A step-by-step guide to configuring Access Change Monitoring for an org model, from polling interval to your first policy and acting on alerts.
This article walks through the setup of Access Change Monitoring for a selected org model. Aimed at the Change Monitoring manager performing the initial configuration, the guide covers the setup wizard.
Prerequisites
Enterprise plan with Access Change Monitoring add-on enabled
Connected and synced Salesforce Org for the monitoring target
Elements Managed Package connected to the target Salesforce Org
Editor or higher permission on the org model to finish setup and manage policies
Setup wizard
When you open Access Change Monitoring for an org model for the first time, a blocking setup wizard is displayed. The wizard cannot be dismissed while configuration is missing, and it guides you through three configuration areas: the polling interval, the Slack connection, and your first policy.
Polling interval
Step 1 of the setup wizard requires you to select the polling interval. Three values are supported:
5 minutes
30 minutes
60 minutes
The polling interval defines how often Access Change Monitoring fetches new entries from Setup Audit Trail for this org model. You cannot proceed to the next step until a valid interval is selected.
The polling interval is persisted on the monitoring job configuration for the current org model. Once selected, the polling interval cannot be modified. Modification will be supported in a later release.
Choose the interval that matches the risk profile of the org — 5 minutes for production orgs handling regulated data, 30 or 60 minutes for development sandboxes and lower-criticality environments.
Connecting Slack
Step 2 of the setup wizard is optional and lets you connect a Slack workspace.
Connect with Slack initiates the Slack OAuth flow. On successful return, the wizard displays Slack as connected, along with the workspace name.
Skip continues the setup without Slack. You can connect to Slack later from the Access Change Monitoring app settings.
The connected Slack workspace is stored at the space level.
The same Slack workspace is used across multiple Access Change Monitoring setups for different org models within the same space, so connecting Slack once is enough for an entire space.
Elements permissions required for Slack connection
Elements permissions required for Slack connection
Information "Elements" can view
View basic information about public channels in your workspace (app action)
View basic information about private channels that "Elements" has been added to (app action)
Actions "Elements" can take
Send messages as @elements (app action)
Send messages to channels @elements isn't a member of
Creating the first policy
What is a policy
A policy is a user-defined rule that tells Access Change Monitoring what to watch for and where to send the alert when a match is found. Each policy carries:
A name and severity (Low, Medium, High, or Critical)
An active toggle
A scope (which users, which operation, which category, and which target items)
One or more destinations (Slack channel and/or email recipients)
The monitoring job only runs when at least one active policy exists for the org model. The setup wizard therefore ends with the creation of the first policy.
Critical system permissions gained template
The final step of the setup wizard is the "Create first policy" screen, presented as a modal with three steps: Policy, Scope, and Destination.
An informational banner at the top of the wizard explains the default behavior: the first policy is pre-filled to monitor when the View All Data or Modify All Data system permissions are granted. You can customize the policy during setup or edit it later.
Step 1 — Policy
Set the policy name (required), severity (required), and the active toggle.
Step 2 — Scope
Configure what to monitor:
User filter — Any users, or Users with licenses. When filtering by license, select one or more user licenses, so that you can narrow the policy configuration only to specific users.
Operation — Gained, Lost, or Gained or Lost (triggered by one of the operations)
Category — System permissions, Object permissions, Field permissions, or Assignment membership.
Target items — a multi-select list of specific permissions, objects, fields, or controllers, depending on the category. At least one target item must be selected.
A policy preview line at the top of Step 2 updates dynamically as you make selections, so you can read the policy in plain language before saving it.
Step 3 — Destination
Configure where to deliver alerts:
Slack — if Slack is connected, select one channel from the multi-select list. If Slack is not connected, the field is hidden and a prompt to connect Slack is shown.
Email — add one or more email recipients.
At least one destination must be configured before the policy can be saved.
Once the first policy is saved, the setup wizard closes, and the monitoring job becomes active.