Newer Version Available
Transaction Security Policies
| Available in: Salesforce Classic and Lightning Experience |
| Available in: Enterprise, Performance,
Unlimited, and Developer Editions Requires purchasing Salesforce Shield or Salesforce Event Monitoring add-on subscriptions. |
When you enable Transaction Security for your org, two policies are created.
- Concurrent User Session Limit policy to limit concurrent login sessions. The policy
is triggered in two ways.
- A user with five current sessions tries to log in for a sixth session.
- An administrator who is already logged in tries to log in a second time.
- Lead Data Export policy to block excessive data downloads of leads. The policy is
triggered when a download either:
- Retrieves more than 2,000 lead records
- Takes more than one second to complete
The policies’ corresponding Apex classes (ConcurrentSessionsPolicyCondition and DataLoaderLeadExportCondition) are also created in the org. An administrator can enable the policies immediately or edit the Apex classes to customize them.
For example, suppose that you activate the Concurrent User Session Limit policy to limit the number of concurrent sessions per user. In addition, you change the policy to notify you via email when the policy is triggered. You also update the policy’s Apex implementation to limit users to three sessions instead of the default five sessions. (That’s easier than it sounds.) Later, someone with three login sessions tries to create a fourth. The policy prevents that and requires ending one of the existing sessions before proceeding with the new session. At the same time, you are notified that the policy was triggered.
The Transaction Security architecture uses the Security Policy Engine to analyze events and determine the necessary actions.
A transaction security policy consists of events, notifications, and actions. For example, when a user tries to export Account data, you can block the operation and get notified by email.