Metadata API Developer Guide

Getting Started
Using Metadata API
Reference
File-Based Calls
CRUD-Based Calls
Utility Calls
Result Objects
Metadata Types
Metadata Components and Types
Unsupported Metadata Types
Special Behavior in Metadata API Deployments
ActionLinkGroupTemplate
AnalyticSnapshot
ArticleType
ApexClass
ApexComponent
ApexPage
ApexTestSuite
ApexTrigger
AppMenu
ApprovalProcess
AssignmentRules
AuraDefinitionBundle
AuthProvider
AutoResponseRules
Bot
BotVersion
BrandingSet
CallCenter
CampaignInfluenceModel
CaseSubjectParticle
Certificate
ChatterExtension
CleanDataService
CMSConnectSource
Community (Zone)
CommunityTemplateDefinition
CommunityThemeDefinition
ConnectedApp
ContentAsset
CorsWhitelistOrigin
CspTrustedSite
CustomApplication
CustomApplicationComponent
CustomFeedFilter
CustomLabels
Custom Metadata Types (CustomObject)
CustomObject
CustomObjectTranslation
CustomPageWebLink
CustomPermission
CustomSite
CustomTab
CustomValue
Dashboard
DataCategoryGroup
DelegateGroup
Document
DuplicateRule
EclairGeoData
EmailServicesFunction
EmailTemplate
EmbeddedServiceBranding
EmbeddedServiceConfig
EmbeddedServiceFieldService
EmbeddedServiceLiveAgent
EntitlementProcess
EntitlementTemplate
EscalationRules
EventDelivery
EventSubscription
ExternalDataSource
ExternalServiceRegistration
FeatureParameterBoolean
FeatureParameterDate
FeatureParameterInteger
FlexiPage
Flow
FlowCategory
FlowDefinition
Folder
GlobalPicklist
GlobalPicklistValue
GlobalValueSet
GlobalValueSetTranslation
Group
HomePageComponent
HomePageLayout
InstalledPackage
KeywordList
Layout
Letterhead
LightningBolt
LightningComponentBundle
LiveChatAgentConfig
LiveChatButton
LiveChatDeployment
LiveChatSensitiveDataRule
ManagedTopics
MatchingRule
Metadata
MetadataWithContent
MilestoneType
MlDomain (Beta)
ModerationRule
NamedCredential
Network
NetworkBranding
Package
PathAssistant
PermissionSet
PlatformCachePartition
Portal
PostTemplate
Profile
ProfileActionOverride
ProfilePasswordPolicy
Queue
QuickAction
RemoteSiteSetting
Report
ReportType
Role
RoleOrTerritory
SamlSsoConfig
Scontrol
Settings
AccountSettings
ActivitiesSettings
AddressSettings
BusinessHoursSettings
CaseSettings
ChatterAnswersSettings
CompanySettings
ContractSettings
EntitlementSettings
FieldServiceSettings
FileUploadAndDownloadSecuritySettings
ForecastingSettings
IdeasSettings
KnowledgeSettings
LeadConvertSettings
LiveAgentSettings
MobileSettings
NameSettings
OpportunitySettings
OrderSettings
OrgPreferenceSettings
PathAssistantSettings
ProductSettings
ProfileSessionSetting
QuoteSettings
SearchSettings
SecuritySettings
SocialCustomerServiceSettings
Territory2Settings
SharedTo
SharingBaseRule
SharingRules
SharingSet
SiteDotCom
Skill
StandardValueSet
StandardValueSetTranslation
StaticResource
SynonymDictionary
Territory
Territory2
Territory2Model
Territory2Rule
Territory2Type
TopicsForObjects
TransactionSecurityPolicy
Translations
UserCriteria
WaveApplication
WaveDataflow
WaveDashboard
WaveDataset
WaveLens
WaveTemplateBundle
WaveXmd
Workflow
Headers
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

SecuritySettings

Represents an organization’s security settings. Security settings define trusted IP ranges for network access, password and login requirements, and session expiration and security settings.

In the package manifest, all organization settings metadata types are accessed using the “Settings” name. See Settings for more details.

Declarative Metadata File Suffix and Directory Location

SecuritySettings values are stored in a single file named Security.settings in the settings directory. The .settings files are different from other named components because there is only one settings file for each settings component.

SecuritySettings is no longer available in API versions 25.0 and 26.0.

Note

Version

Security settings are available in API version 27.0 and later.

Fields

Field Name Field Type Description
networkAccess NetworkAccess The trusted IP address ranges from which users can always log in without requiring computer activation.
passwordPolicies PasswordPolicies The requirements for passwords and logins, and assistance with retrieving forgotten passwords.
sessionSettings SessionSettings The settings for session expiration and security.

NetworkAccess

Represents your organization’s trusted IP address ranges for network access.

Field Field Type Description
ipRanges IpRange[] The trusted IP address ranges from which users can always log in without requiring computer activation.

In order to add an IP range, deploy all existing IP ranges, as well as the one you want to add. Otherwise, the existing IP ranges are replaced with the ones you deploy. To remove all the IP ranges in an organization, leave the networkAccess field blank (<networkAccess></networkAccess>).

Note

IpRange

Defines a range of trusted IP addresses for network access.

Field Field Type Description
description string The description of the trusted IP range. Use this field to identify the range, such as which corporate network corresponds to this range. This field is available in API version 34.0 and later.
end string The IP address that defines the high end of a range of trusted addresses.
start string The IP address that defines the low end of a range of trusted addresses.

PasswordPolicies

Represents your organization’s password and login policies.

Field Field Type Description
apiOnlyUserHomePageURL string The URL to which users with the “API Only User” permission are redirected instead of the login page.
complexity Complexity (enumeration of type string)
Required. The types of characters that must be used in a user’s password. Valid values are:
  • NoRestriction—Has no requirements and is the least secure option.
  • AlphaNumeric—The default setting. Requires at least one alphabetic character and one number. This value is the default value.
  • SpecialCharacters—Requires at least one alphabetic character, one number, and one of the following characters: ! # $ % - _ = + < >.
  • UpperLowerCaseNumeric—Requires at least one number, one uppercase letter, and one lowercase letter. This value is available in API version 31.0 and later.
  • UpperLowerCaseNumericSpecialCharacters—Requires at least one number, one uppercase letter, one lowercase letter, and one of the following characters: ! # $ % - _ = + < >. This value is available in API version 31.0 and later.
expiration Expiration (enumeration of type string)
Required. The length of time until a user password expires and must be changed. Valid values are:
  • Never
  • ThirtyDays
  • SixtyDays
  • NinetyDays. This value is the default value.
  • SixMonths
  • OneYear
minimumPasswordLifetime boolean Indicates whether a one-day minimum password lifetime is required (true) or not (false). This field is available in API version 31.0 and later.
historyRestriction string Required. The number of previous passwords saved for users so that they must always reset a new, unique password. Valid values are 0 through 24 passwords remembered. The maximum value of 24 applies to API version 31.0 and later. In earlier versions, the maximum value is 16. The default value is 3.
lockoutInterval LockoutInterval (enumeration of type string)
Required. The duration of the login lockout. Valid values are:
  • FifteenMinutes. This value is the default value.
  • ThirtyMinutes
  • SixtyMinutes
  • Forever (must be reset by admin)
maxLoginAttempts MaxLoginAttempts (enumeration of type string)
Required. The number of login failures allowed for a user before the user is locked out. Valid values are:
  • NoLimit
  • ThreeAttempts
  • FiveAttempts
  • TenAttempts. This value is the default value.
minimumPasswordLength string

Required. The minimum number of characters required for a password. Valid values are from 5 to 50. The default value is 8. This field is available in API version 35.0 and later.

Before API version 35.0, specify minimum password length with the enumeration minPasswordLength, with valid values FiveCharacters, EightCharacters (default), TenCharacters, TwelveCharacters (API version 31.0 and later), and FifteenCharacters (API version 34.0 and later).
obscureSecretAnswer boolean Hides the secret answer associated with a password (true) or not (false).

If your org uses the Microsoft Input Method Editor (IME) with the input mode set to Hiragana, when you type ASCII characters, they’re converted in to Japanese characters in normal text fields. However, the IME doesn’t work properly in fields with obscured text. If your org’s users cannot properly enter their passwords or other values after enabling this feature, disable the feature.

Note
passwordAssistanceMessage string The text that appears in the Account Lockout email and at the bottom of the Confirm Identity screen for users resetting their passwords.
passwordAssistanceURL string The URL that users can click to retrieve forgotten passwords.
questionRestriction QuestionRestriction (enumeration of type string)
Required. The restriction on whether the answer to the password hint question can contain the password itself. Valid values are:
  • None
  • DoesNotContainPassword. This value is the default value.

SessionSettings

Represents your organization’s session expiration and security settings.

Field Field Type Description
disableTimeoutWarning boolean Indicates whether the session timeout warning popup is disabled (true) or enabled (false).
enableCSPOnEmail boolean Indicates whether a content security policy is enabled for the email template. A content security policy helps prevent cross-site scripting attacks by whitelisting sources of images and other content.
enableCSRFOnGet boolean Indicates whether Cross-Site Request Forgery (CSRF) protection on GET requests on non-setup pages is enabled (true) or disabled (false).
enableCSRFOnPost boolean Indicates whether Cross-Site Request Forgery (CSRF) protection on POST requests on non-setup pages is enabled (true) or disabled (false).
enableCacheAndAutocomplete boolean Indicates whether the user’s browser is allowed to store user names and auto-fill the User Name field on the login page (true) or not (false).
enableClickjackNonsetupSFDC boolean Indicates whether clickjack protection for non-setup Salesforce pages is enabled (true) or disabled (false).
enableClickjackNonsetupUser boolean Indicates whether clickjack protection for customer Visualforce pages with standard headers turned on is enabled (true) or disabled (false).
enableClickjackNonsetupUserHeaderless boolean Indicates whether clickjack protection for customer Visualforce pages with standard headers turned off is enabled (true) or disabled (false). Available in API version 34.0 and later.
enableClickjackSetup boolean Indicates whether clickjack protection for setup pages is enabled (true) or disabled (false).
enableContentSniffingProtection boolean

Indicates if the browser is prevented from inferring the MIME type from the document content and from executing malicious files (JavaScript, Stylesheet) as dynamic content.

This field is available in API version 39.0 and later.
enablePostForSessions boolean Indicates whether cross-domain session information is exchanged using a POST request instead of a GET request, such as when a user is using a Visualforce page. In this context, POST requests are more secure than GET requests. Available in API version 31.0 and later.
enableSMSIdentity boolean Indicates whether users can receive a one-time PIN delivered via SMS (true) or not (false).
enableUpgradeInsecureRequests boolean

Indicates if HTTPS is required for connecting to third-party domains.

This setting is enabled by default on accounts created after the Summer ’17 release.

Note

This field is available in API version 42.0 and later.
enableXssProtection boolean

Indicates if protection against reflected cross-site scripting attacks is enabled. If a reflected cross-site scripting attack is detected and XSS protection is enabled, the browser shows a blank page with no content.

This field is available in API version 39.0 and later.
enforceIpRangesEveryRequest boolean If true, the IP addresses in Login IP Ranges are enforced when a user accesses Salesforce (on every page request), including access from a client application. If false, the IP addresses in Login IP Ranges are enforced only when a user logs in. This field affects all user profiles that have login IP restrictions. Available in API version 34.0 and later.
forceLogoutOnSessionTimeout boolean Indicates that when sessions time out for inactive users, current sessions become invalid. The browser refreshes and returns to the login page. To access the org, the user must log in again. Enabled (true) or not (false). Available in API version 31.0 and later.
forceRelogin boolean If true, an administrator that is logged in as another user is required to log in again to their original session, after logging out as the secondary user. If false, the administrator is not required to log in again.
hstsOnForcecomSites boolean Indicates whether Visualforce, Salesforce sites, or Communities must use HTTPS. This field is available in API version 41.0 and later.
identityConfirmationOnEmailChange boolean

Indicates if a user’s identity is confirmed when changing their email address, instead of requiring a relogin.

This field is available in API version 42.0 and later.
identityConfirmationOnTwoFactorRegistrationEnabled boolean

Indicates if users are required to confirm their identities to add a two-factor authentication method, such as Salesforce Authenticator, instead of requiring a relogin.

This field is available in API version 40.0 and later.
lockSessionsToDomain boolean Indicates whether the current UI session for a user, such as a community user, is associated with a specific domain. This check helps prevent unauthorized use of the session ID in another domain. The value is true by default for organizations created with the Spring ’15 release or later. Available in API version 33.0 and later.
lockSessionsToIp boolean Indicates whether user sessions are locked to the IP address from which the user logged in (true) or not (false).
logoutURL string The URL to which users are redirected when they log out of Salesforce. If no value is specified, the default is https://login.salesforce.com unless MyDomain is enabled. If My Domain is enabled, the default is https://customdomain.my.salesforce.com. Available in API version 34.0 and later.
redirectionWarning boolean Indicates whether users see an alert when they click a link in a Web Tab that redirects them outside the saleforce.com domain. Available in API version 42.0 and later.
referrerPolicy boolean Indicates whether the referrer header hides sensitive information that could be present in the full URL. If true, then the referrer header displays only salesforce.com. If false, then the header displays the entire URL. For a Visualforce user, if referrerPolicy is set to true, then the referrer header displays only force.com. If false, then the header displays the entire URL. Available in API version 42.0 and later.

When a request is made from a domain within salesforce.com or force.com, the referrer header displays the entire URL.

Note
requireHttpOnly boolean Sets the HttpOnly attribute on session cookies, making them inaccessible via JavaScript. If true, session ID cookie access is restricted. If false, access is not restricted.

If you have a custom or packaged application that uses JavaScript to access session ID cookies, your application breaks if requireHttpOnly is set to true, because the application can't access the cookie.

Note

This field is available in API version 40.0 and later.
requireHttps boolean

Determines whether HTTPS is required to log in to or access Salesforce. This option is enabled by default for security reasons. To change to HTTP, contact Salesforce Customer Support.

This field is available in API version 40.0 and later.
sessionTimeout SessionTimeout (enumeration of type string)
The length of time after which users without activity are prompted to log out or continue working. Valid values are:
  • FifteenMinutes
  • ThirtyMinutes
  • SixtyMinutes
  • TwoHours
  • FourHours
  • EightHours
  • TwelveHours

Declarative Metadata Sample Definition

The following is a sample security.settings metadata file.