Start tracking your progress
Trailhead Home
Trailhead Home

Create Transaction Security Policies

Learning Objectives

Warning

Warning

Be careful—Transaction Security is a powerful feature. An incorrect Login Event policy that uses Block as its real-time action locks you out of your org. To prevent this from happening in an org you care about, create a new Trailhead Playground for this module. Yes, we really mean a brand new Trailhead Playground.

After completing this unit, you’ll be able to:
  • Enable Transaction Security.
  • List the uses of different notification types.
  • Use real-time actions appropriately.
  • Define, edit, enable, and disable your own policies.
  • Test a new policy.

Enable Transaction Security

The first thing to do before you can create your own policies and use the supplied policies is to enable Transaction Security. You have to turn it on before you can start working.

  1. From Setup, in the Quick Find box, type Transaction Security, and click Transaction Security Policies.
  2. If you’ve never visited this page before, click Enable next to Get Started With Transaction Security.

Partial Transaction Security page showing the checkbox to enable the feature.

Now you see some available policies.

A listview that shows two available transaction security policies: Concurrent User Session Limit Policy and Lead Data Export Policy

Congratulations! Transaction Security is now ready to use in your org.

Create a Policy

Now that you know what Transaction Security is, it’s time to learn how to use it. You practice with an existing policy in your Trailhead Playground because the purpose of this unit isn’t to teach you how to write Apex from scratch. However, if you were going to create a new policy, this is how you would do it.

On the main Transaction Security page, click New.

Transaction Security page for creating a new policy.

Let’s work down from the top. Let’s say you want to create a transaction security policy that limits the number of Lead records someone can download at a time.
  1. Because you’re trying to limit the amount of data someone can export, select Data Export in the Event Type field.
  2. In the Resource field, select Lead.
  3. In the Apex Class field, select DataLoaderLeadExportCondition, an Apex class that’s already created for us.
  4. Click Next.
  5. The real-time action is Block, because you want to block users who try to download too many records at a time. Not all events support all actions. For this Data Export event, you could instead require all users to use two-factor authentication if they try to download a certain number of records. You could also select no action and just receive a notification.
  6. Select Email notification, and select a user as the recipient. You’ll receive an email every time a user attempts to download too many leads
  7. For Execute Policy As, choose the same person that you selected to be the recipient.
  8. Name the policy Lead Data Export Policy. What you enter in the Name field automatically sets the API name, in this case, LeadDataExportPolicy. The API name is what the policy is called within your org and by Apex code.
  9. Don’t enable the policy just yet—you do that later. Your page should look like this.

    Second page of new policy workflow that shows the settings for our policy

  10. To add your new policy to the list of available policies, click Finish.

Edit a Policy

Editing a policy to change the notification, action, or most anything else is easy. You can make several changes to your transaction security policies without ever touching Apex code.

  1. From Setup, in the Quick Find box, type Transaction Security, and click Transaction Security Policies.
  2. Select Edit from the dropdown next to the policy you want to update. In this case, edit the Lead Data Export policy.
  3. Take a look at the current settings for the policy. You can make changes to your policy’s settings any time.

You can change almost all the things you set when you created the policy. What you can’t do from this screen is change the Apex code that implements the policy. That’s a different step, which we cover a bit later.

Enable a Policy

After creating a policy, enable it to put it to work in your org.

  1. On the Transaction Security Policies page, click Edit next to the Lead Data Export Policy.
  2. When you’re sure it’s configured the way you want, head to the Actions page, and select Enable.

    The Actions page of the Edit Transaction Security Policy workflow that shows the Enabled toggle.

  3. Click Finish.

Awesome! Now the policy is enabled.

retargeting