• Solutions

    User Guidance Simplified!

    By Products

    Screenshot Guidance Platform

    For Individuals/Teams/Agency

    Guidance on any process without the need for video sharing.

    Knowledge Base Platform

    For SaaS Applications

    Self-serve application guidance for users no need for a support team

    Digital Adoption Platform

    For Enterprise Applications

    software training for employees - end to lengthy training sessions

    AI driven Application Support Platform

    For Individuals/Enterprises

    Self-serve training and support on enterprise software
  • Enterprise
  • Pricing
  • Resources
    Blog Webinars Navigate'23 - L&D summit
  • Login
  • Install Free Extension

Salesforce learning is made easy with our free Chrome extension!


Restrict Where and When Users Can Log In to Salesforce


  1. Salesforce checks whether the user’s profile has login hourrestrictions. If login hour restrictions are specified for the user’sprofile, any login outside the specified hours is denied.
  2. If the user has the “Two-Factor Authentication for User InterfaceLogins” permission, Salesforce prompts the user for a second form ofauthentication upon logging in. If the user’s account isn’t alreadyconnected to a mobile authenticator app such as Salesforce Authenticator,Salesforce first prompts the user to connect the app.
  3. If the user has the “Two-Factor Authentication for API Logins”permission and has connected an authenticator app to the account, Salesforcereturns an error if the user uses the standard security token. The user hasto enter a verification code (time-based one-time password) generated by theauthenticator app instead.
  4. Salesforce then checks whether the user’s profile has IP addressrestrictions. If IP address restrictions are defined for the user’sprofile, logins from an undesignated IP address are denied, and logins froma specified IP address are allowed. If the Enforce login IP ranges on every request session setting is enabled, the IPaddress restrictions are enforced for each page request, including requestsfrom client applications.
  5. If profile-based IP address restrictions are not set, Salesforce checkswhether the user is logging in from a device used to access Salesforce before.If the user’s login is from a device and browser that Salesforce recognizes, the login is allowed.If the user’s login is from an IP address in your org’s trusted IP address list, the login is allowed.If the user’s login is not from a trusted IP address or a device and browser Salesforce recognizes, the login is blocked.
  6. If the user’s login is from a device and browser that Salesforce recognizes, the login is allowed.
  7. If the user’s login is from an IP address in your org’s trusted IP address list, the login is allowed.
  8. If the user’s login is not from a trusted IP address or a device and browser Salesforce recognizes, the login is blocked.

Was this helpful?

Related Questions

  • Single Logout
  • Configure OpenID Connect Settings for Single Logout Where SalesforceIs the OpenID Connect Provider
naviagate23
X
Subscribe Our Newsletters

We will send you Saleforce tips and updates on every Tuesday!
Gyde Logo

Simplifying Digital Adoption

Resources

  • Knowledge Base
  • Public Guide Collection
  • SuccessFactor Gyde
  • Salesforce Gyde
  • Sales Navigator Gyde
  • Navigate - L&D summit
  • GydeBites L&D Podcast

About

  • About Us
  • Careers
  • Contact Us
  • Privacy Policy
  • Cookie Policy
  • Terms and Conditions

Follow Us

x icon

SOC 2 TYPE II Certified

ISO 27001 Certified

GDPR Certified

CCPA Certified

NASSCOM logo Startup India logo AWS Activate logo

Product of DAI Labs Private Limited © 2024 All Rights Reserved

Gyde Platform 30 minutes Demo