Restrict Login Hours and IP Ranges

Learning Objectives

In this project, you’ll:

  • Restrict when and where users can log in to an organization.
  • Determine the levels of access users have to objects.
  • Set up a data access model using the role hierarchy, sharing, and teams.
  • Control the levels of access users have to fields.

Introduction

The CEO of AW Computing, Jon Wiseman, has some security concerns. He wants to reduce the chances of unauthorized access to data housed in Salesforce.  

Not everyone in your organization should have the same level of access. Support users should only be able to log in during the company’s standard office hours, and only when connected to the company network. All other users should have 24/7 access and be able to log in on the company network and the VPN.

Jon has enlisted your awesome admin skills to help resolve this issue. In this project, you learn to secure your Salesforce organization by controlling exactly what data your users have access to within it.    Organizational setup image, showing the Field nested inside the Record, which is nested inside the Object.

Throughout this project, we revisit this org chart to see how we can set access at each of these levels.

Restrict Login Hours on the Support Profile

  1. From Setup, enter Profiles in the Quick Find box, and select Profiles.
  2. Click Custom: Support Profile.
  3. Under Login Hours click Edit and set up the schedule.
    Field Value
    Sunday
    12:00 AM to 12:00 AM
    Monday
    8:00 AM to 6:00 PM
    Tuesday
    8:00 AM to 6:00 PM
    Wednesday
    8:00 AM to 6:00 PM
    Thursday
    8:00 AM to 6:00 PM
    Friday
    8:00 AM to 6:00 PM
    Saturday
    12:00 AM to 12:00 AM
  4. Click Save.

Restrict the Login IP Range on the Custom: Support Profile

  1. Under Login IP Ranges, click New and enter the details.    Login IP Ranges page in Salesforce.
  2. Enter these values:
    • Start IP Address: 0.0.0.0
    • End IP Address: 255.255.255.255
    • Description: San Diego
  3. Click Save.
Note

Note

For the purpose of this step, we’re including all IP Ranges; however, in a real-life scenario, you would set a more realistic range. 

Now that you’ve restricted the login IP Range for users with the Support profile, move on to the next step, where you continue to enhance security in the AW Computing org by adding new users and setting their security levels using permission sets. 

retargeting