worked retail and the day after Thanksgiving, Black Friday was always the busiest day. And then I got into tech and I was like, "I don't have to work Black Friday."
Mofeyi Oluwalana:
Guess what? [inaudible 00:03:17].
Mike:
And then realized that like, "Oh man, I was a retail associate. There's still computers that have to be had." So I have a soft spot in my heart for all of the people that on Black Friday have to sweat it out and make sure that servers don't go down so that checks and barcodes and everything can happen on the other end.
Mofeyi Oluwalana:
Yeah. I never realized how complex it could mean to calculate hundreds of thousands of carts when there were promotions running on Black Friday, but certainly it's more complicated than one may think.
Mike:
Right. And then there's people like me that add stuff to a cart and I'll come back to it a little bit later like, no, there's somebody ... You're using up the last bit of ... I don't know. He probably doesn't know that. And then I'm also old school retail when you used to have to verify checks and put them through little check readers and now everything's a credit card or a tap or thumbprint.
Mofeyi Oluwalana:
All of the above.
Mike:
All of the above. But it's all of the above because we're integrating data and we're doing stuff with MuleSoft. So I threw together some questions, but let's start off with where should admin start when thinking about products like Flow and MuleSoft and Agentforce together?
Mofeyi Oluwalana:
Yeah. The journey with MuleSoft starts the moment that your agent wants to do anything outside of Salesforce. I think MuleSoft is the connector, so to speak. If you have data that your agents need to reach in your ERP, if you have actions your agents need to be able to take with your payment provider, how exactly will they be able to do that? Now when agents and agentic technology became a thing, a lot of people were of this opinion that, well, agents are smart enough to just understand platform APIs or where agents can read the specifications, figure out the commands that they need to execute and do all the things that they need to do to be successful. We very quickly realized that agents are really smart, but at the end of the day, they're limited by the information that they know and the tools that they have access to. So it's not sufficient to just give your agents a platform API spec. That's not going to cut it. Your agents need integrations and APIs that they can directly invoke that map to your business logic.
They need this because not every organization operates the same. For one retail provider, creating an order is very different from other retail providers. And understanding that business vocabulary is really important when building agents that actually bring value. And that's really where MuleSoft and Flow come into the picture. You have actions that your agency to be able to take in order to execute a certain business process. Well, that action is really just an API and we serve those APIs so your agents are able to do those things.
Mike:
Yeah. I've always thought of Josh who's on my team keeps us in check with helping us understand stuff. And what you just described would be like as if you brought somebody new on and said, "Well, here's a phone and a phone book. And if you have problems, the phone number's in the phone book." And the agent's the same way. If you're just saying, "Here's all the specs and the APIs you can call, go figure it out." It's almost like handing them this giant phone book and just saying, "Well, you're smart. You'll figure it out."
Mofeyi Oluwalana:
Yeah. Exactly. And the thing is that for a retailer, creating an order may not just be creating that order record. Creating an order may be, oh, I create the order record and then I send a notification out via email that says, "Hey, this is your order." And then after that, I create an invoice. There are a number of steps that happen. And how do you codify those steps? Well, it's not enough to just give an agent, again, the phone book and the numbers. It's much better and much more reliable to give them the actual workflow or the API they can use to execute that entire process.
Mike:
Yeah. Now, one thing that I've run into, so back when I was doing some integrations as an admin, we had different third party tools that were being used. One thing that I didn't know to ask ... And I'm hoping you can help Salesforce admins like, here's the questions you need to ask. We had an instance and we need to connect it to our financial backend, which ran not on Salesforce. I had to find the owner of that, which I didn't know existed. The other thing I didn't know to ask was I didn't know what to ask. And so as we work through different scenarios, you brought up like, well, they want to take the cart and order the stuff. The orders could be fulfilled in a different system. There could be a warehouse system. What are some of the questions that when the admin's sitting down with a business owner and they're saying, "Here's what I want in Salesforce and I'd really like to be able to pull up the orders." And the admin's like, "Okay, now I need MuleSoft because I need to integrate another system and I got to go talk to that systems' owner." What are some of the questions they should ask and what is some of the information they need to provide so that they can start setting up that relationship?
Mofeyi Oluwalana:
Yeah. I think it first starts with defining what data are you actually looking for? A large part of building integrations between these two systems is I have some data in the financial system. I have my CRM data in Salesforce. How do those two things map together? So I think the first step is what data are you looking for? And what is the mapping between what you're trying to do from a CRM perspective with whatever may be happening in that financial system? So to me, it starts with the data. I think the next question to ask is what is the trigger? It starts off this process. Is it someone sending a message in a Slack channel? Is it this order being created within your ERP? What is it that triggers this process to happen? You build the trigger, then you identify what the data mapping is between the source being that financial system and the target. And that's really how you get towards that working integration.
Mike:
Now, when I sit down with another platform owner and I talk about using MuleSoft, we can bring ... And so this is where you're going to quickly hear Mike's knowledge run out of gas because here's where Mike's knowledge hits the wall. But we can bring that data in and it can be like a pane of glass. We can just view that data or we could actually copy that data over so that we can use it in reports. And then we could also extend that conversation with the platform owner and say, "Well, if somebody wants to change something, they could change that in Salesforce and then Salesforce with MuleSoft can push that data change back to that platform." How'd I do?
Mofeyi Oluwalana:
I think you're almost there.
Mike:
Okay. Fill me in because what I don't know is what I don't know and I feel like there's other admins that may not know this as well.
Mofeyi Oluwalana:
I think the best way to think about MuleSoft is that real time app integration layer. So not necessarily the data that you want to live in Salesforce. Getting that unified customer view is really important. And so you'll need the data connectors in place to get data from external systems into Salesforce. That is one use case and one that Data Cloud solves really well. The problem that MuleSoft solves really well in tandem with Agentforce is the agent needs to take real time action. Again, so let's say we're going back to the retail example where I create an order. If order management doesn't happen in Salesforce, creating an order doesn't necessarily mean starting that process within the Salesforce ecosystem. I just want to be able to kick off that process with my OMS, my warehouse, my shipping provider. Then in that case, it's real time app integration. It's using the APIs that MuleSoft has to be able to kick off that workflow and that process using your agents. So it's a little bit different than moving data just from one place to another.
Mike:
No. I think that's also very important because companies have spent money on those systems. And I remember when I was sitting down with our finance team, they're like, "Well, if this data lives here and in Salesforce, what's the source of truth?" And we set it up so that we were just viewing the data because we really wanted sources of truth within the organization. But sometimes the user lives and dies within one interface and where that data comes from, we don't need that exposed to them.
Mofeyi Oluwalana:
Exactly. And I think it's the use case for consolidating data into one place is a little bit different from the use case of making sure that your agents can take action. And so I think as part of that rationalization that admins and IT teams have to do is what data do I need to drive what? And what actions do my agents need in order to be successful? And this part of that then can separate it into those two camps and then move forward with the tools that help them do so.
Mike:
Cool. Now, when you connect MuleSoft with other systems, does the admin need to ask for, can you provide a certain API? That's how it's set up, right? Or walk me through it because I've never set it up and I feel like I'm completely happy being the host of the podcast that asks the questions that admins are like, "Oh, I'm so glad he asked that because I didn't know to ask that question and I didn't want to look stupid in front of my IT people."
Mofeyi Oluwalana:
Yeah. So I think from the business side, we set the requirements about, okay, this is what I need. This is the process that I need done. These are the steps that should happen. This is what should trigger that. You do that definition. Then you can work with the IT team or the API developer to actually make that happen. Now the API developer has access to a number of connectors within MuleSoft that enable them to build these APIs and integrations without relying on what is the API specification for my OMS system or what is the API specification for my [inaudible 00:15:07] system? There are connectors that have a ton of different actions that you can orchestrate within a MuleSoft integration to get a certain job done.
So one example that I like to use is the Salesforce connector. The Salesforce connector has a ton of different triggers. Let's say when a new object is created or on when a record is modified that can trigger the integration. The Salesforce connector also has a bunch of actions or operations. So I can create a record in Salesforce. I can delete a record in Salesforce. I can create a topic in Salesforce. All of the different actions that you can execute through Salesforce APIs extrapolate it into a connector so that it's easier to build and then manage these integrations. So the API developer is in charge of translating those business requirements into the integration composed of those connectors that allow you to achieve exactly that.
Mike:
Gotcha. Boy, there's a lot. It feels like there's a lot to it and we make it look so simple in demos.
Mofeyi Oluwalana:
Yeah. I will say it's much easier looking at a screen and hearing an audio podcast of what this really is. But I like to think of them as MuleSoft gives the tools, those building blocks. You can compose those building blocks in a certain order to create a workflow. Those are the integrations that you can use and your agents can also use to take action.
Mike:
Yeah. I always think of it as admins are managing users and agents and agents are just like users. They have to have instructions and guardrails and guidelines for how to operate and what they can and can't do same way that people have as well. I'd love to know, so as a product manager, you got into the program. How has being a product manager helped you understand the product, but also given you a different perspective of working through explaining different customer stories or use cases?
Mofeyi Oluwalana:
I would say the best, and I'm obviously biased, but the best part about being a product manager is just the sheer amount of data points that you see. One of the things that I think is really important as part of being a product manager is meeting with as many customers as you possibly can because it's through those customer conversations that they're very clear themes that you can draw, not only of how people use the product, but what the product doesn't quite solve for yet. And so going through those conversations has helped me not only understand those customer pain points better, but then understand the things that we need to do in the product to make it even easier for our customers to use.
Mike:
Yeah. No. I often feel when I was exposed for a brief six months as a consultant that a lot of the pain points customers have always felt the same. I was like, "Man, they have the same problem that XYZ has." And at the end of the day, you'd look at all the customers you manage and you're like, "They have these five problems." And then brand new somebody would come in and you're like, "And you have completely different use case and requirements and they don't fall into those same five problems that I've been solving all day, which is nice." So I'd be curious, as admins are looking more and more at building ... They build agents and apps on the platform and they extend the platform and they use MuleSoft. What are things that you're thinking about as a product manager for, wow, I have to be a year out or two years out. How should admins be thinking about their building and management of the Salesforce platform as a product?
Mofeyi Oluwalana:
Yeah. I think the most important thing is not just building for where we are today, but building for what's coming. I think one thing that agents in AI technology has taught us is that the technology market is changing so fast. It's going to be a new model. It's going to be some new capability that you want to be able to leverage. And in order to do so, the foundation and the platform that you're building on has to be interoperable. It has to be able to withstand some of those changes that you want to make. The example I always like to give is if having to change a model is going to disrupt your operations, that is an issue. And we know that is an issue because LLM models, a new one comes up every day, another one is deprecated every other week. So I think the most important thing thinking about the platform is how do I make the platform resilient and flexible so that as these new capabilities come into play, I'm actually able to use them and really take advantage of them within my organizations.
Mike:
That's very good advice. I'm just going to guess and maybe I'm wrong and we can move on. As a product manager, you probably do a lot of presenting both to customers and probably internally. I know admins have to do that as well. What would be some advice you would have for admins that are presenting either a new solution or proposing something to their stakeholders?
Mofeyi Oluwalana:
The most important thing when I walk into any room, small or large, regardless of the stakeholder is who are they and what do they care about? It's easy to get lost as a product manager. It's very easy to get lost in, I actually think this is an amazing idea and I talked to 10 customers and I know it's going to be valuable for them. But your ability to persuade and influence largely due to your understanding of the three things that the people that you're talking to care about and helping them align what you're talking about to those three things.
A great example is that when you talk to your COO, I will guess that it will come down to how much does it cost the organization and how much money is it going to make me? So talking to your COO is not the same conversation that you'll have with support. Who cares about, okay, is this going to make it easier for me to support my customers? Does this make us more reliable? So you need to change the delivery to really match the things that you're being evaluated on when you're presenting to an audience, when you're presenting to internal stakeholders and external ones as well.
Mike:
That's really good advice because I can tell you right now I'm guilty as charged of walking into a room thinking I have the answer and this is the most important thing that they're ever going to want to hear and forgetting that they probably had their own goals and I just blew right past them and kept talking about something else entirely. Bad. So one thing that I find talking with people that work in tech is we always have hobbies or things that we like to do on the side that are very tactile. I know I've interviewed a product manager that smelted pewter.
Mofeyi Oluwalana:
Wow.
Mike:
That's the extreme case. I always bring it up because it sounds interesting and who hasn't walked past some sort of pewter chessboard with its little figurines and thought that would be cool except I'm not going to pay a few hundred dollars for it. I'm wondering if there's anything interesting that you have as a hobby that you would love to share with people.
Mofeyi Oluwalana:
Unfortunately, I'm not nearly as interesting as the guest that you just mentioned.
Mike:
It's not a contest. It's not a contest.
Mofeyi Oluwalana:
It feels like one. Just kidding. I won't say I'm tactile as I'd like to just stay mobile. As a lot of the folks who work in tech, we sit on our butts all day looking at computer screens. So wherever possible, I like to just go outside, get some fresh air, do some movement, whether that be running, yoga or similar. That's my anchor. Again, not as interesting, but it helps me. It regulates me nevertheless.
Mike:
It's still super valuable. I was just talking with a coworker the other day about our grandparents and so-and-so's grandparents lived to be 89 and they were outside in the sun all day and they had bacon and eggs for breakfast. And I thought to myself, "Well, yeah. And then they probably worked it off all day because everybody was thin back then. And the worst thing they could do is sit down at a desk like I do." And so who would've thought that there was ever a need for a treadmill desk? I think that back to the future quote, "You run for fun."
Mofeyi Oluwalana:
Exactly.
Mike:
So no, that's really good. And what's great, I've had a few colleagues as well take calls while they're walking. I think the benefit of being in tech is that you can do calls like that and work through. As long as you're not working through maybe architecture diagrams for Microsoft integration, that would probably be pretty bad.
Mofeyi Oluwalana:
Or if it's windy outside and you don't have a great mic. I'm also a big proponent of just walking outside and taking as many meetings as I can moving.
Mike:
Absolutely. Yeah. No. Well, I would just say windy at all because I have yet to find a mic that doesn't make it sound like you're walking through a NASA wind tunnel.
Mofeyi Oluwalana:
Wait, that's the next startup.
Mike:
I'm telling you. The fuzzies that come on mics, there's got to be something better. There's got to be something better.
Mofeyi Oluwalana:
I agree. I agree.
Mike:
I don't need to have a big mustache just to talk into the microphone. Well, it was great chatting with you. I learned a lot. I feel like I tried to ask some of the silly questions that I know admins would want to ask. There's probably plenty of admins out there that have done some MuleSoft integrations, but I know when I had to sit down with other platform owners and be like, "I need your thing to plug into Salesforce and I don't know how to make you do that, but you figure it out." I always wanted to ask the silly questions so that when they sit down, they know what to say and can have a better relationship because in every aspect of the sense, there's other platform owners within organizations and they're all trying to do right by each other. So that being said, I appreciate you coming on the podcast and sharing that with us and we'll have to come back and talk more MuleSoft maybe after Dreamforce for sure.
Mofeyi Oluwalana:
Yeah. Thank you so, so much for having me. And again, I'm biased obviously, but always love talking the world of MuleSoft and integrations because it truly feels even more relevant than ever with agents and the technology.
Mike:
Absolutely. Big thanks to Mofeyi for joining us and really helping make MuleSoft flow and Agentforce feel more approachable. I wasn't afraid to ask the questions that you shouldn't be afraid to ask. The big takeaway for admins when agents need to act outside of Salesforce, your understanding of the business process, the data, the triggers, and the right system of truth matters now more than ever. That's how you keep Salesforce accurate, current, trusted, and useful for the business. Now be sure to subscribe to the Salesforce Admins podcast. If you haven't already, share this episode. Hey, share it with your team. And then keep asking those questions that help your org connect the right systems in the right way. Until next time, we'll see you in the cloud. - Today on the Salesforce Admins Podcast, we talk to Kacie Molina, Salesforce Consultant at Kawaii Cloud. Join us as we chat about how admins can start small with Agentforce and still make a big impact. You should subscribe for the full episode, but here are a few takeaways from our conversation with Kacie Molina. Why […]
The post How Can Salesforce Admins Find Simple Agentforce Use Cases? appeared first on Salesforce Admins. - Today on the Salesforce Admins Podcast, we talk to Kacie Molina, Salesforce Consultant at Kawaii Cloud.
Join us as we chat about how admins can start small with Agentforce and still make a big impact.
You should subscribe for the full episode, but here are a few takeaways from our conversation with Kacie Molina.
Why you should start small with Agentforce
With all the capabilities Agentforce brings to Salesforce, it's easy to dream big. Big projects, however, require major organizational investments in time, planning, and execution.
My guest this week, Kacie Molina, has some simple advice for her clients who want to get started with Agentforce: start small. Go back to the basics of listening for pain points and building solutions.
Once you start piling up small wins and meaningful changes, it'll be easier to get organizational buy-in for something big and bold.
Admins should listen for problems users already have
Agentforce solutions don't always have to be some sort of major business process overhaul. Those types of changes require layers of approvals, budgeting, and business analysis. You end up spending as much time rethinking the business process as you do worrying about executing everything in Salesforce.
Instead, look for simple use cases. For example, implementing an agent summary field to help users easily see what's going on with an account without having to scroll through a bunch of records.
"All of those little use cases that maybe are too specific for a flow," Kacie says, "we can solve them with Agentforce and natural language." And over time, the simple solutions add up.
Keeping AI work inside Salesforce supports better security
Even if you're not already using Agentforce, people in your organization are already using AI. The problem is that they're often exporting data over to their LLM of choice, which creates all sorts of security vulnerabilities.
That's why Kacie recommends enabling an agent to assist your users. You can use your model of choice, and it'll be grounded in your Salesforce data and protected by your security configuration. "It shows users that there's a safe place to get the answers they want without having to worry about breaking company policies," Kacie says.
Make sure to listen to my full conversation with Kacie about how to start small with Agentforce. And don't forget to subscribe to the Salesforce Admins Podcast so you never miss an episode.
Podcast swag
Salesforce Admins on the Trailhead Store
Learn more
Salesforce 360 Blog Post: From the Farm to Flows: How One Trailblazer Built a Tech Career from Scratch
Kacie's post on LinkedIn
Admin Trailblazers Group
Admin Trailblazers Community Group
Social
Kacie on LinkedIn
Salesforce Admins on LinkedIn
Salesforce Admins on X
Mike on Bluesky social
Mike on Threads
Mike on X
Full show transcript
Mike:
This week on the Salesforce Admins podcast, we're talking with Kacie Molina about how admins can start small with Agentforce and still make a big impact. Kacie shares why the best AI ideas often come from listening closely to everyday user friction. The scattered preferences, repeated questions, messy exports, and those tiny gaps that slow teams down.
We'll talk about building agents that are grounded in Salesforce powered by Flow and designed with trust and security in mind. Because the next generation of admins isn't just adding features, they're orchestrating safer, smarter systems where humans and agents work together.
So give it a listen, click that subscribe button, share this episode with an admin who is ready to make AI even more practical for their users. And let's get Kacie on the podcast. So Kacie, welcome to the podcast.
Kacie Molina:
Thanks, Mike. I am super excited to be here today.
Mike:
Well, I'm excited to get you on. I was a rare occasion scrolling through LinkedIn and I came across a post that you had put up and it mentioned the AgentforceNow workshop that I think you were in one of mine or you'd been to one.
Kacie Molina:
I was in one of yours and it was done extremely well, might I say.
Mike:
You were. Oh, good. Well, I try hard. And you're talking about coming up with ideas and you'd had some ideas for agents and I thought, "Man, I just think we need some sort of agent brainstorm podcast." And so that's why I wanted to get you on. But we're going to talk about that. But before we get started, tell me a little bit about yourself, like how you got into Salesforce, what you do, all of the fun stuff.
Kacie Molina:
Absolutely. So I grew up in more rural USA, an Amish type community, so horse and buggy. Think maybe Little House on the Prairie, early 1800s. So did a lot of horse training and cheese making with my sister, tended gardens and animals. So my skills when I became an adult were fairly traditional.
So as I was trying to translate, "What do I use my skills for?" I started nannying, childcare, and then I started my own sewing business. And during that phase, I was actually so bad at running a business, so I knew how to sew, but I didn't really know the business part. So keeping track of contacts and invoicing people on time was such a disaster for me. It was all little handwritten notes.
So I was listening to podcasts and I heard about Salesforce. I logged into Trailhead and fell in love with the gamified learning. So it was kind of no turning back for me. I got my admin certification in about three months, landed a junior admin role shortly after. And it's been about five years and 10 certifications since then of working on all kinds of projects from in-house to consulting. And I just think like Flows, all think Salesforce. It's so much fun. And in the day and age of Agentforce, even more fun nowadays. So that's kind of how I stumbled onto the Salesforce path and it has been way too much fun.
Mike:
Oh man, I bet we could do a whole podcast on the skills of sewing and how they carry over to Salesforce.
Kacie Molina:
We probably could, although I do think Salesforce might be a little more fun. One, because you don't get poked by needles. That's a huge thing for me. I don't even like going to the doctor and getting poked by a needle and I did that for a profession. So I got poked all the time and it's much less frustrating than trying to deal with broken sewing machines. Salesforce kind of works pretty well. And when you're dealing with old-fashioned sewing machines, not so much.
Mike:
I could imagine. Yeah. Needleforce, that's what we'll call it.
Kacie Molina:
Needleforce.
Mike:
I bet that exists. I think that would be so cool if there was quilting or sewing at Dreamforce. Because I see people on the plane all the time with those knitting needles and stuff. I would love to have the patience to do it.
Kacie Molina:
It definitely takes a lot of patience. So actually, interestingly enough, when I was just getting into Salesforce, Mallory Donahue, she's such an amazing person I look up to. She was getting into Salesforce at the same time as me and she was also a seamstress. So I think there might be more sewing and needle people out there in the Salesforce world than you might think.
Mike:
Yep. Well, this is the diversion that Mike's squirrel brain gets on too quickly. But let's talk about ... I was so intrigued by your post, because I feel like even in the workshop that we do, the AgentforceNow workshop that I hosted, I think I'm back sometime in October because I have some vacation in July. We build an agent for Pronto, which is a food service company and it handles questions and cases and order issues.
I mean, I feel like by the end of it, it's pretty complex because we've already built some Flows. There's some Apex actions that are in there. And so I feel like we're getting nitty-gritty into it, but your post kind of almost felt like a breadth mint of like, "Hey, have you ever just thought about asking your users five questions or whatever and then turning on Agentforce and giving it on action to do?"
Kacie Molina:
Yeah. I really like the workshop, because it gets into the more complex things and you see how the broader, the depth Agentforce can go to. But for me, when I started looking at ... Okay. So I serve multiple clients, and a lot of people are excited about Agentforce and I talk to a lot of admins about it as well, but where do you get started? For me, it was the really simple, small things where people I feel like nowadays more and more are expecting to be able to use natural language. And you don't really need to build a crazy, big agent that takes multiple sprints to complete. You can turn one on fairly simply to answer a couple simple questions and people can start to see that magic work from even a small start.
Mike:
Yeah. And I feel like, boy, this is me just thinking of that post, but you had really good ideas around not just what I would call the hard aspects of business, which is like invoicing and questions and emails, but also kind of like the soft aspects of business, which is just asking Agentforce to coach you that day or just kind of simple questions that you could give it that would maybe make you as a salesperson or customer service person feel better about what you're doing.
Kacie Molina:
Right. I do. I think it's really cool that you kind of came back to the small ideas and I'm actually very impressed you found that post because I feel like not many people see my LinkedIn post.
Mike:
You mentioned me in it, so I got that. But I mean, to be fair though, the small little detail, little things like that are actually kind of the bigger hooks to look for.
Kacie Molina:
They are in there. To me, they're everywhere. So bigger agent ideas, like there's a couple things that can be intimidating about them. One, they take a lot of time. Two, you're always looking for that big idea that is going to wow the whole company potentially. And then it also entails potentially budget and project approval, which you need to get approval for most things that you do anyhow. But the small ideas are something that you don't really need to take a whole ton of business analysis, say, to get started on it. It's something that you could know off the start like, "Oh, I see my users asking about this in a support ticket frequently."
So one example recently I had was somebody who said, "We have these client preferences and they're kind of scattered in the system and they're a little hard to find. So is there any way you could summarize them?" And I said, "I think this would be a really good use case for an agent summary field." So you can build the prompt and pull things together. It's the little things like that when you're listening to details that you might not have to go build a Flow or build something so specific for. And that would be my old use cases like Flow all day, every day.
But all of those little use cases that maybe are too specific for a Flow to say, "Oh, we'll grab this and explain it this way." It comes out in Agentforce as the natural language and I think that is a huge thing for users that they're looking to see something that feels like them or feels human so they can click onto a record. Say they go to a client account and then they can see at a glance like, "Oh, this person prefers this and this and they don't like this." And that's much easier than scrolling through a bunch of records.
Mike:
Yeah. I've been so busy building agents that I forgot about some of the other prompt builder and the grounded fields that we had. I used to call them sparkle fields, I think like that, because they have little sparkles next to it when you can automatically have Agentforce kind of fill in based on a prompt and that's exactly it.
I mean, I remember rolling out chatter and I did it probably the wrong way and I turned it on for the whole company and the whole company was like 50 users, but I didn't give them any use cases. And if I was now to go back, I would've picked a team of five people and said, "I'm going to turn it on for you and here's a use case to use it for." And I feel like your post was just ... It just made me feel less burdened to come up with these extravagant big ideas to use an agent for and it was more like, "No, you can just have the agent totally answer your front door and be like, 'Hi, we're not home right now,' and that's it." And I was like, "Oh." Because I feel like admins are sometimes sitting down and thinking, "How do I make an agent that answers the questions and closes a $6 million deal?"
Kacie Molina:
Right. And then there's a bunch of, in my mind, you have more selling at that point. So if you're coming up with a new idea, then you kind of have to pitch it to the company. But something I like about the small ideas I've been picking up on lately is that it's kind of puts us back into our usual admin position where we're hearing problems and then we're offering solutions.
So instead of coming up with a new business flow, start to finish of a new agent that can do some flashy thing, which is also extremely cool. You can also take something where somebody says like, "Oh, I export this data and ask ChatGPT about it. Anyhow, I'm already using AI." And so you can start to hear use cases where you're not coming up with something new, you're just solving something they're already doing in a more secure way.
And that's another big idea for me is security within Salesforce is so much more attainable for admins. When people start exporting data and loading it up into an LLM that you don't have control over, that's a lot more scary for as an admin than if they can just use it from within the system.
Mike:
Yeah. I mean, when you and I talked before we pressed record, you even brought that up. If you're an admin and you're in meetings and maybe it's not even a Salesforce meeting and you hear people bring up a different LLM, what in your mind goes off and what do you think of to do as next steps if you were to help coach admins who are in that position?
Kacie Molina:
Something that's really incredible about Salesforce that maybe not everybody knows that they haven't played around with Agentforce yet is that you can use customized models. So it's not like you only have availability to use the Salesforce model. There's also, you can bring in different like ChatGPT if you like their open AI's model, you can use those different AI plugins within Agentforce. So that's something that goes off my head is if you like something, you don't have to totally forsake that for something new. So you can feel at home within Salesforce with the different AI models.
And also, if you're using different AI models, which just like constantly goes off in my brain is that you can do that with way fewer clicks and way fewer security risks if you do it from within Salesforce without having to potentially like fudge on permissions or fudge who has access to it. So that's something that goes off in my head is like, "Oh, if you're doing this with AI already, you can just pull that into Salesforce and then you have even more data."
So you are kind of limited when you export data to what the LLM can see. But when you have it within Salesforce, you have so much expansive broader options that you can use. So you can pull in different records and different things from here and there and you don't have to be so specific in one point in time. You can re-ask again in 10 minutes if you have information flowing in. So for me, it's like the different LLMs that are available within Salesforce and data availability is huge.
Mike:
Yeah. I mean, plus once you export that data and take it out of the platform, for many companies, you're already violating security because that data is housed in Salesforce for a reason and it's not meant to be used elsewhere.
Kacie Molina:
Yeah, that's a big risk I think with AI. Most companies I think are using it, whether it's an approved tool or not. So when you even enable to me a basic agent in a Salesforce or it shows users, "Hey, there's a safe place where I can get the answers that I want and I don't have to worry about breaking company policies to get the data I need." Because we are in a fast-paced world and I know some users, they really do need to get answers that maybe they can't get within Salesforce today. So they're exporting data and getting their answers with an AI elsewhere. But if they can have that easily accessible and it's safe to use, then I think that enables both admins to feel safer about their org and the users to save clicks, save time and get a better answer
Mike:
Absolutely. Back to that workshop, I'd love to know your perspective. So we talk about agents and subagents and even in that workshop we create a subagent to handle, I think it's returns and refunds, or order issues and refunds. I'm trying to remember it without remembering it. When you're working with customers or talking with companies about using Agentforce, do you even talk about agents and subagents, or do you just kind of like, "Here's the magic and I'm going to build everything behind the curtain"?
Kacie Molina:
I usually don't bring up the different agents and subagents and I guess it depends who your stakeholder is. If there's somebody who's more admin-minded and very inquisitive, I would potentially bring it up. But most of the stakeholders, I'm working with bring-me problems and expect me to be the expert and bring them solutions and they don't really care about the very cool details about agents and subagents I think are so fun to talk about. They just want to see the magic on the end.
So for me, it's kind of like Flows. I kind of relate most things back to Flows when I'm learning how to code or anything. It all comes back to Flows for me because Flows are magic and they're so much fun. A lot of people don't care if you call sub-Flows or you have different components in the Flow. They just want to know when X happens, they see the screen and then magic happens in the background. And I think agents are kind of the same way where they're really cool to see the backend for people who care, but you can also talk to stakeholders at a higher level without them needing to know that detail.
Mike:
So you talk a lot about Flows. How important was it for you when Agentforce came out that a lot of the power behind what it could do its actions are powered by Flow?
Kacie Molina:
Oh, that was huge for me because it feels like it brings the control back to the admin. So I definitely wasn't the most happy, quick adopting of AI when it first came out. I was definitely suspicious and I love my Flows and I love doing things manually. So I was definitely suspicious of AI in general and I've learned to really love it. And part of that is being empowered to do tasks on the backend. So you have the agents that do all of this, we'll say agent magic in the background, but then there's also the pieces that you can build out manually in Flow so you have control over what information you're pulling, what you're feeding to the agent, that way you get the predictive and answers that you want.
Mike:
Yeah. And even the builder, I feel like that the new agent builder feels like Flow Builder, because, well, there's also variables in there, which still worry me.
Kacie Molina:
I do like the UI better.
Mike:
I'm still not the best at better building Flows. I don't know why my Flow confidence is low, but maybe that shouldn't have rhymed, but yeah, my Flow confidence is low.
Kacie Molina:
I feel like you're probably much more of a Flow expert than you're letting on. I will say though, the new UI gave me a pretty big boost. So the old UI wasn't quite as intuitive or friendly and that's something I really wanted to post on LinkedIn about as people who maybe like me, they got their certifications and started doing their Agentblazer statuses on Salesforce when it was earlier. And then when you come back and you see the new UI and ease of use and having things like variables where you feel more comfortable like a Flow, all of a sudden I was like, "Oh, I can really do this this time. This makes so much more sense."
Mike:
Yeah. And the fact ... I mean, we don't get into it with the workshop, but I'd love to know, have you ... So the one thing I want to do is I'd love to have an agent help me build an agent. Have you done that?
Kacie Molina:
Only for testing. So I haven't done a real life agent building an agent yet, but I did some demo examples just because I wanted to double down on the workshop of how it worked and it really is incredible that you can, one, even if you start, like the agent isn't building the agent yet and you hit an error. In the workshop, I think intentionally you had a couple things that would error out and we'd have to go fix. That way you get very comfortable with fixing things and throughout the agent, you can-
Mike:
Oh no, I think they threw that in the workshop just to make Mike sweat.
Kacie Molina:
They might have done that too.
Mike:
I know they didn't. I'm sure the people that built the workshop listened to the podcast, but I know they didn't, but let me tell you, the first time I had to go into that, I practiced for two days going into script builder. I was like, "Here we go. We're going to do code and we're going to do code in front of a thousand people." And then I forgot my quotes. And I remember half the people in the workshop were like, "Mike, quotes, and then it'll work." And I was like, "Okay, cool. So you can tell that I'm not used to this a lot."
Kacie Molina:
I thought personally it was intentional because it was really helpful for me, because I was kind of just playing along on the side by myself and when I hit the error, I put it into the agent and it found the error, it found the line and it told me exactly what to fix and where to fix it. I think you can even say like, "Do this yourself." For me, I wanted to get hands on and go make the change, but it can actually implement the change if you want it to if you approve that. So I was really impressed with that and I thought the error was intentional, but that was super fun to see, "Oh, it can help me when I hit errors."
And also with the coding part, when you see the backend, I thought that was really comforting as well. So I'm not a coder. I don't really know Apex very well. I can kind of read it. But even with Flows, when you get, this might get a little technical, but when you get into the Headless kind of Salesforce build and you have everything pulled into an IDE and you see everything in the background, when I saw that for agents, I was like, "Oh, this makes sense." So you can see the front end, like the pretty UI, then you can go into the back end and see the code drivers and be able to change granular things. So that's another thing I really liked about the new UI is it's so easy to switch back and forth.
Mike:
Yeah. I'm with you. I actually, because of that workshop, I think I've gotten better at just reading. I'll equate it to a foreign language. I took a lot of German in high school and I can kind of read German or listen to German TV. I don't know specifically what's going on, but I got a general idea and I feel like I'm the same way with code. I'm like, "I don't know specifically all these lines, but I know here's the inputs and here's the outputs and here's what I'm looking for." I can navigate, but I don't delve too deep far in.
Kacie Molina:
Right. I want to be writing it from scratch, but I can see what's going on.
Mike:
Oh, no. No. If they said, "Mike, you're in prison until you can write code," I'd be in prison for a while.
Kacie Molina:
Me too. Me too. I've tried to learn a couple times and it is on my to-do list. It's just Flows are so much fun and you can do so much in Salesforce without knowing how to code that you can skate by for a while and not really have to learn. So that is where I'm at.
Mike:
Yeah. You mentioned Headless. So let's talk about that for a second. I'd love to know some of your ideas for Headless. First of all, explain Headless 360, I think that's what we call it, Headless 360 to a Salesforce admin who's never heard it before.
Kacie Molina:
Ooh, this could be fun. So Headless to me means you're working from Salesforce kind of from the back end instead of the pretty face of Salesforce where you're normally logging in to Salesforce and updating settings within the Salesforce browser.
So Headless, you're kind of looking at a developer tool. So I think Headless has probably been around for a while if you really wanted it, but it wasn't nearly as accessible. So there's older tools like VS Code where you can pull down the metadata from the org and you can see like the backend of Flows, which is actually pretty cool. The first time I saw Flow in a code editor, my mind was blown. I was like, "What? It looks so different. This is kind of crazy." And now I can go in and bulk edit and it's very handy.
So the Headless 360 is really, I think, enabling admins to do that and not needing coding skills. So you can really use natural language, kind of like I was talking about earlier, where you can enable basic prompts and people can use natural language. You can develop Salesforce, even like Flows, fields configuration from never logging into Salesforce. So you're doing it all from the back end. And of course, you want to log in at the end to make sure it looks good. But Headless is really being able to look at the metadata in its kind of raw form and update it and manipulate it and then push it back into Salesforce and boom, you have the magic happen.
Mike:
Gotcha. I think it's interesting. I mean, I know we're going to have a lot of really good sessions for Edmunds at Dreamforce about it. So the rapid pace of AI to me is ... I remember doing a podcast just learning about hallucinations and different terminologies like grounding and now we're all the way how far in and have agents building agents and I'm just like, "Wow, where are we going to be this time next year?"
Kacie Molina:
It is pretty wild. I was playing around with Agentforce, so something I really enjoy as an admin is not writing queries. So there's lots of things that I can do, but I might not want to spend the time doing tedious tests, like writing long formulas or queries. And I saw with the Salesforce inspector, you can download a prompt and I just put that into my Headless IDE and I said, "Hey, can you push this into my org so I can use Agentforce for querying?" And it took it and it had the wrong version, I think.
So it updated a couple things and it didn't even need help from me. It was just like, "Oh, this is an out of date version, so I'm going to update this." And then it pushed it in and then I refreshed my page and I could ask the little Einstein Agentforce character to write queries for me. So it is kind of fun on the backend, you can do so much in so short of a time and it's just fun to see. Like you ask something and then, boom, it gets created, whereas before it could take hours.
Mike:
For admins that want to be in the conversation about AI with their organizations, what would you suggest they do?
Kacie Molina:
So I think security is one of the biggest places to start and that's where I try to start is having ... Salesforce has good documentation on the different trust layers and how Agentforce works and then cost is another thing. So usually, I'm looking at kind of the different pillars of a project, like the scope of it, the cost of it, and then security as an admin, always a big thing. So backing that up with Salesforce and just understanding that when you use Agentforce that you can keep the data secure, there's that trust layer there so you're not just bleeding out your information to the whole world like you might be doing if you put it in some random AI tool.
And then with the cost as well, a lot of companies that I've talked with, they wonder, "How do I get started? Do I need to pay for something right away?" And Foundations has been a really great place to start because you get credits every month where you can try Agentforce and you can monitor your billing and it's safe to use. So that's something I always say like, "You can start really small with this. It's not something you need to implement even to every person in the org. You can have a couple super users that you trust and try small, start with Foundations."
So I think the starting small is where I've really doubled down on with clients. That way it's not a big decision necessarily for the company where it's such an IT burden and they're really worried about big things. If you have a really small scope to start with, people tend to feel more comfortable.
Mike:
Yeah. And I mean, with all the features, we always talk about rolling them out to super users or having that kind of core group of people that helps you vet new features and what's the best use case for your organization. I'm like you, like even the smallest, if you think about it like cracks in the sidewalk, even if you patch two or three of the smallest cracks in the sidewalk, you've still made the sidewalk sturdier. Just because you didn't tackle the big gap doesn't mean you didn't improve it. And sometimes, that little bit of friction for users is what really frustrates them too.
Kacie Molina:
It is. It can be something even as simple as searching for a record or seeing your top account. There's some basic requests that I feel like I see that are so helpful to users, whether it's like summarizing data, like I mentioned earlier, or being able to search for something. So sometimes people get really frustrated with the search bar and they're not finding what they want and there's definitely things you can do to help with that, but I think it's really helpful when they can use that agent to use natural language and say, "I'm looking for this or I want to create a case with these details."
When they can use their comfort language and they don't have to be so technically specific, for non-technical people, I think it's really helpful. Even for me, even though I love technical stuff, I still really like chatting with the agent like a human. I still say like, "Please, and thank you." And I like when it's funny back with me. So there's something comforting about that natural language I think when you enable it.
Mike:
Yeah, I hear you. Kacie, thanks so much for coming on the podcast. This is a fun conversation. I'm glad you posted randomly to LinkedIn and I'm glad I randomly found it and now you're a guest on the podcast. I mean, that's how I find some of the coolest conversations.
Kacie Molina:
I'm really happy you reached out to me about it because it's something I've been really passionate about and have some amazing colleagues I talk AI use cases with frequently. And so I was like, "Yeah, let's definitely talk about this," because you can start small and you can have so much fun with it. And my hope for every admin is that they can get hands-on with it, start to use it in their orgs and just have a ton of fun, because that's what new tools are for, right? Just like Flows.
Mike:
Absolutely. I agree. Thanks so much, Kacie.
Kacie Molina:
Well, thanks, Mike.
Mike:
Big thanks to Kacie, Molina for joining us and reminding us that Agentforce doesn't have to start with a giant project. Admins can create real impact just by listening for those small moments of friction and designing a secure solution while helping teams work better with data automation and AI. So be sure to subscribe, share this episode and keep the conversation going with your admin community. And until next time, we'll see you in the cloud.
More Business podcasts
Trending Business podcasts
About Salesforce Admins Podcast
The Salesforce Admins podcast features real-life Salesforce Admins, product managers, and community leaders who transform businesses, careers, and community with clicks, not code. This 20min (sometimes a bit more) weekly podcast hosted by Mike Gerholdt feature episodes to empower Salesforce Admins who are implementing Enterprise CRM solutions. There may be some (digital) confetti. For more than our most recent episodes, go to https://admin.salesforce.com/salesforce-admin-podcast.
Podcast websiteListen to Salesforce Admins Podcast, A Bit of Optimism and many other podcasts from around the world with the radio.net app

Get the free radio.net app
- Stations and podcasts to bookmark
- Stream via Wi-Fi or Bluetooth
- Supports Carplay & Android Auto
- Many other app features
Get the free radio.net app
- Stations and podcasts to bookmark
- Stream via Wi-Fi or Bluetooth
- Supports Carplay & Android Auto
- Many other app features


Salesforce Admins Podcast
Scan code,
download the app,
start listening.
download the app,
start listening.
















