All Use Cases / Sales Cloud
Sales Cloud Partner & Community Experience Visa

External Agentforce Access for Community & Partner Users

Extend Agentforce capabilities to external users — partners and community portal users — without requiring a full Salesforce licence.

Community PortalPartner PortalExternal AccessExperience CloudAgentforce
Published March 5, 2025

Overview

Agentforce is a powerful productivity multiplier — but its value has traditionally been confined to internal Salesforce users with full CRM licences. BuyFRAME’s External Agentforce Access solution breaks that boundary, enabling external-facing users such as community members, channel partners, and distributor contacts to interact with Agentforce agents through Salesforce Experience Cloud portals — no full Salesforce licence required.

This use case was first showcased on the Visa partner portal, where external stakeholders needed access to order sanity information and account intelligence without the cost or complexity of full internal user provisioning.

The Challenge

Organisations with large partner or customer communities face a fundamental tension:

  • Licence cost barrier — full Salesforce licences are expensive; provisioning them for every external partner or customer contact is cost-prohibitive
  • Disconnected experience — external users had to contact internal teams to get information that an AI agent could provide instantly
  • Manual information relay — internal users spent time answering routine queries from partners (order status, account health, compliance flags) that could be self-served
  • Security concerns — exposing internal Salesforce data to external users required careful, manually managed permission structures with no dynamic access control

The Agentforce Solution

BuyFRAME architected a secure, permission-governed External Agentforce layer on top of Salesforce Experience Cloud that:

  1. Authenticates users via Experience Cloud — partners and community users log in through the existing portal (no new accounts or systems)
  2. Routes queries to a context-aware Agentforce Agent — the agent is configured with Experience Cloud session context, knowing exactly which external user is interacting and what data they are permitted to access
  3. Enforces record-level security dynamically — through Salesforce’s native sharing model and OWD (Organisation-Wide Defaults), the agent can only surface data the user is authorised to see — zero risk of data leakage
  4. Handles common self-service queries, including:
    • Order sanity checks for orders linked to the partner’s account
    • Shipment and fulfilment status queries
    • Account-level compliance and document status
    • Product availability and pricing tier lookups
  5. Escalates gracefully — when a query exceeds the agent’s scope or the user’s data permissions, the agent routes to a human agent via Service Cloud’s omni-channel routing

Key Outcomes

MetricBeforeAfter
Partner self-service rate~10%~65%
Internal queries answered manually per week200+< 50
Licence cost per partner userFull CRM licenceExperience Cloud Community licence (fraction of cost)
Partner portal satisfaction score6.2 / 108.7 / 10
Time to answer routine partner query24–48 hours< 30 seconds

Technical Architecture

  • Salesforce Experience Cloud portal as the external access layer
  • Agentforce Agent scoped to Experience Cloud context, with explicit topic permissions per external user profile
  • Named Credentials & Connected App for secure API-level communication within the Salesforce trust boundary
  • OWD + Sharing Rules govern data visibility — the agent inherits the authenticated user’s data access exactly, with no elevated permissions
  • Einstein Trust Layer ensures all AI interactions are logged and auditable
  • Embedded Agent UI Component in the Experience Cloud page builder — drag-and-drop deployment

User Profiles Supported

  • Community Users — customers or registered users on a branded Experience Cloud site
  • Partner Community Users — channel partners with access to partner-specific records and pricing
  • Customer Community Plus Users — users with standard record visibility and CRM data access
  • Full internal Salesforce users are not required at any point

Security Model

All data access is strictly governed by:

  1. Salesforce Sharing Architecture — no special permissions granted; the agent runs as the logged-in user
  2. Agent Topic Permissions — only predefined topics and actions are exposed to external profiles
  3. Einstein Trust Layer — all prompts and responses are logged without retaining data outside the org
  4. Audit Trail — every agent interaction by an external user is logged to the Platform Event stream

How It Works (End User Flow)

  1. Partner logs into the Experience Cloud portal with their existing credentials
  2. Clicks “Ask Agent” in the portal header or navigates to the self-service panel
  3. Types a natural-language query — e.g. “What’s the sanity status of Order #00123456?”
  4. The Agentforce agent processes the query, checks permissions, retrieves relevant data
  5. Returns a structured, plain-language response directly in the portal UI
  6. For escalations, the agent creates a Service Cloud case and notifies the assigned partner success manager
buy-frame.com