salesforce_security_impl_guide

More documents

Recommendations

Info

Configuring Salesforce Security Features Setting Password Policies Field Obscure secret answer for password resets Description This feature hides answers to security questions as you type. The default is to show the answer in plain text when you answer a security question, for example when resetting your password. Note: If your organization uses the Microsoft Input Method Editor (IME) with the input mode set to Hiragana, when you type ASCII characters they’re converted into Japanese characters in normal text fields. However, the IME does not work properly in fields with obscured text. If your organization’s users cannot properly enter their passwords or other values after enabling this feature, disable the feature. Require a minimum 1 day password lifetime When you select this option, passwords can’t be changed more than once in a 24 hour period. 3. Customize the forgotten password and locked account assistance information. Note: This setting is not available for Self-Service portals, Customer Portals, or partner portals. Field Message Help link Description When set, this custom message appears in the Account Lockout email and at the bottom of the Confirm Identity screen for users resetting their passwords. You can customize it with the name of your internal help desk or a system administrator. For the lockout email, the message only appears for accounts that need an administrator to reset them. Lockouts due to time restrictions get a different system email message. If set, this link displays with the text defined in the Message field. In the Account Lockout email, the URL displays just as it is typed into the Help link field, so the user can see where the link takes them. This is a security feature because the user is not within a Salesforce organization. On the Confirm Identity password screen, the Help link URL combines with the text in the Message field to make a clickable link. Security isn’t an issue since the user is in a Salesforce organization when changing passwords. Valid protocols: • http • https • mailto: 80
Configuring Salesforce Security Features Expiring Passwords 4. Specify an alternative home page for users with the “API Only User” permission. After completing user management tasks such as resetting a password, API-only users are redirected to the URL specified here, rather than to the login page. 5. Click Save. Expiring Passwords To expire passwords for all users, except those with the “Password Never Expires” permission: 1. From Setup, click Security Controls > Expire All Passwords. 2. Select Expire all user passwords . 3. Click Save. The next time each user logs in, he or she will be prompted to reset his or her password. Tips on Expiring Passwords Consider the following when expiring passwords: • After you expire passwords, users might need to activate their computers to successfully log in to Salesforce. • You can expire passwords for all users any time you want to enforce extra security for your organization. • Expire all user passwords does not affect Self-Service portal users, because they are not direct Salesforce users. EDITIONS Available in: • Professional • Enterprise • Performance • Unlimited • Developer • Database.com USER PERMISSIONS To expire all passwords: • “Manage Internal Users” Restricting Login To Trusted IP Ranges for Your Organization Note: Who Sees What: Organization Access Watch how you can restrict login through IP ranges and login hours. EDITIONS Available in all editions To help protect your organization’s data from unauthorized access, you can specify a list of IP addresses from which users can log in without receiving a login challenge: 1. From Setup, click Security Controls > Network Access. 2. Click New. 3. Enter a valid IP address in the Start IP Address field and a higher IP address in the End IP Address field. The start and end addresses define the range of allowable IP addresses from which users can log in. If you want to allow logins from a single IP address, enter the same address in both fields. For example, to allow logins from only 125.12.3.0, enter 125.12.3.0 as both the start and end addresses. USER PERMISSIONS To view network access: • “Login Challenge Enabled” To change network access: • “Manage IP Addresses” The start and end IP addresses in an IPv4 range must include no more than 33,554,432 addresses (2 25 , a /7 CIDR block). For example, the following ranges are valid: • 0.0.0.0 to 1.255.255.255 • 132.0.0.0 to 132.255.255.255 • 132.0.0.0 to 133.255.255.255 81
Page 1 and 2:
Security Implementation Guide Versi
Page 3 and 4:
CONTENTS Chapter 1: Security Overvi
Page 5 and 6:
Contents Editing Lead Sharing Rules
Page 7 and 8:
CHAPTER 1 Security Overview Salesfo
Page 9 and 10:
Security Overview User Security Ove
Page 11 and 12:
Security Overview Custom Permission
Page 13 and 14:
Security Overview CAPTCHA Security
Page 15 and 16:
Security Overview Auditing • Role
Page 17 and 18:
Securing and Sharing Data Revoking
Page 19 and 20:
Securing and Sharing Data Viewing P
Page 21 and 22:
Securing and Sharing Data Cloning P
Page 23 and 24:
Securing and Sharing Data App and S
Page 25 and 26:
Securing and Sharing Data Working w
Page 27 and 28:
Securing and Sharing Data Enable Cu
Page 29 and 30:
Securing and Sharing Data Assigning
Page 31 and 32:
Securing and Sharing Data Creating
Page 33 and 34:
Securing and Sharing Data Editing P
Page 35 and 36: Securing and Sharing Data Searching
Page 37 and 38: Securing and Sharing Data Enable Cu
Page 39 and 40: Securing and Sharing Data Object Pe
Page 41 and 42: Securing and Sharing Data Comparing
Page 43 and 44: Securing and Sharing Data Setting F
Page 45 and 46: Securing and Sharing Data Working w
Page 47 and 48: Securing and Sharing Data Setting L
Page 49 and 50: Securing and Sharing Data Restricti
Page 51 and 52: Securing and Sharing Data Managing
Page 53 and 54: Securing and Sharing Data External
Page 55 and 56: Securing and Sharing Data Disabling
Page 57 and 58: Securing and Sharing Data Creating
Page 67 and 68: Securing and Sharing Data Editing L
Page 69 and 70: Securing and Sharing Data Editing C
Page 71 and 72: Securing and Sharing Data Editing C
Page 73 and 74: Securing and Sharing Data Sharing R
Page 75 and 76: Securing and Sharing Data User Shar
Page 77 and 78: Securing and Sharing Data Sharing U
Page 81 and 82: Securing and Sharing Data Viewing A
Page 83 and 84: Securing and Sharing Data Granting
Page 85: Configuring Salesforce Security Fea
Page 89 and 90: Configuring Salesforce Security Fea
Page 95 and 96: CHAPTER 4 Enabling Single Sign-On S
Page 97 and 98: Enabling Single Sign-On • Before
Page 99 and 100: Monitoring Your Organization's Secu
Page 107 and 108: Security Tips for Apex and Visualfo
Page 113 and 114: INDEX A Access about 10 revoking 11
Page 115 and 116: Index Profiles (continued) object p
show all

salesforce_security_impl_guide

Create successful ePaper yourself

Delete template?

Save as template?