Security Implementation Guide

Security Overview
Securing and Sharing Data
Configuring Salesforce Security Features
Setting Password Policies
Expiring Passwords
Set Trusted IP Ranges for Your Organization
Modify Session Security Settings
About Salesforce Two-Factor Authentication
Enabling Single Sign-On
Monitoring Your Organization's Security
Security Tips for Apex and Visualforce Development
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Set Trusted IP Ranges for Your Organization

Trusted IP Ranges define a list of IP addresses from which users can log in without receiving a login challenge for verification of their identity, such as a code sent to their mobile phone.
Available in: All Editions

User Permissions Needed
To view network access: “Login Challenge Enabled”
To change network access: “Manage IP Addresses”

Watch Video Demo Who Sees What: Organization Access

Watch how you can restrict login through IP ranges and login hours.

Note

To help protect your organization’s data from unauthorized access, you can specify a list of IP addresses from which users can log in without receiving a login challenge. However, this does not restrict access, entirely, for users outside of the Trusted IP Range. After these users complete the login challenge (usually by entering a code sent to their mobile device or email address), they can log in.

  1. From Setup, click Security Controls | Network Access.
  2. Click New.
  3. Enter a valid IP address in the Start IP Address field and a higher IP address in the End IP Address field.

    The start and end addresses define the range of allowable IP addresses from which users can log in, including the start and end values. If you want to allow logins from a single IP address, enter the same address in both fields. For example, to allow logins from only 125.12.3.0, enter 125.12.3.0 as both the start and end addresses.

    The start and end IP addresses in an IPv4 range must include no more than 33,554,432 addresses (225, a /7 CIDR block).

    The start and end IP addresses in an IPv6 range must include no more than 79,228,162,514,264,337,593,543,950,336 addresses (296, a /32 CIDR block).

  4. Optionally, enter a description for the range. For example, if you maintain multiple ranges, enter details about the part of your network that corresponds to this range.
  5. Click Save.

For organizations that were activated before December 2007, Salesforce automatically populated your organization’s trusted IP address list in December 2007, when this feature was introduced. The IP addresses from which trusted users had already accessed Salesforce during the past six months were added.

Note

Both IP addresses in a range must be either IPv4 or IPv6. You can set up IPv6 addresses in all production organizations. For sandbox organizations, IPv6 is only enabled for login from the Spring ’12 release and later.

Note