Salesforce Summer '26 for Admins: Flow, Security, and Platform Features That Pay Back Immediately

If you are a Salesforce admin, Summer '26 is one of those releases worth reading carefully. The headline AI features get the press, but tucked underneath is a long list of platform improvements that quietly make your week easier — better Flow tooling, real security upgrades, accessibility wins, and a few permission changes that fix problems we have been working around for years.

Sandboxes upgrade from 8 May 2026 and production waves follow in mid-to-late May. Here is what is genuinely worth your attention, with the boring-but-essential stuff included.

Flow Builder: Several Small Wins That Add Up

Flow Builder has become the default automation tool for most Salesforce orgs, and Summer '26 keeps polishing the surface in useful ways.

Radio Button Group Component. A proper horizontal or vertical choice display, finally. Less scrolling on screen flows, cleaner UX for end users, and a modern alternative to the older picklist patterns.

Date Operators in Decision Logic. New operators including "Is Today," "Is Anniversary of Today," and "Last Number of Days" let you build date-based branching without writing formula workarounds. The number of flows we have seen with cryptic formula fields just to handle simple date logic suggests this will be widely adopted.

Batching for Scheduled Flows. You can now specify a custom batch size (1-200) for scheduled flows to optimise execution and stay clear of governor limits. For orgs running high-volume scheduled flows, this single setting can be the difference between a flow that completes reliably and one that fails sporadically.

Email Template Persistence. Send Email actions now reference template names instead of internal IDs. If you have ever deployed a flow between environments and watched the email template reference break because the ID was different in sandbox vs production, you will appreciate this immediately.

Static Resource Images in Display Text. Browse and upload images directly from the Display Text component without leaving Flow Builder. Small change, big quality of life improvement.

Screen Flow Styling Expansion. You can now customise the appearance of more components — Action Button, Address, Choice Lookup, Lookup, Toggle. Branded screen flows get noticeably easier.

Autolaunched Flows in Flexcards. For Omnistudio users, autolaunched flows can now be invoked as native data sources in Flexcards, letting you reuse existing business logic instead of duplicating it.

Troubleshoot Flows with Agentforce

The most interesting Flow change in this release: use generative AI to diagnose flow errors, both at design time and at run time. The AI looks at what went wrong, explains the cause in plain language, and in many cases proposes an automatic fix.

For new admins or admins inheriting an unfamiliar org, this is a genuine accelerator. The hours spent staring at a debug log trying to figure out why a flow failed can collapse to a useful AI explanation in seconds.

The usual caution applies: the AI's suggestion is a starting point, not a verdict. But as a "what is probably wrong here" diagnostic, it is a meaningful productivity gain.

Permissions and Sharing: Three Real Fixes

The permissions and sharing improvements in Summer '26 are not glamorous, but they fix problems admins have lived with for a long time.

Field Access Summary. Review field-level security across all profiles, permission sets, and groups in one place inside Object Manager. If you have ever needed to answer "who can see this field" and discovered the answer required half an hour of clicking through profiles, this is the fix.

Manage Shared List Views Permission. A new granular permission that lets users share their personal list views without giving them the broad ability to manage all public list views. Fixes a real gap in the permission model.

Profile Permission Dependencies. When you change a profile permission, you now see the required dependent permission changes immediately, rather than discovering them later in Setup Audit Trail. Saves an admin from accidentally breaking something downstream.

Queue Hierarchy Access Control. New "Grant Access Using Hierarchies" setting restricts record sharing to specified queue members only, rather than rolling up the entire role hierarchy. For organisations with sensitive case or record data, this is an important control.

SOAP API Login Control. A new "Any API Auth" permission restricts SOAP API authentication to designated users. If you have been working through a Salesforce security review, you know why this matters.

Security Hardening

Several security improvements deserve attention, especially if you are working through compliance requirements under the NZ Privacy Act 2020 or AU privacy law.

Malware Scanning (GA). Files uploaded to Salesforce Files are automatically scanned for malware, with a new permission to notify users when malicious content is detected. This is a meaningful baseline improvement and should be enabled in most orgs.

Profile Modification Monitoring. Transaction Security Policies now track admin changes to critical profile permissions in real time. If you have ever needed to demonstrate to an auditor or board that you have controls over privileged changes, this gives you the evidence trail.

Unverified Domain Email Handling. Users with email addresses on unverifiable public domains (free email accounts, contractor emails, etc.) can now be configured to send from substitute email addresses. Useful for hybrid teams and consultants.

IPv6 Support Preparation. Salesforce is preparing IP allowlists to support IPv6 addresses. If you currently restrict access by IP, get ahead of this — domain-based allowlists are recommended as the preferred approach going forward.

Excel Export Formula Protection. Excel exports now have an option to disable formula interpretation by prepending values with an apostrophe when they start with =, +, or -. This closes a small but real CSV injection risk that has bitten plenty of orgs.

Lightning Experience and Mobile

The user-facing experience also gets a meaningful upgrade in Summer '26.

Brand Color Palettes. Configure branded colours once in theme settings and apply them consistently across all reports and dashboards. The end of "every dashboard looks slightly different" frustration.

Slack Panel Integration. Streamlined Slack collaboration available by default in Lightning, with one-click open/close. For orgs running Salesforce + Slack together, this lowers the friction for collaborative work on records.

Dark Mode Expansion. Dark mode is now available in Performance and Unlimited editions, with the option to upload a custom dark-mode logo. Comes up surprisingly often as a user request.

Accessibility Enhancements (WCAG 2.2 Resize and Reflow). Multiple updates for page headers, modal windows, date pickers, and list components at 200%+ zoom. If accessibility is part of your compliance requirements, these are real improvements.

Mobile

Customisable Mobile Home Page. Admins finally get centralised control over the mobile home layout, with configurable cards for Reports, Favorites, Calendar, Events, and Tasks. The mobile experience can now be designed, not just defaulted.

Actionable Push Notifications. Notifications now include action buttons for completing tasks, approving requests, and snoozing reminders directly from the lock screen.

Email-Based Login Default. The mobile app now prioritises email authentication, reducing the administrative overhead of username-based logins.

Mobile AI Transcription and Agentforce Voice on Mobile. Covered in detail in our Sales Cloud post — but worth noting these are mobile-first AI capabilities that admins will need to configure.

Web Console for Apex (Beta)

For admin-developers, a notable new capability: a web-based console for Apex that lets you build, debug, and deploy Apex code directly in an embedded client-side IDE inside Salesforce. Beta status, so do not bet production work on it yet, but it is a sign of where the platform tooling is heading.

Sandbox Upgrade Timing

Practical scheduling note: sandboxes upgraded from 8 May 2026. If you have not yet refreshed a Full or Partial Copy sandbox to validate your customisations against Summer '26, do it now. Production waves are starting mid-to-late May, and the integration testing window is narrow.

Areas most worth re-testing:

• Custom flows that depend on email template references (because of the new persistence behaviour)
• Any process that touches profile permissions or shared list views
• Mobile app workflows, especially custom Lightning pages and home page configurations
• Integrations using SOAP API authentication
• Reports and dashboards that use brand colours

Where SaaSKool Can Help

Releases like Summer '26 are deceptively risky for under-resourced admin teams. Each individual change is small, but they accumulate — and the cumulative risk to your customisations and integrations is real. We help NZ and AU businesses navigate releases without surprises.

Specifically, we offer:

• Release readiness audit — a structured pre-release review of your org against Summer '26 changes, with a prioritised list of what to test, what to enable, and what to schedule for the next release.
• Flow migration and modernisation — if you still have workflow rules and process builders that need migrating to Flow, this release continues to make that a high priority. We do this work efficiently and document it properly.
• Security baseline uplift — turn on malware scanning, profile change monitoring, and the new permission controls in a coordinated way, with the documentation your auditors will want.
• Fractional admin support — for organisations without a dedicated Salesforce admin, we provide ongoing fractional admin coverage so releases like this are handled by someone who actually knows your org.
• Apex and integration testing — we can validate your custom code and integrations against Summer '26 changes before the production wave hits.

Book a free Salesforce health check and we will identify which Summer '26 changes are most likely to affect your org, and what to do about them.

A Short Word on Documentation

One last admin-to-admin note: every release is a chance to update documentation that has gone stale. If you turn on a new permission, change a flow batch size, or enable malware scanning, write it down — in a place your future self or your replacement will find. Salesforce orgs decay in proportion to undocumented changes. A 15-minute documentation habit per release is the cheapest insurance you will ever buy.

For the full Salesforce Summer '26 release notes, see Salesforce's release page. If you want a partner to help you separate the urgent from the optional, get in touch.