Sunday, May 19, 2013

Disable user login to Salesforce temporary

From Salesforce Community, from time to time, I see people asking questions for best-practice to disable user login to Salesforce temporary for major/change release in Salesforce within an organization.

Back to the real need, do we need to block user to login to Salesforce? YES and NO, depend on the changes, but if it is a YES.
Do we need to inactive user? a BIG NO. Why? Inactivate user will:
- Remove user from all delegated groups and sharing privileges
- Remove user from opportunity team of closed & open opportunity (optional)
- Remove user from account team (optional)
- Remove user from case team of predefined & ad-hoc (optional)
So, how to block user to login to Salesforce if not inactivated them?
Play with the User Profile. Here we go:

1. Create a dummy Profile
After profile created, scroll to 'Login Hours' related list and set Start Time and End Time to 12:00AM

2. Export user list and their profile id to CSV file
Use Data loader to export all Active User
Here is the SOQL:
Select u.Id, u.ProfileId from User u where u.isActive = True

3. Update Profile Id in CSV file with newly created dummy Profile Id
Save CSV file into new file name
Make sure your (admin) user id is not included

4. Mass update User Profile in Salesforce
Use Data loader to update it to User object using CSV file modified

5. Deploy your Salesforce major / change release

6. Update back User Profile Id in Salesforce using original CSV file 

When you do the changes, any user will not able to login to Salesforce. You will be able to track who is trying to login from Login History

But, before all downtime planned in action, you should communicate it with all of your users few days in advance.