1. From Setup, enter Transaction Security in theQuick Find box, select TransactionSecurity, and then click New in Transaction Security Policies.
2. Enter the basic information fields for your new policy.For clarity and easier maintenance, use similar names for the API and the policy. This name can contain only underscores and alphanumeric characters, and must be unique in your org. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores.Event Type—Determines the available actions. It can be one of the following:Login—A user login. Login lets you set anycombination of notifications, plus these actions:Block access completelyContinue, but require two-factor authenticationContinue, but require the end of a current login sessionEntity—An object type. Select a specific resourceand the type of notifications desired. The Freeze User action isavailable for Chatter resources.Data Export—Notifies you when the selected objecttype has been exported. Available object types are Account,Case, Contact, Lead, and Opportunity. To trigger a policy, theexport must be done using a default report type from the Reporttab or with an API client like Data Loader or Workbench.Note You can’t create a Data Export event policy for joined reports, historical reports, or custom report types.AccessResource—Notifies you when the selectedresource has been accessed. You can block access or requiretwo-factor authentication before access is allowed.Note AccessResource event policies don't trigger when Dashboard Subscriptions send an email. These policies still trigger when users access resources directly from a dashboard.Notifications—You can select all, some, or no notification methods for each policy.Recipient—Must be an active user assigned the System Administrator profile.Real-time Actions—Specifies what to do when the policy is triggered. The actions available vary depending on the event type. For login and resource events, you can also block the action or require a higher level of access control with two-factor authentication. For Chatter events, you can freeze the user or block the post. For Login events, you can require ending an existing session before continuing with the current session. You can set the default action for ending a session to always close the oldest session.Important If you create a policy requiring the two-factor authentication action, provide your users a way to get a time-based, one-time password. This password is their second authentication factor. Otherwise, if your users encounter a situation that requires a second authentication factor, they can’t finish their task, such as logging in or running a report.You can use an existing class for Apex Policy or select Generate Apex to have a default policy class created that implements the TxnSecurity.PolicyCondition interface. You can also write your own policy to take advantage of any customizations you’ve made to your org.The user selected for Execute Policy As must have the System Administrator profile.
3. For clarity and easier maintenance, use similar names for the API and the policy. This name can contain only underscores and alphanumeric characters, and must be unique in your org. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores.
4. Event Type—Determines the available actions. It can be one of the following:Login—A user login. Login lets you set anycombination of notifications, plus these actions:Block access completelyContinue, but require two-factor authenticationContinue, but require the end of a current login sessionEntity—An object type. Select a specific resourceand the type of notifications desired. The Freeze User action isavailable for Chatter resources.Data Export—Notifies you when the selected objecttype has been exported. Available object types are Account,Case, Contact, Lead, and Opportunity. To trigger a policy, theexport must be done using a default report type from the Reporttab or with an API client like Data Loader or Workbench.Note You can’t create a Data Export event policy for joined reports, historical reports, or custom report types.AccessResource—Notifies you when the selectedresource has been accessed. You can block access or requiretwo-factor authentication before access is allowed.Note AccessResource event policies don't trigger when Dashboard Subscriptions send an email. These policies still trigger when users access resources directly from a dashboard.
5. Login—A user login. Login lets you set anycombination of notifications, plus these actions:Block access completelyContinue, but require two-factor authenticationContinue, but require the end of a current login session
6. Block access completely
7. Continue, but require two-factor authentication
8. Continue, but require the end of a current login session
9. Entity—An object type. Select a specific resourceand the type of notifications desired. The Freeze User action isavailable for Chatter resources.
10. Data Export—Notifies you when the selected objecttype has been exported. Available object types are Account,Case, Contact, Lead, and Opportunity. To trigger a policy, theexport must be done using a default report type from the Reporttab or with an API client like Data Loader or Workbench.Note You can’t create a Data Export event policy for joined reports, historical reports, or custom report types.
11. AccessResource—Notifies you when the selectedresource has been accessed. You can block access or requiretwo-factor authentication before access is allowed.Note AccessResource event policies don't trigger when Dashboard Subscriptions send an email. These policies still trigger when users access resources directly from a dashboard.
12. Notifications—You can select all, some, or no notification methods for each policy.
13. Recipient—Must be an active user assigned the System Administrator profile.
14. Real-time Actions—Specifies what to do when the policy is triggered. The actions available vary depending on the event type. For login and resource events, you can also block the action or require a higher level of access control with two-factor authentication. For Chatter events, you can freeze the user or block the post. For Login events, you can require ending an existing session before continuing with the current session. You can set the default action for ending a session to always close the oldest session.Important If you create a policy requiring the two-factor authentication action, provide your users a way to get a time-based, one-time password. This password is their second authentication factor. Otherwise, if your users encounter a situation that requires a second authentication factor, they can’t finish their task, such as logging in or running a report.
15. You can use an existing class for Apex Policy or select Generate Apex to have a default policy class created that implements the TxnSecurity.PolicyCondition interface. You can also write your own policy to take advantage of any customizations you’ve made to your org.
16. The user selected for Execute Policy As must have the System Administrator profile.
17. You can optionally create a condition for a specific property as part of the policy. For example, you can create a policy that’s triggered when a report or dashboard is accessed from a specific source IP. The source IP is the property you’re checking.The available properties depend on the event type selected.For example, with Login events, property changes that occurred within a given number of days or an exact match to a property value are available.
18. The available properties depend on the event type selected.
19. For example, with Login events, property changes that occurred within a given number of days or an exact match to a property value are available.
20. To enable a policy, select the policy’s checkbox. You can enable and disable policies according to your requirements.
21. Click Save.