Salesforce Security Guide

Salesforce Security Guide
Salesforce Security Basics
Authenticate Users
Elements of User Authentication
Configure User Authentication
Restrict Where and When Users Can Log In to Salesforce
Set Password Policies
Expire Passwords for All Users
Modify Session Security Settings
Define Identity Verification Settings for Your Orgs and Experience Cloud Sites
Require High-Assurance Session Security for Sensitive Operations
Custom Login Flows
Set Up a Login Flow and Connect to Profiles
Login Flow Examples
Multi-Factor Authentication Customizations
Deploy Third-Party, SMS-Based Multi-Factor Authentication
Limit the Number of Concurrent Sessions with Login Flows
Connected Apps
Give Users Access to Data
Share Objects and Fields
Strengthen Your Data's Security with Shield Platform Encryption
Monitoring Your Organization’s Security
Real-Time Event Monitoring
Security Guidelines for Apex and Visualforce Development
API End-of-Life
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Require High-Assurance Session Security for Sensitive Operations

To secure different setup areas in your org, require a high-assurance level of security for sensitive operations, such as accessing reports and managing IP addresses. You can also block users from accessing these setup areas.
Available in: all editions

User Permissions Needed
To modify session security settings: Customize Application

These settings apply only to users who have user permissions to access these operations. If users have a high-assurance session after logging in, they aren’t prompted to verify their identity in the same session, even if you require high assurance for sensitive operations.

  1. In Setup, enter Identity in the Quick Find box, and then click Identity Verification.
  2. Under Session Security Level Policies, raise the session security level to high assurance, or block users.
    • Reports and Dashboards—Controls access to reports and dashboards. This setting is also available on the Reports and Dashboards Access Policies page. You can change this setting in either location.
    • Manage Encryption Keys—Controls access to the Platform Encryption page, the Certificate and Key Management Setup page, and the TenantSecret object.
    • Manage Auth. Providers—Controls access to the Auth. Providers page, the User Details Setup page, and the AuthProvider object.
    • Manage Certificates—Controls access to the Certificate and Key Management Setup page, Single Sign-On Settings Setup page, and the Certificate object.
    • Manage Connected Apps—Controls access to the Connected Apps Setup pages and the App Manager Setup page.
    • Manage Data Export—Controls access to the Data Export Setup page.
    • Manage IP Addresses—Controls access to the Network Access Setup page.
    • Manage Login Access Policies—Controls access to the Login Access Policies Setup page.
    • Manage Password Policies—Controls access to the Password Policies Setup page and profile details.
    • Manage Permission Sets and Profiles—Controls access to the Permission Sets and Profile Setup pages and related objects.
    • Manage Roles—Controls access to the Roles Setup page, the UserRole object, and the Role object in Metadata API.
    • Manage Sharing—Controls access to the Sharing Settings Setup page, the SharingRules object, and the CustomObject’s sharingModel field in Metadata API.
    • Manage Multi-Factor Authentication in API—Controls access to the VerificationHistory, TwoFactorInfo, and TwoFactorTempCode objects.
    • Manage Multi-Factor Authentication in User Interface—Controls access to the Identity Verification History Setup page and the VerificationHistory, TwoFactorInfo, and TwoFactorTempCode objects.
    • Manage Users—Controls access to the Users Setup page.
    • Unlock Users and Reset Passwords—Controls permission to reset passwords and unlock users on the Users Setup page.
    • View Health Check—Controls access to the Health Check Setup page.

    You can’t block users from accessing the setup areas controlled by the Manage Permission Sets and Profiles or Manage Users settings.

    Note