Skip to main content

Restrict Login Hours and IP Ranges

Learning Objectives

In this project, you’ll:

  • Restrict when and where users can log in to an organization.
  • Determine the levels of access users have to objects.
  • Set up a data access model using the role hierarchy, sharing, and teams.
  • Control the levels of access users have to fields.

Introduction

The CEO of AW Computing, Jon Wiseman, has some security concerns. He wants to reduce the chances of unauthorized access to data housed in Salesforce.  

Not everyone in your organization should have the same level of access. Support users should only be able to log in during the company’s standard office hours, and only when connected to the company network. All other users should have 24/7 access and be able to log in on the company network and the VPN.

Jon has enlisted your awesome admin skills to help resolve this issue. In this project, you learn to secure your Salesforce organization by controlling exactly what data your users have access to within it. Organizational setup image, showing the Field nested inside the Record, which is nested inside the Object.

Throughout this project, we revisit this org chart to see how we can set access at each of these levels.

Create a New Trailhead Playground

For this project, you need to create a new Trailhead Playground. Scroll to the bottom of this page, click the playground name, then click Create Playground. It typically takes 3–4 minutes to create a new Trailhead Playground.

Note: Yes, we really mean a brand-new Trailhead playground! If you use an existing org or playground, you can run into problems completing the steps in this project.

Restrict Login Hours on the Support Profile

  1. Click the Setup gear Setup icon and select Setup.
  2. Enter Profiles in the Quick Find box, and select Profiles.
  3. Click Custom: Support Profile.
  4. Under Login Hours click Edit and set up the schedule.
    Note: Ensure the listed time is Pacific [Standard or Daylight] Time (America/Los_Angeles). If not, adjust the organization's time zone to Pacific Time (America/Los_Angeles) before adjusting the login hours: Setup > Company Information > Edit > Under Locale Settings, adjust the Default Time Zone to Pacific [Standard or Daylight] Time (America/Los_Angeles) > Save.

    Field

    Value

    Sunday

    12:00 AM to 12:00 AM

    Monday

    8:00 AM to 6:00 PM

    Tuesday

    8:00 AM to 6:00 PM

    Wednesday

    8:00 AM to 6:00 PM

    Thursday

    8:00 AM to 6:00 PM

    Friday

    8:00 AM to 6:00 PM

    Saturday

    12:00 AM to 12:00 AM

  1. Click Save.

Restrict the Login IP Range on the Custom: Support Profile

  1. Under Login IP Ranges, click New and enter the details. 

Login IP Ranges page in Salesforce.

  1. Enter these values:
    • Start IP Address: 0.0.0.0
    • End IP Address: 255.255.255.255
    • Description: San Diego
  1. Click Save.
Note

For the purpose of this step, we’re including all IP Ranges; however, in a real-life scenario, you would set a more realistic range. 

Now that you’ve restricted the login IP Range for users with the Support profile, move on to the next step, where you continue to enhance security in the AW Computing org by adding new users and setting their security levels using permission sets. 

Verify Step

+100 points

You’ll be completing this project in your own hands-on org. Click Launch to get started, or click the name of your org to choose a different one.

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback