Wednesday, May 18, 2016

Salesforce Verification Code

To help protect your organization’s data from unauthorized access, Salesforce by default implement identify verification code. When you login to Salesforce from unknown network, or from new computer / device, or with new browser, or just clean your web browser cache. Salesforce will send you verification code via  mobile SMS or via email, if you do not add mobile number to user user profile.

But, can we skip this verification code? Yes by adding Trusted IP ranges, users in IP ranges can log in without receiving a login challenge for verification of their identity.

Adding trusted IP Ranges (you define a list of IP addresses) to Network Access 
Navigate to Setup | Security Controls | Network Access
This setting will be applicable for the whole users in the org.

Another security measure is to white-list only range of valid IP addresses from which users can log in to Salesforce. User login from IP Addresses not in IP ranges defined will be restricted to access Salesforce. To setup this restriction, navigate to Setup | Manage Users | Profiles - select a profile and scroll down to Login IP Ranges. When user login from this IP ranges, they will not get verification code as well.
This setting will be applicable for all users in the Profile.

In summary:

Network Access (available for all editions)
  • Setting trusted IP ranges under Setup | Security Controls | Network Access opens access to users accessing Salesforce from the trusted IP addresses. Users will not be challenged with the 5-digit verification code to authenticate the IP address from where they are logging in. All the customer apps and integration will not need the security token.
  • These can only be added or removed by a system administrator. Removing them from the Network Access will not revoke access from these IP addresses.

Profile-Based IP Restrictions (Available in Enterprise, Unlimited, Developer)
  • You can set IP Restriction under each profile. This will restrict access, and users will only be able to log in from the IP addresses listed.
  • ​Users will not be able to access Salesforce from any IP that is not listed in the range. They will receive a Restricted IP error when logging in.
  • ​This setting is recommended for organizations with users who log in only using VPN or their public corporate network IP addresses.
  • ​Please make sure that all the IP ranges for your apps and integration are added as well.