As you have mentioned you need to give access,
Please add the users to groups based on some condition using process builder.
Please change the entry criteria accordingly, the example is to add all the new users to public group.
I have been asked by our security manager to set the following;
- Lockout threshold = 10 invalid login attempts
- Lockout Duration = 15 minutes
- Reset invalid counter after = 5 minutes
Does that make sense.
How can I give them access to change the record type without having to change the page layout?
May I know you are logged in into both org that is your personal and work account from the same browser?
I want one Profile A to be able to log as all the users in Profile B.
I tried to create delegated groups and enable the group Login Access. The users in the Profile A still did not have login access. When I checked "Modify All Data" on Profile A, and they were able to log in as any user in any profile. I don't want to keep the modify all data check off.
Is there another way we can accomplish this. I have also enabled "Administrators Can Log In as Any user" option too.
Does anyone have experience of masking sensitive data in a sandbox?
Our organisation holds lots of sensitive data, specifically in the Account/Contact objects. We alos use multi sandboxes for development, and as a security step, would like to mask (de-sensitise) selected fields once we have refreshed our sandboxes from production. This refresh task would likely take place at regular intervals.
On doing a few web searches, I can't find as much info on this type of work as I would have expected. The only two solutions I can see at the moment are :
- Informatica Cloud data masking
Any advice/guidance greatly appreciated, thanks.
Set the wrong IP address on the System Administrator Profile and now all the System Administrators are locked out - any suggestions?
We've opened a case with Salesforce in the hope that they can help, but I thought I'd see if anyone else has made a similar mistake before and, if so, has any suggestions on how to handle it?
Any advice would be very welcome!
I understand that Identity Verification when enabled requires Salesforce users to verify their identity via Text or Email when logging in from an unrecognized browser or device.
I'm wondering if it is possible to require a user to verify their identity every time they login, regardless of whether they have previously logged in from a particular device or browser before?
All the documentation I've been able to find has only referenced verification from unrecognized browsers, etc.
Thank in advance!
What you can do as an admin is create a permission set, and then under system permissions, choose the appropriate 2-Factor authentication preferences you want. This trailhead (https://trailhead.salesforce.com/en/modules/identity_login/units/identity_login_2fa)walked me through it really well.
I do know that even though you can select on the Salesforce Authenticator app, "Always Verify from here" (which should ideally mean no more 2-factor authentication from that certain location), it still always asks me to verify from locations where I've selected that option. So that might do exactly what you're looking for here in requiring that users authenticate even if it is a required browser.
I hope that answers your question!
-T. Kruse Collins
It just means that a user profile with API enabled access can make API requests to your Salesforce org. If this permission is not enabled then they won't be able to make API requests to your instance. When I say API request it basically means accessing the data in your org through a backend mechanism.
If this permission is not enabled then these users won't be able to hit or fetch your data through any of the backend mechanisms. They can still login through the standard interface.
I hope that answers your question !