Start tracking your progress
Trailhead Home
Trailhead Home

Get Started with Transaction Security

Learning Objectives

Warning

Warning

Be careful—Transaction Security is a powerful feature. An incorrect Login Event policy that uses Block as its real-time action locks you out of your org. To prevent this from happening in an org you care about, create a new Trailhead Playground for this module. Yes, we really mean a brand new Trailhead Playground.

After completing this unit, you’ll be able to:
  • Describe the benefits of transaction security.
  • Explain what policies, actions, and notifications are.
  • State at least three use cases for transaction security.

What Is Transaction Security?

You’re the admin. You’re managing the Salesforce org. You’re juggling users, apps, objects, reports, and everything else. Now your manager asks you to make sure that no one is using an unsupported browser. Before you get started on that task, someone from IT asks you to make sure no one has a bunch of sessions active at once. How are you supposed to watch for all those things on top of everything else?

The answer is, you don’t. Instead, Transaction Security watches for you.

Transaction security monitors Salesforce events in real time to spot and correct trouble right away based on rules you create. You pick a transaction, or event, to watch for and then you choose what to do about that event. The rules and actions you create are called policies. Transaction security policies are backed by Apex, so you can tweak the Apex for your policies to make them even more powerful.
Note

Note

Using Transaction Security requires purchasing a Salesforce Shield or Salesforce Shield Event Monitoring add-on subscription.

For example, allowing users to have multiple login sessions can be a security risk. Let’s say someone starts work on a desktop computer, switches to a tablet, and then walks away from the desk. The desktop session is still active and open for anyone to use. To prevent users from having too many sessions active at once, you’d pick the login event and create a policy. For instance, you can state that if users already have three active sessions, they have to end one of the sessions before logging in to a new session. You can also ensure that you get notified when this event occurs.

Policies move through three states.
  • Available—Any policy you create, plus the example policies that Salesforce supplies. These policies are listed on the Salesforce Transaction Security Policies page.

    Transaction Security policies page showing the supplied policies.

  • Enabled—Available policies that the admin has turned on by selecting Enabled. These policies are running and are also listed on the Transaction Security Policies page.
  • Triggered—A policy that’s been activated. This happens when the event the policy monitors not only occurs, but occurs in such a way that the event meets the policy’s requirements. Let’s consider the earlier login example. To trigger the policy, not only does the event have to be a login event, it also has to be for the user’s fourth active session.
You’re probably wondering what items you can check for with Transaction Security. A transaction security policy consists of events, notifications, and actions.
  • The available event types are:
    • Data Export for Account, Case, Contact, Lead, and Opportunity objects. Prevents unauthorized downloads.
    • Entity for authentication providers and sessions, client browsers, and login IP. Provides notification when a specific resource (entity) is accessed.
    • Logins. Limits sessions or requires additional authentication.
    • Access Resource for connected apps and reports and dashboards. Blocks access to sensitive information or requires two-factor authentication before access is allowed.
  • Policy notifications are sent to the selected admin using:
    • Email
    • In-app notification to your Salesforce app
    • Both email and in-app notifications
    • No notifications (notifications are optional)
  • If the policy is triggered, you can:
    • Block the operation
    • Require a higher level of assurance using two-factor authentication
    • End a current session
    • Receive a notification
    • Do nothing at all (useful for testing)
You can do a lot with these pieces. Here are some ideas.
  • Lock out specific geographical areas—Your org has remote offices and a global presence. To comply with international law, you want to restrict access to the Salesforce org. Set up policies to limit access from specific countries or to obtain alerts when unusual login activity occurs, like the same user logging in from two different places.
  • Securely access confidential data—You have sensitive, confidential data in your quarterly Salesforce dashboards. You want to ensure that teams accessing the dashboards use two-factor authentication (2FA) before viewing this data. Create a policy monitoring specific reports and requiring everyone to use 2FA before getting access.

These examples are just a few of the things you can do with Transaction Security. Look at the online help examples for more ideas.

retargeting