Salesforce has a robust security model to protect data and ensure that only authorized users can access the system. Here’s a simplified explanation of some key components related to external security, including Network Access, Login IP Ranges, Expire All Passwords, Activations, and Audit Trail:
1. Network Access
Network Access in Salesforce controls which IP addresses or ranges of IP addresses are allowed to connect to your Salesforce instance.
- Purpose: This feature restricts access to your Salesforce organization from specific IP addresses or ranges. It’s useful for ensuring that only users from trusted networks (e.g., your company’s office network) can log in to Salesforce.
- How It Works: Administrators can define allowed IP ranges in the Salesforce setup. If a user tries to log in from an IP address outside these ranges, they may be denied access or required to complete additional verification steps.
2. Login IP Ranges
Login IP Ranges are Profile level settings that specify which IP addresses users can log in from. This is similar to the Network Access settings but focuses specifically on controlling login attempts. The settings for Login IP Ranges are more restrictive than those for Network Access.
- Purpose: It helps restrict where users can log in from, increasing security by reducing the risk of unauthorized access.
- How It Works: You set up a list of IP ranges in Salesforce’s Profile settings. When a user tries to log in, Salesforce checks if the login attempt is coming from an IP address within these ranges. If not, the user will be denied access to the Org.
3. Expire All Passwords
Expire All Passwords is a security feature that forces all users to change their passwords after it is activated. But it doesn’t expire the ongoing session rather it waits for the ongoing session to expire on its own or waits for the users to log themselves out.
- Purpose: This feature is used to enhance security, particularly if there’s a suspicion that user credentials might have been compromised or if it’s part of a regular security audit.
- How It Works: When activated, Salesforce will require all users to update their passwords the next time they log in. This ensures that old, potentially compromised passwords are no longer in use.
4. Activations
Activations settings allows you to remove a user or related client browser agent information from the Org who might have unauthorized access to the Org.
- Purpose: To control who has access to Salesforce and manage the lifecycle of user accounts. It includes activating new users, deactivating users who no longer need access, and enabling or disabling features.
- How It Works: Administrators can activate or deactivate user accounts through the Salesforce interface. Deactivating a user account ensures that the user can no longer log in or access Salesforce data, which is crucial for managing security when employees leave the company or change roles.
5. Audit Trail
Audit Trail (also known as Field History Tracking and Setup Audit Trail) provides a record of changes made to Salesforce data and configuration.
- Purpose: It helps monitor and track changes to data and settings, which is important for security, compliance, and troubleshooting.
- How It Works: Salesforce logs actions such as changes to user permissions, data modifications, and configuration adjustments. Administrators can review these logs to identify unauthorized or suspicious activity and ensure that any changes are appropriate.
Summary
- Network Access: Controls access based on IP addresses.
- Login IP Ranges: Restricts login attempts to specific IP addresses.
- Expire All Passwords: Forces a password change for all users to enhance security.
- Activations: Manages user accounts and feature access.
- Audit Trail: Tracks and logs changes to data and system settings for security and compliance purposes.
These features work together to ensure that Salesforce remains secure by controlling who can access the system, from where, and by monitoring activities and changes within the platform.