Salesforce Security Guide

Salesforce Security Guide
Salesforce Security Basics
Authenticate Users
Elements of User Authentication
Configure User Authentication
Restrict Where and When Users Can Log In to Salesforce
Restrict Login IP Ranges in the Enhanced Profile User Interface
Restrict Login IP Addresses in the Original Profile User Interface
View and Edit Login Hours in the Enhanced Profile User Interface
View and Edit Login Hours in the Original Profile User Interface
Set Trusted IP Ranges for Your Organization
Set Password Policies
Expire Passwords for All Users
Modify Session Security Settings
Configure Identity Verification Settings for Users
Require High-Assurance Session Security for Sensitive Operations
Create a Login Flow
Set Up a Login Flow and Connect to Profiles
Login Flow Examples
Set Up Two-Factor Authentication
Deploy Third-Party, SMS-Based Two-Factor Authentication
Limit the Number of Concurrent Sessions with Login Flows
Connected Apps
Give Users Access to Data
Share Objects and Fields
Strengthen Your Data's Security with Shield Platform Encryption
Monitoring Your Organization’s Security
Real-Time Event Monitoring
Security Guidelines for Apex and Visualforce Development
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Set Trusted IP Ranges for Your Organization

Trusted IP Ranges define a list of IP addresses from which users can log in without receiving a login challenge for verification of their identity, such as a code sent to their mobile phone.
Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
Available in: All Editions

User Permissions Needed
To change network access: Manage IP Addresses

Watch Video Demo Who Sees What: Organization Access (English only)

Watch how you can restrict login through IP ranges and login hours.

Note

To help protect your organization’s data from unauthorized access, you can specify a list of IP addresses from which users can log in without receiving a login challenge. However, this does not restrict access, entirely, for users outside of the Trusted IP Range. After these users complete the login challenge (usually by entering a code sent to their mobile device or email address), they can log in.

  1. From Setup, enter Network Access in the Quick Find box, then select Network Access.
  2. Click New.
  3. Enter a valid IP address in the Start IP Address field and a higher IP address in the End IP Address field.

    The start and end addresses define the range of allowable IP addresses from which users can log in, including the start and end values. If you want to allow logins from a single IP address, enter the same address in both fields.

    The start and end IP addresses must be in an IPv4 range and include no more than 33,554,432 addresses (225, a /7 CIDR block).

  4. Optionally, enter a description for the range. For example, if you maintain multiple ranges, enter details about the part of your network that corresponds to this range.
  5. Click Save.

For organizations that were activated before December 2007, Salesforce automatically populated your organization’s trusted IP address list in December 2007, when this feature was introduced. The IP addresses from which trusted users had already accessed Salesforce during the past six months were added.

Note