+ Start a Discussion

Identity Verification Feature: What Is Being Authenticated

Trying to figure out a customer situation where the Salesforce.com identity confirmation feature is going haywire.
When a user gets the message requiring him to validate the machine that he is logging in from, what is Salesforce.com actually looking at?
Is it saying the following? "User X is trying to log in from an IP address that has not been authenticated for User X?"  Or is there something deeper going like looking at the MAC address of the network card or something like that?
If Salesforce is just looking at the IP address, then would I be correct in assuming that when a user's Cable or DSL company assigns them a new IP address via DHCP, that the user will have to 'authenticate their machine' again?
The actual issue at hand is that the agents are using an SSL VPN from home.  The SSL VPN doesn't assign their home machine a new IP address, it seems to route the traffic through the SSL VPN machine some other way.  Would whitelisting the external facing IP of the SSL VPN box do the trick?
Thanks for any help
Salesforce is looking at the IP address.  Yes, ISPs who assign addresses with DHCP will give them new IP addresses every time.

If your agents are using a VPN then they will appear to Salesforce to be coming from their VPN-assigned IP, so if you whitelist that IP range you should be good.
But slso, once a particular browser has been activated, it shouldn't prompt for activation again, even if the IP address does change. Do you have some security setup that deletes cookies on exit of the browser ?
Werewolf, Simon:

Thanks for the reply.


I've dug in a little more and here is the scenario that is confusing the users:


1. Agent connects to Salesforce.com from home through their regular DSL/Cable provider.

2. Salesforce sees unknown IP address and prompts for verification.

3. Agent clicks the Verification button.

4. Agent starts SSL VPN and goes to the corporate web mail to retrieve the Activation email. 

5. Agent clicks Activation link and activation fails because the IP address that is being validated is not the same IP address making the request (request is being proxied through the SSL VPN).


Result: Supremely confused user.  The user doesn't know anything about IP addresses, they just think they are 'validating their machine' with Salesforce and can't understand why it won't work.


Anyway, I'm going to have to chalk this one up as a training issue.  No other way around it that I can see. 


Thanks again.

Message Edited by virago81 on 06-13-2008 12:52 PM