Newer Version Available

This content describes an older version of this product. View Latest

Simple Policy Migration Example

Learn the basics of policy migration with this simple example.
Available in: Salesforce Classic and Lightning Experience
Available in: Enterprise, Unlimited, and Developer Editions

Requires Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.


Let’s start with the Apex code for a legacy transaction security policy that triggers when a user logs in with a specific IP address.

To mimic the legacy behavior in the new enhanced policy, we start by choosing LoginEvent, the event object that monitors logins. The legacy policy gets the user’s source IP by executing a SOQL query that selects the SourceIP field from the LoginHistory object. We could code a similar query in the enhanced policy, but let’s do something better: Directly use the SourceIP field of LoginEvent. More good news: You can use Condition Builder.

On the Condition Builder page where you specify the conditions, for Event, select Login Event. Then add a condition where Source IP equals 1.1.1.1. The Condition Builder page to specify actions and enable the policy is the same as the legacy UI.

Test your new enhanced policy before you enable it. When you’re ready to enable your new policy, disable existing policies on the same event type.

Tip

Condition Builder for simple example

If you prefer to use Apex, here’s the code for the enhanced policy.

In the Apex class, you implement the TxnSecurity.EventCondition interface. The evaluate() method takes a generic sObject parameter, but we guarantee it’s always one of the Real-Time Event Monitoring event objects. Cast the sObject to the appropriate event object, in this case, LoginEvent. Then use its SourceIp field to determine the IP address of the user logging in. The rest of the code is similar to the legacy policy code.