New Security Feature: Identity ConfirmationTo further protect our customers from security threats stemming from phishing attempts, salesforce.com will be implementing "Identity Confirmation." This set of security features is triggered when users attempt to login to Salesforce from a different computer and from an unrecognized location for the first time. Attention Salesforce UsersYour administrator will notify you when these features are scheduled to take effect in your company. Once they do, you will need to take additional steps only if you log in to Salesforce from a different computer and from an unrecognized location. The exact steps will vary depending on whether you access Salesforce via a browser, via a desktop application (such as Outlook Edition, Apex Data Loader, or Office Edition) or via another API-based application. These steps are outlined below. To see this process in action, view the webinar.To access Salesforce via a browser, you can "activate" the computer with the following procedure:
1 In response to the error message, click the Send
Activation Link button to trigger an email message. Please note salesforce.com will never ask you
for your login credentials in an email.
2 Open the email message that contains the activation link. 3 Copy the link and paste it into the browser within 24 hours. A message confirms that the computer has been activated. 4 Once activation is complete, you can log in to Salesforce as usual. You will not have to activate that location or browser again. To access Salesforce via a desktop application or other API-based application, you must replace your current password with a combination of your password and a security token:
1 Log in to Salesforce via the browser to request your
security token.
2 Go to Setup -> My Personal Information -> Reset Security Token. 3 Click the Reset Security Token button to trigger an email which will contain your security token. 4 Select and copy the token from the email. 5 In the application, replace your password with combination of the password and the security token. For example, if your password is "MyPassword" and your security token is "XXXXXX", you would enter "MyPasswordXXXXXX" into the password field. Attention Salesforce AdministratorsOur goal is to minimize the impact of the Identity Confirmation features by allowing established patterns of usage to continue unchallenged, so that users who log in from a known, trusted IP address are not affected. To exempt your users from having to take additional steps to log in, you can define a list of trusted IP ranges in the application. To facilitate this process, salesforce.com will pre-populate such a list for your company once, based on an analysis of the last four months of your organization's login data. Users with an address within one of these ranges will not be required to activate their computers or use a security token.It will be your responsibility to update your list of trusted IP ranges by adding new ranges as needed. You should be prepared to answer questions from affected users when Identity Confirmation is implemented for your company. The steps below will prepare you to assist your users and to maintain your list of trusted IP ranges.
1 Important!
View the
Webinar to be prepared to answer your users' questions. You can also refer your users to the
Webinar.
2 Rollout will begin on November 26 (More detail forthcoming) to find out when Identity Confirmation will be implemented for your company. 3 Check the pre-populated list of trusted IP addresses for completeness and accuracy. 4 Maintain this list to ensure a smooth login experience for your users. To manage the list, go to Setup -> Administration Setup -> Security Controls -> Network Access 5 If you have additional questions, contact Salesforce.com Support.
Notes:
Users with profiles with login IP range restrictions will be exempt from these additional steps.
|
