Skip to main content

Stack: Salesforce

Okta disaster recovery for Salesforce admins

Salesforce admins know that SSO problems show up as revenue problems. AEs lose access mid-pipeline review. CSMs can't open accounts during renewal week. Service agents drop calls. When Okta governs Salesforce authentication, the Okta-side configuration is the same operational risk as the org itself.

Butterfly captures point-in-time snapshots of the Okta configuration governing Salesforce access — the SAML or OIDC app, attribute mappings to Salesforce profiles, the SCIM provisioning feed, assigned groups, and sign-on policies. Restore preview shows the exact diff before any revert.

Book a 30-min demo with MickStart the free trial

What you get

How Butterfly fits Salesforce

Salesforce SSO app is versioned per snapshot

Every backup captures the Okta-side Salesforce app integration: SAML signing certificate, attribute statement (including the Federation ID mapping that ties Okta identity to Salesforce user), assigned groups, and sign-on policy.

SCIM provisioning to Salesforce profiles

The Okta-to-Salesforce SCIM connection is part of every snapshot. Group-to-profile mappings, attribute mappings, and the assignment population are all restorable.

Group rules that drive Salesforce profile and license assignment

Group rules are how most teams scale Salesforce profile, role, and license assignment. Butterfly versions every rule. Restore preview shows which Salesforce-bound groups would gain or lose members before you commit.

What goes wrong

Three incidents you have already seen variations of

Federation ID attribute drift breaks AE sign-on

An edit to the Federation ID attribute mapping was intended to align with a new user-naming convention. Existing AEs could not sign in because Salesforce could not find their Federation ID. Restore preview surfaces the mapping diff against the prior snapshot.

SCIM-driven profile change strips license

A group rule update meant to clean up unused profiles unintentionally pushed a profile change that revoked Sales Cloud licenses for a region. Pipeline review the next morning had three reps locked out of opportunities. Restore preview shows the group-rule + SCIM payload delta.

SSO signing certificate rotation breaks Salesforce trust

A scheduled signing-cert rotation in Okta was not coordinated with the Salesforce SSO Identity Provider trust. AEs hit a Salesforce SAML error mid-deal. Restore preview retrieves the prior certificate so the team has a known-good fallback.

Honest scope

What Butterfly captures — and what it does not

In scope

The Okta-side configuration governing Salesforce access: the Salesforce SAML / OIDC app integration with the full attribute statement (including Federation ID), the SCIM provisioning configuration, assigned users and groups, group rules driving Salesforce profile / role / license assignment, sign-on policies, and Workflows automations.

Out of scope

We do not back up Salesforce records, custom objects, profiles, permission sets, sharing rules, or Apex code. Salesforce-side backup is owned by tools purpose-built for that surface (OwnBackup, Gearset, the Salesforce-native Backup & Restore service).

Plans

Free, Standard, or Business

Free

$0 / forever

  • 1 Okta connection
  • 7-day retention
  • 1 total backup
  • No credit card

Standard

$1 / user / month — $99 minimum

  • 2 Okta connections
  • 90-day retention
  • Restore preview + dry-run
  • Audit Pack PDF (framework-filterable)

Business

$2 / user / month — $299 minimum

  • Unlimited Okta connections
  • Unlimited retention
  • Continuity (warm standby)
  • Priority restore support

Pricing reference: /upgrade. Provider coverage today: Okta, Okta Workflows, Auth0.

Regulatory shape

Compliance and audit angle

SOC 2 CC6 (logical access), ISO 27001 A.5.16 (identity management), and the SOX general IT controls many revenue orgs run under all expect the identity layer governing revenue-system access to be both restricted and demonstrably restorable.

Butterfly's own SOC 2 Type II work is in progress; current status lives in the Trust Center.

Frequently asked

FAQ

Is Butterfly a Salesforce backup product?

No. Butterfly backs up the OKTA configuration that governs Salesforce access. Salesforce-side data backup is a different category (OwnBackup, Gearset, Salesforce-native Backup & Restore). The two are complementary.

Can we audit historic SAML signing-certificate state?

Yes. Every Okta-side certificate is part of the snapshot. Restore preview surfaces the diff between snapshots and retrieves prior certificates as needed.

Does this help with SOX general IT control testing?

Yes. The Audit Pack PDF is framework-filterable to SOC 2 and includes point-in-time evidence of access-control configuration over time, which maps directly to SOX GITC change-management testing.

Recover your Okta org in minutes, not hours

Talk to Mick (the founder) for a 30-minute demo, or start the free trial. No credit card for the free tier.

Book a 30-min demo with MickStart the free trial

More stacks

Okta DR for other stacks

AWS infrastructureDatabricksSnowflakeHubSpotMicrosoft 365Google WorkspaceGitHub EnterpriseSlackJira SoftwareNotionZoomDatadog1Password BusinessGitHub + Okta SSOAWS IAM Identity CenterSalesforce + Okta SSOAtlassian stackFinancial servicesHealthcare provider

Trust posture, subprocessors, and security details: Trust Center.