Record-Triggered Flow on the E-Signature Log & E-Signature Request object

Q: Can I use a Record-Triggered Flow on the E-Signature Log/E-Signature Request object to automate updates after signer actions (guest user)?

Yes, but with a significant caveat. While you can trigger a flow when an E-Signature Log is created or E-Signature Request is updated, any DML operations (creating, updating, or deleting records) will likely fail if the flow stays within the original user context (only for guest user context).

Q: Why do DML operations fail when a signer completes a document?

When a signer confirms their signature, the Guest User profile typically creates the E-Signature Log record and updates the E-Signature Request record to update Is Signed, Response Recieved on, Status. In Salesforce’s security model, Guest Users have highly restricted permissions and generally cannot edit records they do not own or access objects outside of their limited scope. Since the flow inherits this "Guest User" context, it lacks the elevated permissions required to perform further database changes.

Q: How can I perform updates if the Guest User is restricted?

To bypass these restrictions, you must switch the execution context from the Guest User to a System User. The most reliable, Salesforce-recommended method for this is using the Platform Event mechanism.

Q: How does the Platform Event approach work?

The process follows these steps:

1. The Trigger: The Record-Triggered Flow (running as the Guest User) publishes a custom Platform Event instead of trying to update records directly.
2. The Hand-off: Platform Events are processed asynchronously.
3. The Execution: A second flow (an Platform Event-Triggered Flow) picks up the event. This second flow runs under the Automated Process User context, providing the elevated permissions needed to perform DML operations across your Salesforce org.

Q: What are the benefits of using this architectural pattern?

• Security: It maintains the integrity of the Guest User profile while allowing necessary business logic to execute.
• Reliability: It prevents flow "Fault" errors caused by "Insufficient Privileges."
• Scalability: This pattern is the standard Salesforce solution for handling complex logic initiated by unauthenticated users.

Salesforce References

Guest User Security Policies and Timelines

Give Guest Users Access to Update Records