salesforce_security_impl_guide

More documents

Recommendations

Info

Configuring Salesforce Security Features Restricting Login To Trusted IP Ranges for Your Organization However, ranges like 0.0.0.0 to 2.255.255.255 or 132.0.0.0 to 134.0.0.0 are too large. The start and end IP addresses in an IPv6 range must include no more than 79,228,162,514,264,337,593,543,950,336 addresses (2 96 , a /32 CIDR block). For example, the following range is valid: 2001:8000:: to 2001:8000:ffff:ffff:ffff:ffff:ffff:ffff. However, ranges like :: to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff or 2001:8000:: to 2001:8001:: are too large. 4. Optionally, enter a description for the range. For example, if you maintain multiple ranges, enter details about the part of your network that corresponds to this range. 5. Click Save. Note: For organizations that were activated before December 2007, Salesforce automatically populated your organization’s trusted IP address list in December 2007, when this feature was introduced. The IP addresses from which trusted users had already accessed Salesforce during the past six months were added. Note: Both IP addresses in a range must be either IPv4 or IPv6. In ranges, IPv4 addresses exist in the IPv4-mapped IPv6 address space ::ffff:0:0 to ::ffff:ffff:ffff , where ::ffff:0:0 is 0.0.0.0 and ::ffff:ffff:ffff is 255.255.255.255. A range can’t include IP addresses inside of the IPv4-mapped IPv6 address space if it also includes IP addresses outside of the IPv4-mapped IPv6 address space. Ranges such as 255.255.255.255 to ::1:0:0:0 or :: to ::1:0:0:0 are not allowed. You can set up IPv6 addresses in all organizations, but IPv6 is only enabled for login in sandbox organizations from the Spring ’12 release and later. 82
Configuring Salesforce Security Features Setting Session Security Setting Session Security You can modify session security settings to specify connection type, timeout settings, and more. 1. From Setup, click Security Controls > Session Settings. 2. Customize the session security settings. Field Timeout value Disable session timeout warning popup Description Length of time after which the system logs out inactive users. For Portal users, the timeout is between 10 minutes and 12 hours even though you can only set it as low as 15 minutes. Select a value between 15 minutes and 12 hours. Choose a shorter timeout period if your organization has sensitive information and you want to enforce stricter security. Note: The last active session time value isn’t updated until halfway through the timeout period. That is, if you have a 30 minute timeout, the system won’t check for activity until 15 minutes have passed. For example, assume you have a 30 minute timeout value. If you update a record after 10 minutes, the last active session time value won’t be updated because there was no activity after 15 minutes. You’ll be logged out in 20 more minutes (30 minutes total) because the last active session time wasn’t updated. Suppose you update a record after 20 minutes. That’s five minutes after the last active session time is checked, so your timeout resets and you have another 30 minutes before being logged out, for a total of 50 minutes. Determines whether the system prompts inactive users with a timeout warning message. Users are prompted 30 seconds before timeout as specified by the Timeout value . EDITIONS The Login IP Ranges setting is available in: Personal, Contact Manager, Group, Professional, and Database.com Editions (Valid IP addresses can be set at the profile level for Enterprise, Performance, Unlimited, Developer, and Database.com Editions) The Lock sessions to the IP address from which they originated setting is available in: Enterprise, Performance, Unlimited, Developer, and Database.com Editions All other settings available in: Personal, Contact Manager, Group, Professional, Enterprise, Performance, Unlimited, Developer, and Database.com Editions USER PERMISSIONS To set session security: • “Customize Application” Force logout on session timeout Requires that when sessions time out for inactive users, current sessions become invalid. Browsers are automatically refreshed and return to the login page. To access the organization again when this occurs, users must log in again. Note: Do not select Disable session timeout warning popup when enabling this option. 83
Page 1 and 2:
Security Implementation Guide Versi
Page 3 and 4:
CONTENTS Chapter 1: Security Overvi
Page 5 and 6:
Contents Editing Lead Sharing Rules
Page 7 and 8:
CHAPTER 1 Security Overview Salesfo
Page 9 and 10:
Security Overview User Security Ove
Page 11 and 12:
Security Overview Custom Permission
Page 13 and 14:
Security Overview CAPTCHA Security
Page 15 and 16:
Security Overview Auditing • Role
Page 17 and 18:
Securing and Sharing Data Revoking
Page 19 and 20:
Securing and Sharing Data Viewing P
Page 21 and 22:
Securing and Sharing Data Cloning P
Page 23 and 24:
Securing and Sharing Data App and S
Page 25 and 26:
Securing and Sharing Data Working w
Page 27 and 28:
Securing and Sharing Data Enable Cu
Page 29 and 30:
Securing and Sharing Data Assigning
Page 31 and 32:
Securing and Sharing Data Creating
Page 33 and 34:
Securing and Sharing Data Editing P
Page 35 and 36:
Securing and Sharing Data Searching
Page 37 and 38: Securing and Sharing Data Enable Cu
Page 39 and 40: Securing and Sharing Data Object Pe
Page 41 and 42: Securing and Sharing Data Comparing
Page 43 and 44: Securing and Sharing Data Setting F
Page 45 and 46: Securing and Sharing Data Working w
Page 47 and 48: Securing and Sharing Data Setting L
Page 49 and 50: Securing and Sharing Data Restricti
Page 51 and 52: Securing and Sharing Data Managing
Page 53 and 54: Securing and Sharing Data External
Page 55 and 56: Securing and Sharing Data Disabling
Page 57 and 58: Securing and Sharing Data Creating
Page 67 and 68: Securing and Sharing Data Editing L
Page 69 and 70: Securing and Sharing Data Editing C
Page 71 and 72: Securing and Sharing Data Editing C
Page 73 and 74: Securing and Sharing Data Sharing R
Page 75 and 76: Securing and Sharing Data User Shar
Page 77 and 78: Securing and Sharing Data Sharing U
Page 81 and 82: Securing and Sharing Data Viewing A
Page 83 and 84: Securing and Sharing Data Granting
Page 85 and 86: Configuring Salesforce Security Fea
Page 87: Configuring Salesforce Security Fea
Page 95 and 96: CHAPTER 4 Enabling Single Sign-On S
Page 97 and 98: Enabling Single Sign-On • Before
Page 99 and 100: Monitoring Your Organization's Secu
Page 107 and 108: Security Tips for Apex and Visualfo
Page 113 and 114: INDEX A Access about 10 revoking 11
Page 115 and 116: Index Profiles (continued) object p
show all

salesforce_security_impl_guide

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?