The Pattern
Browse AgentExchange, find an agent, click Activate. Auto-install, auto-configure reasonable defaults, authorize data access, the agent is operational. Minutes instead of days. Behind the click: the AgentExchange platform deploys the agent metadata into a partner-managed namespace, provisions the Connected App and Permission Set, prompts for OAuth on any external dependencies, and runs the partner’s smoke-test eval set against your sandbox before flipping the activation flag.
What gets configured automatically:
- Agent metadata (Topics, Actions, Instructions, system prompt)
- Connected App with declared scopes
- Permission Set assigned to a placeholder agent user
- Named Credentials for any external dependencies
- Trust Layer policy bindings (allowed models, redaction rules)
- Command Center trace destination set to your Data Cloud tenant
- First-run eval set executed; pass required to flip liveWhat Changes
Traditional AppExchange install was “install package, configure, wire integrations” — typically 2–10 days of admin and developer work. Agents compress this because the platform handles configuration. The user supplies credentials and access policy; everything else auto-configures from the partner’s published install manifest. Admin time per install drops from days to under 30 minutes for a well-published listing.
Governance Considerations
One-click activation can bypass review if admins aren’t careful. Set policy at the org level: which agents auto-activate for end users (low-risk productivity copilots), which require admin approval (any agent that writes to standard CRM objects), and which require security committee review (any agent handling PII, PHI, or financial data). Prevent shadow-agent proliferation by limiting Activate permission to a controlled Permission Set and requiring a documented business justification on the install request.
Recommended approval matrix:
Read-only productivity agent Self-service for users on the agent PSG
Read+write to standard objects Admin approval required
PII / PHI / financial data Security committee + legal sign-off
Cross-org or external data Architecture review required
Agent Fabric routing target Security committee + Fabric adminRollback
Agents activated easily should deactivate easily. Uninstall via the AgentExchange Installed Agents page revokes the Connected App, removes the Permission Set, deletes the namespace metadata, and purges the Trust Layer audit cache after the configurable retention period. Verify rollback paths before widespread activation — always easier to prevent bad agents than to remove stubborn ones. Document who can deactivate and under what conditions; ad-hoc deactivation in production can break dependent flows that quietly assumed the agent was running.
When to Skip One-Click
Skip for any agent that needs significant customization beyond defaults — install via the Agentforce Builder Installer (fall 2026) instead, which preserves a customization layer. Skip for production rollouts where you need a controlled release window — the smoke-test pass is automatic but doesn’t replace your change-management process.
Common Failure Modes
- Allowing self-service activation org-wide and discovering 50 agents installed by curious end users in week one.
- Skipping the partner’s eval set as “vendor marketing” — those tests catch most config-time errors.
- Letting the agent run on a permanent admin user instead of a dedicated agent user. Audit attribution collapses.
- Forgetting to set per-agent budget caps in Command Center; runaway loops become billing surprises.
What to Do This Week
Define your three-tier approval matrix (self-service, admin-approval, security-committee), publish it in your Salesforce admin runbook, and configure the Activate permission on AgentExchange listings to match.
