Restrict Login Hours and IP Ranges
Learning Objectives
In this project, you’ll:
- Restrict when and where users can log in to an organization.
- Determine the levels of access users have to objects.
- Set up a data access model using the role hierarchy, sharing, and teams.
- Control the levels of access users have to fields.
Introduction
The CEO of AW Computing, Jon Wiseman, has some security concerns. He wants to reduce the chances of unauthorized access to data housed in Salesforce.
Not everyone in your organization should have the same level of access. Support users should only be able to log in during the company’s standard office hours, and only when connected to the company network. All other users should have 24/7 access and be able to log in on the company network and the VPN.
Jon has enlisted your awesome admin skills to help resolve this issue. In this project, you learn to secure your Salesforce organization by controlling exactly what data your users have access to within it.
Throughout this project, we revisit this org chart to see how we can set access at each of these levels.
Follow Along with Trail Together
Want to follow along with an expert as you work through this step? Take a look at this video, part of the Trail Together series.
Restrict Login Hours on the Support Profile
- Click the Setup gear and select Setup.
- Enter
Profiles
in the Quick Find box, and select Profiles.
- Click Custom: Support Profile.
- Under Login Hours click Edit and set up the schedule.
Note: Ensure the listed time is Pacific [Standard or Daylight] Time (America/Los_Angeles). If not, adjust the organization's time zone to Pacific Time (America/Los_Angeles) before adjusting the login hours: Setup >Company Information
> Edit > Under Locale Settings, adjust the Default Time Zone to Pacific [Standard or Daylight] Time (America/Los_Angeles) > Save.
Field
Value
Sunday
12:00 AM to 12:00 AM
Monday
8:00 AM to 6:00 PM
Tuesday
8:00 AM to 6:00 PM
Wednesday
8:00 AM to 6:00 PM
Thursday
8:00 AM to 6:00 PM
Friday
8:00 AM to 6:00 PM
Saturday
12:00 AM to 12:00 AM
- Click Save.
Restrict the Login IP Range on the Custom: Support Profile
- Under Login IP Ranges, click Add IP Ranges and enter the details.
- Enter these values:
- Start IP Address:
0.0.0.0
- End IP Address:
255.255.255.255
- Description:
San Diego
- Click Save.
Now that you’ve restricted the login IP Range for users with the Support profile, move on to the next step, where you continue to enhance security in the AW Computing org by adding new users and setting their security levels using permission sets.