Salesforce Data Security and Access – Part 3 (Login IP Ranges and Trusted IP Ranges)

On By Ayushi Tiwari

HELLO Salesforce Thinkers, In our previous blog we learned about Salesforce Data Security and Access – Part 2 (Two-Factor Authentication) In this blog we are going to learn about “Login IP Ranges and Trusted IP Ranges“. We will continue our learning journey by a series of blogs to go deeper and understand the Salesforce Data Security Model, Visibility and Access.

Salesforce give additional security when a user wants to login. Let’s understand IP Ranges. We can define two types of IP ranges in Salesforce.

  1. Login IP Ranges
  2. Trusted IP Ranges

First we need to understand the process when a user logging in via a web browser.

The below diagram describes the process.

Login IP Ranges:

We can specify the range of IP address through which users can log in to the organisation. Login attempts from outside of the IP addresses will be restricted. A Range of allowed IP addresses can be specified on a user’s profile so that a login from any other IP address is denied and logins from a specified IP address are allowed.

Note : We define Login IP Ranges for Profiles.

NAVIGATE TO :

Setup >> Profiles >> Login IP Ranges >>Enter the Starting and Ending IP addresses. Enter Description then click on Save.

This image has an empty alt attribute; its file name is login.png

2. Trusted IP Ranges: We can specify a list of Trusted IP addresses that applies to every user in the organization. Users will not receive a login challenge if they log in from an IP address in this list.

Trusted IP ranges are typically used to “whitelist” IPs at the organization level.

This image has an empty alt attribute; its file name is explanation-1.png

You can get rid of the verification code by specifying the Trusted IP Ranges. Setting trusted IP range in salesforce will allow user to overcome login IP restrictions.

It helps us to protect our organization’s data from unauthorized access. we can specify a list of IP addresses from which users can log in without receiving a login challenge.

If users try to login from outside the trusted IP range, they are sent an activation code. Once the code is entered, they can access Salesforce.

Note : We can define Trusted IP Ranges at organization level.

NAVIGATE TO:

Setup >> Security Controls >> Network Access >> New

Enter the Start and End IP Addresses. Click on Save.

This image has an empty alt attribute; its file name is ranges.png

Note:

Profile login IP ranges are enforced before trusted IPs are considered.

We can further restrict access to Salesforce to only those IPs in Login IP Ranges.

To enable this option,

Go to Setup >> Enter Session Settings in the Quick Find box >> Session Settings >> then select ” Enforce login IP ranges on every request.

This option affects all user profiles that have login IP restrictions.

Thank you for reading this blog, Hope it is helpful.

Leave a comment