+2,500 ポイント
Superbadge

User Authentication Settings Superbadge Unit

Bring user authentication settings up to standard to secure your org.

~ 1 時間

Prerequisites

User Authentication Settings Superbadge Unit

この Superbadge を獲得するための実習内容

  1. Set appropriate password policies.
  2. Configure login requirements and limits.
  3. Control API access for connected apps.
  4. Set trusted IP addresses for users.

この Superbadge でテストされる概念

  • User Authentication

Note

To ensure we meet the needs of our Trailblazer Community, we’re always reviewing and evolving our program based on your feedback. As a result, we’ve created superbadge units! Superbadge units present assessment content in smaller segments. Groups of superbadge units are arranged by topic and can be followed by a capstone-style superbadge that completes the Specialist-level credential.

For more information, check out the Superbadge Unit FAQ Help Article.

Sign Up for a Developer Edition Org with Special Configuration

To complete this superbadge unit, you need a special Developer Edition org that contains special configuration and sample data. Note that this Developer Edition org is designed to work with the challenges in this superbadge unit.

  1. Sign up for a free Developer Edition org with special configuration.

  2. Fill out the form.

    1. For Email, enter an active email address.
    2. For Username, enter a username that looks like an email address and is unique; however, it doesn’t need to be a valid email account (such as yourname@security4ever.example.com).
  3. After you fill out the form, click Sign me up.
  4. When you receive the activation email (this might take a few minutes), open it and click Verify Account.

  5. Complete your registration by setting your password and challenge question. Tip: Write down your username, password, and login URL for easy access later.

  6. You are logged in to your superbadge Developer Edition org.

Now, connect your new Developer Edition org to Trailhead.

  1. Make sure you’re logged in to your Trailhead account.

  2. In the Challenge section at the bottom of this page, select Connect Org from the picklist.

  3. On the login screen, enter the username and password for the Developer Edition org you just set up.

  4. On the Allow Access? page, click Allow.

  5. On the Want to connect this org for hands-on challenges? page, click Yes! Save it. You are redirected back to the Challenge page and ready to use your new Developer Edition org to earn this superbadge.

  6. Now that you have a Salesforce org with special configuration for this superbadge unit, you’re good to go.


Note

Note

Before you begin the challenges, please review User Authentication Specialist Superbadge: Trailhead Challenge Help.

Make sure you're using a new Developer Edition org from this sign up link to complete the challenges in this superbadge unit. If you use an org that has been used for other work, you won’t pass the challenges in this superbadge unit.

This superbadge unit is part of the User Authentication Specialist Superbadge. Complete the capstone assessment and related superbadge units to receive the User Authentication Specialist Superbadge.

Review Superbadge Challenge Help for information about the Salesforce Certification Program information and Superbadge Code of Conduct.

Use Case

Cirrus Cash Flow is a startup that provides financial services for its customers. While its information technology (IT) team is fantastic, the company was less than ready to be acquired by the financial services behemoth, Cumulus Global Bank. Cumulus Global Bank has put Cirrus Cash Flow’s systems through a thorough security audit and now needs to make changes.

As a premier Salesforce security consultant, you’ve met with the key stakeholders and compiled a comprehensive set of security change requirements.

Business Requirements

This section represents the culmination of many meetings and is the basis of your work to transform Cirrus Cash Flow’s Salesforce org into a cloud-based fortress.

Password Requirements

To comply with government financial regulations, Cumulus Global Bank has strict password policies that are in line with industry best practices. Cirrus Cash Flow hasn’t modified the default settings its org started with and will need to make the following adjustments.

  1. Passwords have to be at least 12 characters long and include alpha, numeric, and special characters.

  2. Users are only allowed three login attempts. After that, they will be locked out of their account for 30 minutes.

  3. A user cannot reset their password more than once in a 24-hour period.

  4. The answer to a user’s security question must be obscured during the password reset process.

In addition to the org-wide password policies, Cumulus Global Bank requires that privileged users have even more complex passwords. After reviewing Cirrus Cash Flow’s users, you’ve determined that those with the System Administrator profile are the only privileged users in the org with elevated levels of access. For these users, you’ve determined that the following changes need to be made.

  1. Passwords for admin users need to be 15 characters minimum.

  2. Passwords for admins also have to be more complex—they must include numbers, uppercase and lowercase letters, and special characters.

Note

Note

Hold on. Where’s multi-factor authentication (MFA)?

On their own, usernames and passwords no longer provide sufficient protection against cyberattacks. That’s where MFA comes in. It’s one of the simplest, most effective ways to prevent unauthorized account access and safeguard your data and your customers’ data. It’s also required for all Salesforce users as of February 1, 2022.

In fact, MFA is so important that it’s earned its own superbadge unit! Be sure to check out the Multi-Factor Authentication and Single Sign-On Settings Superbadge Unit to demonstrate your multifaceted security skill set.

Login Requirements and Limits

In addition to password policies, Cumulus Global Bank has login restrictions for employees who have access to the most sensitive information. You’ve explored these restrictions in detail and have determined that they apply to Cirrus Cash Flow’s Inside Sales representatives and Call Center agents. Make the following changes in the existing custom profiles.

Login Location Login Hours
Inside Sales Representatives Corporate office or the virtual private network (VPN) when working remotely No time restrictions
Call Center Agents Corporate office Only 8 AM to 5 PM Monday through Friday

Use the following IP address or range in your configurations and be sure to set a description for the admin at Cirrus Cash Flow.

  • Corporate Office: 13.108.0.0

  • VPN: 10.0.0.0 - 10.255.255.255

These IP addresses will most likely exclude your current IP address.

Connected App Access Control

Note

Note

Important: Make sure you've connected your special Developer Edition org for this superbadge to Trailhead before making any of the configurations in the following section. Failing to do so may create an unnecessary obstacle or block you from completing the challenge successfully.

Instructions to connect your org to Trailhead are at the top of this superbadge, below the Concepts Tested section.

To survive in a competitive landscape, startups are required to adapt and move quickly. And as part of that “act fast and ask for forgiveness later” mentality, the admin for Cirrus Cash Flow’s Salesforce org hasn’t restricted any connected applications or the users who have access to them. As a seasoned consultant, you’re well aware of the access connected apps can have without restrictions and that it can pose a major security risk. But you don’t judge. Instead, you’ve already contacted Salesforce Support in order to enable the API Access Control feature so you can get a better handle on API users in the org.

First, Cumulus Global Bank has asked that the admin for Cirrus Cash Flow lock down all connected apps. Only grant API access to allowlisted connected apps; the administrator has to approve user access to these apps. Never allow users to self-authorize for any connected app. Note: The Trailhead Connected App has been preinstalled in your org for this superbadge unit. You do not need to make any adjustments to this app to pass the challenge.

Finally, the Cirrus Cash Flow org already has the Salesforce Mobile Apps Administration package installed. But to be compliant with Cumulus Global Bank’s mobile security policies, the only employees allowed to access the org via their mobile device are Inside Sales users. Since the company gives all Inside Sales employees the same phone model, they only need access to the Salesforce for iOS connected app.

Trusted IP Network

Wow! You’ve really brought Cirrus Cash Flow up to Cumulus Global Bank’s user authentication standards and industry best practices. Way to go! But now, employees are complaining about all the extra steps and restrictions.

You’re not willing to sacrifice security for convenience, of course. However, you do know of a way to allow employees to bypass device activation when they log in at the corporate office. You run the solution by Cumulus Global Bank’s security experts. You then configure Cirrus Cash Flow’s org to allow users to log in at the corporate IP address (13.108.0.0) without receiving a login challenge for identity verification.

この Superbadge 獲得に挑戦しますか?

まず前提条件をクリアしてください。クリアすると、User Authentication Settings Superbadge Unit の Challenge を選択できるようになります。

~ 1 時間