Skip to main content
Build the future with Agentforce at TDX in San Francisco or on Salesforce+ on March 5–6. Register now.

Restrict Login Hours and IP Ranges

Learning Objectives

In this project, you’ll:

  • Restrict when and where users can log in to an organization.
  • Determine the levels of access users have to objects.
  • Set up a data access model using the role hierarchy, sharing, and teams.
  • Control the levels of access users have to fields.

Introduction

The CEO of AW Computing, Jon Wiseman, has some security concerns. He wants to reduce the chances of unauthorized access to data housed in Salesforce.  

Not everyone in your organization should have the same level of access. Support users should only be able to log in during the company’s standard office hours, and only when connected to the company network. All other users should have 24/7 access and be able to log in on the company network and the VPN.

Jon has enlisted your awesome admin skills to help resolve this issue. In this project, you learn to secure your Salesforce organization by controlling exactly what data your users have access to within it. Organizational setup image, showing the Field nested inside the Record, which is nested inside the Object.

Throughout this project, we revisit this org chart to see how we can set access at each of these levels.

Follow Along with Trail Together

Want to follow along with an expert as you work through this step? Take a look at this video, part of the Trail Together series.

Restrict Login Hours on the Support Profile

  1. Click the Setup gear Setup icon and select Setup.
  2. Enter Profiles in the Quick Find box, and select Profiles.
  3. Click Custom: Support Profile.
  4. Under Login Hours click Edit and set up the schedule.
    Note: Ensure the listed time is Pacific [Standard or Daylight] Time (America/Los_Angeles). If not, adjust the organization's time zone to Pacific Time (America/Los_Angeles) before adjusting the login hours: Setup > Company Information > Edit > Under Locale Settings, adjust the Default Time Zone to Pacific [Standard or Daylight] Time (America/Los_Angeles) > Save.

    Field

    Value

    Sunday

    12:00 AM to 12:00 AM

    Monday

    8:00 AM to 6:00 PM

    Tuesday

    8:00 AM to 6:00 PM

    Wednesday

    8:00 AM to 6:00 PM

    Thursday

    8:00 AM to 6:00 PM

    Friday

    8:00 AM to 6:00 PM

    Saturday

    12:00 AM to 12:00 AM

  1. Click Save.

Restrict the Login IP Range on the Custom: Support Profile

  1. Under Login IP Ranges, click Add IP Ranges and enter the details. 

Login IP Ranges page in Salesforce.

  1. Enter these values:
    • Start IP Address: 0.0.0.0
    • End IP Address: 255.255.255.255
    • Description: San Diego
  1. Click Save.
Note

For the purpose of this step, we’re including all IP Ranges; however, in a real-life scenario, you would set a more realistic range. 

Now that you’ve restricted the login IP Range for users with the Support profile, move on to the next step, where you continue to enhance security in the AW Computing org by adding new users and setting their security levels using permission sets. 

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback