Enforce login IP ranges on every request

On By Ayushi Tiwari

HELLO Salesforce Thinkers, In our previous blog we learned how to Add MORE THAN FOUR FIELDS TO RELATED LIST IN LIGHTNING EXPERIENCE in this blog we are going to learn about “Enforce login IP ranges on every request”.

The Enforce login IP ranges on every request restricts the IP addresses from which users can access Salesforce to only the IP addresses defined in “Login IP Ranges“. 

Salesforce give additional security when a user wants to login. Let’s first understand IP Ranges.

IP Ranges:- We can define two types of IP ranges in Salesforce.

1. Login IP Ranges

2. Trusted IP Ranges

Login IP Ranges: We can specify the range of IP address through which users can log in to the organisation. Login attempts from outside of the IP addresses will be restricted.

Note : We define Login IP Ranges for Profiles.

NAVIGATE TO :

Setup >> Profiles >> Login IP Ranges >>Enter the Starting and Ending IP addresses. Enter Description then click on Save.

2. Trusted IP Ranges: We can specify a list of Trusted IP addresses that applies to every user in the organization. Users will not receive a login challenge if they log in from an IP address in this list.

Note : We can define Trusted IP Ranges at organization level.

Navigate To:

Setup >> Security Controls >> Network Access >> New

Enter the Start and End IP Addresses. Click on Save.

This image has an empty alt attribute; its file name is trusted.png

Now we have understand about IP Ranges. Let’s look at what “Enforce login IP ranges on every request” does.

HOW TO ENABLE ENFORCE LOGIN IP RANGES ?

NAVIGATE TO :

Setup >> Administer >> Security Controls >> Session Settings.

and select “Enforce login IP ranges on every request” check-box, as shown in the below screenshot.

This image has an empty alt attribute; its file name is enforce.png

WHAT HAPPEN IF THIS SETTING ISN’T ENABLED?

If this setting isn’t enabled, login IP ranges are enforced only when a user logs in.

NOTES:

This setting affects all user profiles that have login IP restrictions.

This feature only works in conjunction with profile-based IP restrictions.

Example, a user logs in successfully from an IP address defined in Login IP Ranges. The user then moves to a different location and has a new IP address that is outside of Login IP Ranges. In this condition when the user tries to access Salesforce, his/her access can be denied when he/she makes any further request (perform CRUD Operation,refreshes the browser). And It brings the user to the login page.

Thank you for Reading, Hope It is helpful.

Leave a comment