salesforce_security_impl_guide
salesforce_security_impl_guide
salesforce_security_impl_guide
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configuring Salesforce Security Features<br />
Expiring Passwords<br />
4. Specify an alternative home page for users with the “API Only User” permission. After completing user management tasks such as<br />
resetting a password, API-only users are redirected to the URL specified here, rather than to the login page.<br />
5. Click Save.<br />
Expiring Passwords<br />
To expire passwords for all users, except those with the “Password Never Expires” permission:<br />
1. From Setup, click Security Controls > Expire All Passwords.<br />
2. Select Expire all user passwords .<br />
3. Click Save.<br />
The next time each user logs in, he or she will be prompted to reset his or her password.<br />
Tips on Expiring Passwords<br />
Consider the following when expiring passwords:<br />
• After you expire passwords, users might need to activate their computers to successfully log<br />
in to Salesforce.<br />
• You can expire passwords for all users any time you want to enforce extra <strong>security</strong> for your<br />
organization.<br />
• Expire all user passwords does not affect Self-Service portal users, because they<br />
are not direct Salesforce users.<br />
EDITIONS<br />
Available in:<br />
• Professional<br />
• Enterprise<br />
• Performance<br />
• Unlimited<br />
• Developer<br />
• Database.com<br />
USER PERMISSIONS<br />
To expire all passwords:<br />
• “Manage Internal Users”<br />
Restricting Login To Trusted IP Ranges for Your Organization<br />
Note:<br />
Who Sees What: Organization Access<br />
Watch how you can restrict login through IP ranges and login hours.<br />
EDITIONS<br />
Available in all editions<br />
To help protect your organization’s data from unauthorized access, you can specify a list of IP<br />
addresses from which users can log in without receiving a login challenge:<br />
1. From Setup, click Security Controls > Network Access.<br />
2. Click New.<br />
3. Enter a valid IP address in the Start IP Address field and a higher IP address in the<br />
End IP Address field.<br />
The start and end addresses define the range of allowable IP addresses from which users can<br />
log in. If you want to allow logins from a single IP address, enter the same address in both fields.<br />
For example, to allow logins from only 125.12.3.0, enter 125.12.3.0 as both the start and end addresses.<br />
USER PERMISSIONS<br />
To view network access:<br />
• “Login Challenge<br />
Enabled”<br />
To change network access:<br />
• “Manage IP Addresses”<br />
The start and end IP addresses in an IPv4 range must include no more than 33,554,432 addresses (2 25 , a /7 CIDR block). For example,<br />
the following ranges are valid:<br />
• 0.0.0.0 to 1.255.255.255<br />
• 132.0.0.0 to 132.255.255.255<br />
• 132.0.0.0 to 133.255.255.255<br />
81