AegisAI is the identity layer between AI agents (Copilot, Joule, Claude, ChatGPT, Gemini) and Salesforce. Per-user identity propagation. Salesforce's own access controls stay in charge. Every decision HMAC-audited.
⧉ IN ACTIVE DEVELOPMENT: 14-day sprint to LIVE state. OAuth 2.0 user-agent flow integration, profile permissions enforcement, field-level security verification.
⧉ PILOT-ELIGIBLE Q3 2026: Available during customer pilot engagements. Sandbox + Developer Edition supported.
Connector module sits on top of the per-user OAuth primitive built once at the gateway. Sandbox-to-production migration is config-only.
Salesforce's role hierarchy, profile permissions, field-level security, and record sharing rules are the gold standard for enterprise SaaS permissions. A connected app with 'API Enabled' + 'Modify All Data' blows the whole model up. The naive AI integration uses one. Your security team finds out. The conversation is unpleasant.
Salesforce OAuth 2.0 user-agent flow returns a session bound to the calling user. AegisAI uses that session, not a god-mode service account. Profile-based field-level security applies. Sharing rules apply. Record-level visibility applies. The Salesforce audit trail shows the actual user, just like a direct login.
Profile-based object and field permissions fire against the calling user. The AI assistant cannot surface fields the user shouldn't see.
Record-level sharing rules and role hierarchy permissions still apply. Cross-region or cross-team visibility stays controlled.
Shield Platform Encryption fields appear correctly to authorized users, encrypted to others. Per-user enforcement preserved.
Per-user OAuth means Apex callouts and Flow triggers fire under the actual user. Apex's 'with sharing' clauses work as intended.
Setup audit trail and field history tracking show the actual user, not a shared connected-app integration.
Multiple Salesforce orgs (sandbox, prod, scratch) — AegisAI handles per-org user identity mapping.
Three patterns enterprises try when AI meets Salesforce. Only one survives an audit.
| Capability | Service-account integration | Generic API gateway | AegisAI |
|---|---|---|---|
| Per-end-user audit attribution | ×Integration account at best | ×Token logged, identity lost | ✓Salesforce sees the actual user |
| Salesforce native permissions enforced | ×Bypassed by broad scope | ×Gateway is at wrong layer | ✓Salesforce's IAM is sole arbiter |
| Tamper-evident audit chain | ×Logs only | ×Logs only | ✓HMAC hash chain, re-walkable |
| Fail-closed on infra outage | ×Depends on app code | Partial | ✓Redis / Postgres down → deny |
Yes. The OAuth 2.0 user-agent flow is supported across Lightning, Classic, and the API. AegisAI handles all three.
Einstein/Agentforce calls Salesforce APIs under the user's session by design. AegisAI sits in front of any other AI agent (Claude, ChatGPT, Copilot) and gives them the same per-user behavior.
Yes. AegisAI's intent compiler maps natural language to specific objects; the policy engine can deny intents against sensitive objects (e.g., Compensation, BankAccount) before they even hit Salesforce.
Salesforce API limits apply per user when using per-user OAuth. AegisAI's rate limiting prevents one AI assistant from burning a user's daily quota.
Yes. Sandbox orgs use the same OAuth model. AegisAI environments map cleanly: dev sandbox, partial sandbox, full sandbox, production.
30-minute architecture call. We open the operator console and run real queries through your stack — see the audit chain tick up in real time.
