Newer Version Available
Simple Policy Migration Example
| Available in: Salesforce Classic and Lightning Experience |
| Available in: Enterprise, Unlimited, and
Developer Editions Requires Salesforce Shield or Salesforce Event Monitoring add-on subscriptions. |
Let’s start with the Apex code for a legacy transaction security policy that triggers when a user logs in with a specific IP address.
To mimic the legacy behavior in the new enhanced policy, we start by choosing LoginEvent, the event object that monitors logins. The legacy policy gets the user’s source IP by executing a SOQL query that selects the SourceIP field from the LoginHistory object. We could code a similar query in the enhanced policy, but let’s do something better: Directly use the SourceIP field of LoginEvent. More good news: You can use Condition Builder.

If you prefer to use Apex, here’s the code for the enhanced policy.
In the Apex class, you implement the TxnSecurity.EventCondition interface. The evaluate() method takes a generic sObject parameter, but we guarantee it’s always one of the Real-Time Event Monitoring event objects. Cast the sObject to the appropriate event object, in this case, LoginEvent. Then use its SourceIp field to determine the IP address of the user logging in. The rest of the code is similar to the legacy policy code.