Agentforce can reason across topics, invoke standard or custom actions, call flows and Apex, retrieve knowledge, use Data 360, and work through Salesforce and external channels. Salesforce provides the builder, planner, Trust Layer, permissions, testing, session tracing, analytics, and consumption controls. Those controls do not determine who responds when an agent selects the wrong topic, calls an action with unsafe arguments, loses access after a permission change, consumes credits in a loop, or leaves a customer workflow in the wrong state.
Datrick provides an ongoing operating layer for an agreed Agentforce estate. Named engineers correlate sessions, traces, topics, actions, prompts, flows, Apex, APIs, agent users, channels, Data 360, knowledge, user reports, Digital Wallet usage, releases, and target-system outcomes. Salesforce Support remains the escalation path for platform defects. Datrick owns the client-specific diagnosis, containment, validation, communication, change, and prevention accepted in the service boundary.
Do you have live Agentforce agents but no team accountable for turning an unresolved interaction, failed action, permission issue, quality drop, or credit spike into a verified outcome? Start with one production portfolio.
Define ownership across Agentforce, the Salesforce org, integrations, and business outcomes
A production path can include a web, messaging, voice, Slack, or Lightning channel; an authenticated user or dedicated agent user; topics, instructions, variables, prompts and guardrails; standard and custom actions; flows, Apex, MuleSoft, APIs and MCP servers; knowledge and Data 360; Service, Sales, Marketing, Commerce, or Industry Clouds; observability and testing; and downstream systems that create the actual outcome. Name which layers the managed service owns, observes, changes, coordinates, or excludes.
Document orgs and environments, agent types and versions, channels, user contexts, topics, actions, flows, Apex classes, prompt templates, data libraries, Data 360 objects, integrations, licenses, support hours, severity, response and update targets, quality thresholds, telemetry, data classes, change authority, consumption budgets, fallback, and Salesforce escalation. “Agentforce support” is not a usable service boundary until these details are explicit.
Operate the complete Agentforce production surface
| Service area | Managed responsibility | Boundary to define |
|---|---|---|
| Sessions and channels | Availability, session starts and completion, handoff, abandonment, latency, user feedback, channel configuration, identity continuity, and fallback. | Supported agents, channels, users, regions, languages, hours, volume, SLO, escalation, and human handoff. |
| Topics and instructions | Classification, routing, scope, refusal, escalation, instruction adherence, overlaps, gaps, response behavior, and versioned change. | Business owner, accepted intent, prohibited behavior, priority, quality threshold, test set, and approval authority. |
| Actions and integrations | Standard and custom actions, flow, Apex, prompt template, API, MuleSoft or MCP target, schema, authentication, timeout, error, retry, idempotency, and rollback. | Allowed actions, owner, permission, user verification, side-effect risk, approval, target SLO, and emergency disable path. |
| Knowledge and Data 360 | Data library, retrieval, grounding, freshness, access, indexing, conflicting evidence, citations, ingestion, session tracing objects, masking, and exclusion. | Authoritative source, data owner, refresh, quality, retention, PII, dataspace, access policy, and deletion requirement. |
| Identity and security | Logged-in user versus agent-user context, licenses, permission sets, object, field and sharing access, flow and Apex access, prompt and knowledge permissions, and private actions. | Principal model, least privilege, channel authentication, sensitive actions, security route, access review, and audit evidence. |
| Testing and release | Ground-truth cases, batch evaluation, topic and action accuracy, response quality, permissions, target-state checks, metadata dependencies, activation, canary, and rollback. | Source of truth, environments, test threshold, judge calibration, approval, deployment order, freeze, compatibility, and acceptance evidence. |
| Consumption and value | Flex Credits, conversations, action and prompt usage, voice minutes where applicable, Data 360 consumption, license dependencies, loops, anomaly, attribution, and outcome. | Contract and rate card, Digital Wallet owner, budget, alert threshold, business KPI, unit economics, and optimization authority. |
Combine session tracing, observability, testing, and target-state evidence
Agentforce Session Tracing can capture turn-by-turn interactions, planner execution, actions, prompt and gateway inputs and outputs, errors, and final responses in a unified Data 360 model. It is turned off by default. Its records can contain sensitive data and require governance, masking, exclusion, and access policies. The beta OTel export API provides a unified session trace for external observability, but Salesforce documents single-session retrieval, standard API limits, and a 72-hour session-start window.
Native observability is valuable but not uniformly real time. Salesforce documents approximate refresh intervals of 30 minutes for the Session Tracing Data Model, 45 to 60 minutes for agent analytics, daily for moments and quality scores, and weekly for tags. Use those dashboards for trend and root-cause work, while immediate operational alerts also watch channel failures, flows, Apex, APIs, integration queues, user reports, target-system audits, and credit anomalies.
Agentforce Testing Center can evaluate expected topic, action, and response against ground truth, generate cases, inspect action sequences, use LLM-as-a-judge, and test multi-turn interactions. Maintain representative cases for authenticated and anonymous users, ambiguous requests, no-match conditions, channel constraints, denied actions, injection attempts, and consequential side effects. Calibrate automated scores against expert review, then reconcile the final CRM or external-system state. A passing response score does not prove that a case, order, entitlement, or account changed correctly.
Distinguish routing, action, permission, data, release, and consumption failures
| Symptom | Evidence to reconcile | Safe containment | Permanent control |
|---|---|---|---|
| Wrong topic, response, or escalation | Session trace, utterance, selected topic, instructions, planner steps, model, grounding, action sequence, user context, quality score, expected result, and recent change. | Disable or narrow the affected path, force human handoff, restore accepted version, preserve sessions, and correct customer impact. | Representative ground truth, overlap and no-match tests, calibrated scoring, human review, canary, and outcome SLO. |
| Action fails or changes the wrong state | Action schema and arguments, flow or Apex execution, identity, permission, API request and response, retry, target audit, idempotency, and partial side effects. | Disable action, block replay, revoke access if needed, isolate records, use manual fallback, and reconcile the target state. | Contract tests, least privilege, user verification, validation, idempotency, approval, negative tests, and rollback. |
| Permission denied or excessive access | Channel, logged-in or agent user, licenses, permission sets, object and field access, sharing, flow, Apex, prompt, knowledge and Data 360 policies, and audit logs. | Stop sensitive action, remove excessive permission, restore approved access, preserve evidence, and invoke security response when required. | Access matrix, least-privilege role, automated denied-access tests, periodic review, deployment check, and emergency disable path. |
| Knowledge or Data 360 regression | Source freshness, ingestion and indexing, data library, retrieval results, citations, conflicting content, dataspace, masking, trace data, expected evidence, and recent data change. | Remove affected source, route to human review, restore trusted content, narrow access, and correct any downstream decision. | Source ownership, freshness SLO, retrieval tests, citation review, access policy, ingestion alert, and content release process. |
| Deployment or activation failure | Agent and version metadata, AiAuthoringBundle, Bot and BotVersion, target references, agent user, flow and Apex dependencies, target-org licenses, activation state, API version, and deployment log. | Stop promotion, preserve the accepted production version, deploy and activate dependencies in the required order, then validate before traffic. | Version manifest, dependency graph, sequential deployment runbook, environment checks, post-activation smoke test, and rollback. |
| Unexpected Flex Credit consumption | Digital Wallet, agent, channel, standard and custom actions, prompt usage, voice, loops, retries, topic paths, user volume, Data 360 usage, rate card, and business outcomes. | Pause noncritical agent or action, stop loops, cap traffic, route to human, protect remaining credits, and notify the commercial owner. | Per-agent attribution, budget and anomaly alert, action-efficiency review, load forecast, test traffic separation, and unit economics. |
Safe replay is a business decision, not only a flow or API retry. Before restarting a failed interaction, determine whether an action already created or changed a Salesforce or external record, sent a message, consumed inventory, initiated payment, or opened an approval. Use idempotency keys, target-state reconciliation, and explicit approval for consequential actions. A successful planner run can still leave an incorrect business state.
Control identity, action authority, and tracing data
Employee-style agents can run in the context of the logged-in user, while customer-facing messaging agents can use a dedicated agent user. The effective authority therefore depends on the channel, agent type, user, licenses, permission sets, field-level security, sharing, flows, Apex classes, prompt templates, knowledge, and Data 360 access. Do not grant agent-building or management permissions to end users or the agent user. Test what each persona is denied as carefully as what it can do.
Private actions require reliable user identification. For custom or third-party channels, define authentication, identifier mapping, token expiry, re-verification, and session invalidation behavior. Session trace data can include PII, prompts, model outputs, action arguments, and business data; apply Data 360 governance, dynamic masking, field exclusions, retention, and least-privilege access. Operational visibility must not become an ungoverned copy of sensitive interactions.
Version agents and deploy dependencies in a controlled order
Agentforce metadata can span AiAuthoringBundle, Bot, BotVersion, GenAiPlannerBundle, flows, Apex classes, prompt templates, data dependencies, and an agent user that differs between source and target orgs. Salesforce documents that committed agent versions are immutable and require a new version for changes. A flow containing an agent action can fail validation when its referenced agent is missing or inactive, including when both are placed in the same deployment package.
Use a dependency-aware release sequence: validate licenses and features, deploy the agent and required metadata, assign the target agent user and permissions, activate the accepted version, deploy dependent flows, run permission and integration smoke tests, execute representative quality cases, canary traffic, and preserve the prior active version and manual fallback. Track Salesforce's frequent Agentforce platform changes as operational dependencies, not only release-note reading.
Onboard through inventory, baselines, failure exercises, and shadow operations
- Inventory: orgs, environments, agents, versions, channels, users, topics, actions, flows, Apex, prompts, knowledge, Data 360, integrations, telemetry, licenses, and outcomes.
- Responsibility: define supported layers, SLOs, severity, access, data handling, quality, change authority, budget, dependencies, fallback, Salesforce escalation, and exclusions.
- Baseline: measure sessions, completion, escalation, abandonment, topic and action accuracy, response quality, latency, errors, target-state success, trace coverage, consumption, and incidents.
- Controls: validate principal and permissions, private actions, data governance, testing, deployment order, safe replay, rollback, Digital Wallet monitoring, and human handoff.
- Exercise: rehearse a wrong topic, failed action, duplicate side effect, permission denial, stale knowledge, trace gap, quality regression, deployment failure, credit spike, and platform incident.
- Transition: operate in shadow, close or accept material gaps, publish runbooks and escalation routes, and accept the steady-state support scope.
Start with the Agentforce agents that already create customer, revenue, or operational consequence. Datrick can define the operating boundary, close material control gaps, and transition one portfolio into managed support.
Request an Agentforce operations reviewOfficial references and adjacent operating guides
- Salesforce Agentforce Session Tracing
- Salesforce Agentforce Observability
- Agentforce Session Trace OTel API
- Salesforce Agentforce Testing Center
- User access for Agentforce actions
- Retrieve and deploy Agentforce metadata
- Agentforce Flex Credit usage types
- White-label AI agent managed support for MSPs
- Managed human evaluation for AI agents
Frequently asked questions
What is included in Salesforce Agentforce managed services?
A defined managed service can include session tracing and observability, test suites and quality review, topics and instructions, actions, flows, Apex and APIs, knowledge and Data 360 dependencies, agent users and permissions, incidents, controlled releases, Flex Credit consumption, runbooks, and service reporting. The exact scope depends on the agents, channels, integrations, licenses, environments, access, and accepted responsibility boundary.
Does Agentforce Observability provide real-time incident monitoring?
Not for every signal. Salesforce documents approximate refresh intervals of 30 minutes for the Session Tracing Data Model, 45 to 60 minutes for agent analytics, daily for moments and quality scores, and weekly for tags. Operational support therefore combines native observability with channel, flow, Apex, API, integration, target-system, user-report, and consumption signals, plus explicit escalation rules.
How do you test an Agentforce agent before production?
Use representative test cases with expected topics, actions, responses, target states, permissions, personas, channels, edge cases, and unsafe requests. Run them in Agentforce Testing Center and complementary integration tests, calibrate LLM-as-a-judge results against human review, verify side effects, and require accepted release thresholds. Testing Center supports scale testing but does not replace production monitoring or business-state reconciliation.
How do you secure Agentforce actions and data access?
Define whether each agent runs in the logged-in user context or an agent-user context, grant least privilege for objects, fields, sharing, flows, Apex, prompt templates, knowledge and Data 360, authenticate users before private actions, constrain action authority, protect session trace data, test denied access, and maintain an emergency disable path. Salesforce provides platform controls, while customers remain responsible for their configuration and guardrails.
How long does Agentforce managed support onboarding take?
A focused onboarding commonly takes two to four weeks for a representative agent portfolio. It covers inventory, ownership, observability and test baselines, topics and actions, identities and permissions, integrations and target states, open incidents, releases, consumption, runbooks, controlled failure exercises, and acceptance of the steady-state service scope.
Need the same support model across several agent platforms?
Review white-label AI agent managed support for MSPs