¶ Set Up
The Setup screen is your one-stop shop for all settings and configurations for your org. To access the Set Up screen, click the Gear/Cog icon next to your profile icon at the top-right and click "Advanced Setup".
¶ Security
Salesforce manages security in several ways:
¶ Login password policies
This refers to the use of a username and password to restrict authentication. Both Password Change Frequency and Multifactor Authentication (MFA) need to be configured for login password policies. MFA means using multiple verification methods to confirm a user identity. This could inclue a confirmation email of an SMS text message to the users phone.
¶ Object and Field level security
This defines security at the Salesforce data level, meaning permissions of Salesforce data objects.
- Object Level Security defines who has permissions to general Salesforce objects in your organization (Example: Contacts or Accounts)
- Record Level Sharing defines who has permissions to individual records or rows (Example: A specific Contact or Account)
- Field Level Security defines who has permissions to individual fields within a record (Example: The Annual Revenue field within each Account)
¶ User configuration via profiles
Each user has 1 Profile. A profile is a configuration of Object Level Securities and Field Level Securities (Not Record Level Sharing) for a specific user. The profile can also determine what app capabilities the user has on Salesforce as a whole (such as if they can create reports or not).
¶ Permission sets, permission set groups
Permission Sets may be applied to many users and each user can have multiple permission sets assigned to them. Think of a Permission Set as a group. All those who are part of the group share the same permissions and each user can be a part of multiple groups. Don't confuse this with Permission Set Groups however which bundle persmission sets together.
¶ Login Access Policies
Onc concept of Salesforce Security configuration is Login Policies. There are generally two configurations for this.
- Administrators Can Log in as Any User — This allows those with the System Administrator profile to log in as a different user. This is great for debugging permissions.
- Saleforce Support — This allows Salesforce Support the ability to log in as a user in your org to help support an issue that you are having.
¶ Network Access
This area allows you to configure which IP address ranges can log into your org. This allows you to restrict your Salesforce org to geographical regions, enforcing your users to log in only in specific areas. Note that if the range is large enough, VPN's could be used to spoof this.
¶ Password Policies
Password Policies include several controls for how complex passwords need to be, when they expire, number of login attempts, and more.
- User password expire in - How long until a new password must be created
- Enforce password history - How many different passwords must be used before the user can use a previous password
- Password question requirement - Whether or not the user can use their password in the "password question".
- Obscure secret answer for password resets - Whether or not the answer field for the password question is a text field or password field.
- Require a minimum 1 day password lifetime - Prevents passwords from changing more than once per day.
- Allow use of setPassword() API for self-resets - Whether or not to allow password resets programatically via a 3rd party application.
¶ Session Settings
When someone logs in, they start a User Session which is basically timed access to their Salesforce portal. This Session Settings tab can control everything from how long a session can last, to how caching is handled, as well as their identity verification. Some notable settings:
- Enforce login IP ranges on every request — this will check the IP address of the user on EVERY single request. Meaning if they go to a different page or refresh their current one, Salesforce will check their IP location every time and compare it to your Network Access settings.
¶ View Setup Audit Trail
This is where you will find recent Salesforce activity that has occurred in your org. It shows what happened, when it happened, and by which user.
¶ Example Configurations
¶ Set Login Hours on a User Profile
One thing you may want to configure is when a user can log into your Salesforce app. Maybe a Log-In at 3am in your time zone would look suspicious. To do this:
- Go to Users → Profiles
- Look for a User Profile to edit permissions for (In this case, Standard User may make the most sense), and click the profile name. Edit shows a different screen.
- Scroll down to the bottom, just below the Password Policies, and find the Login Hours section. Click Edit. This brings you to the Login Hours page where you can set times for each days.
You can also restrict login's by IP ranges as well. This section is just below the Login Hours section.
¶ Currencies
- Every organization uses a corporate currency which reflects the currency of corporate headquarters.
- Multiple currencies must be enabled if the business is supporting them, but only Active currencies are those that the organization is managing. If the currency is not active, it cannot be used for conversion with the coporate currency.
- Advanced Currency Management allows for the use of dated exchange rates. Without enabling this, the currency rates will always be staic or "remain in place".
- If you are wanting to ensure that exchange rates are always up-to-date, you may consider using a Third Party Service to allow dynamic exchange rates when needed. Ince these services are not managed by Salesforce, the drawback is that you'll have to upkeep the extensions yourself.