Table of Contents
In layman’s terms, the organization-level security controls who can access the org, from where, and when. The org-level security settings form the broadest and the most accessible security configuration that can be performed on the org. It includes setting password policies, limiting IP addresses, and the times at which Users can log in, to name a few.
We’ll be covering the following areas:
- Managing Users
- Setting Password Policies
- Specifying Trusted IP Ranges
- Restricting Login Access by IP Address (Using Profiles)
- Restricting the Times at which a User can log in
1. Managing Users
Every Salesforce User is assigned a single profile, a username, and a password. The profile, along with other settings, determines what tasks can be carried out by the User, the data that they can access, and what they can do with the data in the org.
To view and manage users:
Open Setup, type Users within the Quick Find Box, and thereafter click Users.
A. Create Users
Let’s start with the basics. We will create a new User in just a few steps.
1. Open Setup, type Users within the Quick Find Box, and thereafter select Users.
2. Click New User. Also, you can click Add Multiple Users ( to add a maximum of 10 Users at a time).
3. Enter the following:
- User’s Name
- Unique Username (which should have the same format as an email address. By default, Salesforce assigns the username with the value of the entered email address)
4. Select the User license the User will have from the dropdown menu for User Licence. The user license determines the profiles available to the User.
5. Select a profile for the User from the dropdown menu, Profile. The profile determines the User’s base permission and access settings.
6. Select the checkbox, Generate a new password and notify the User immediately.
7. Click Save.
B. Deactivate a User
Salesforce permits us to deactivate Users but not delete them. Deactivating a User prevents the User from logging in and accessing any records. This comprises all records that were shared with them individually and as team members. Despite this, the records will still be available in the org, and we can still transfer these records to other Users.
Follow these steps to deactivate a User that you don’t want accessing the org anymore:
1. From Setup, search for Users in the Quick Find Box and then select Users.
2. Select Edit next to the User you want to deactivate.
3. Deselect the checkbox, Active, to deactivate the User.
4. Click Save.
2. Set Password Policy
We can configure specific settings to ensure that our Users’ passwords remain safe and secure.
- Minimum password length
- Maximum invalid login attempts and lockout period
- Password complexity requirement
- User password expiration
Follow along to make some changes to your orgs Password Policies:
1. From Setup, enter Password in the Quick Find Box, and select Password Policies.
2. You can customize the Password Policies to your liking.
- How long should the password be valid?
- How long and complex should the password be?
- How many times can a User enter an invalid password until they’re locked out?
3. Click Save.
3. Specify Trusted IP Ranges for the Org
The very first time you get logged in to Salesforce, the browser you’re on caches the IP address you’re currently accessing Salesforce from. And at any time in the future, if you are logged in via a different IP address, you’ll be required to verify your identity.
This step can be circumvented by specifying Trusted IP Ranges.
For example, you need your Users’ to be able to get logged in without entering a verification code while in the office.
- From Setup, enter Network Access in the Quick Find Box, and select Network Access.
- Click New.
- Enter the Start IP Address, End IP Address, and Description.
- Click Save.
4. Restrict Login Access by IP Address Using Profiles
Every once in a while, you may be required to restrict the login access of certain groups of Users to the office. Let’s learn how to get that done:
- Open Setup,
- Type in Profiles within the Quick Find Box,
- Select Profiles.
- Select the Profile you need restricted.
- Click Login IP Ranges.
- Click Add IP Ranges.
- Enter the IP Start Address, IP End Address, and Description.
- Click Save.
5. Restrict Login Access by Time
Let’s say you want your customer service team to be allowed to access customer data only during their work hours of 9:00 am to 5:00 pm.
Salesforce enables us to restrict login access by time using profiles.
1. Open Setup, type Profiles within the Quick Find Box, and thereafter select Profiles.
2. Click on the Profile you need restricted.
3. Open Login Hours.
4. Click Edit.
5. Click Save once you’re done.