Control Access to the Org
Control Access to the Organization
To view and manage the users in your org, use the Quick Find box in Setup to find Users. The user list shows all the users in your org.
Create a User
- Use the Quick Find box to find in Setup.
Click New User.
Or you can click Add Multiple Users to add up to ten users at a time.
- Enter the user’s name, email address, and a unique username in the form of an email address. By default, the username is the same as the email address.
Select the user license this user will have.
The license determines which profiles are available for each user.
- Select a profile, which specifies the user’s minimum permissions and access settings.
- Select the option to generate a new password and notify the user, then save.
Deactivate a User
- In Setup, use the Quick Find box to go to Users.
- Click Edit next to the name of the user you want to deactivate.
Clear the Active checkbox and click
If you can’t immediately deactivate an account (for example, when the user is selected in a custom hierarchy field), you can freeze their account. That prevents the user from logging in to your organization while you’re working on deactivating them.
- On the Users page in Setup, click the username of the user whose account you want to freeze.
- Click Freeze.
Set Password Policy
- Password policies
- Set password and login policies, such as specifying an amount of time before all users’ passwords expire and the level of complexity required for passwords.
- User password expiration
- Expire the passwords for all the users in your org, except for users with “Password Never Expires” permission.
- User password resets
- Reset the password for specified users.
- Login attempts and lockout periods
- If a user is locked out due to too many failed login attempts, you can unlock the person’s access.
Use the Quick Find box to find Password Policies in
Customize the password settings.
How long should passwords be?
Longer is usually better, within reason.
How complex do you want your passwords?
You can require alphabetical, numeric, uppercase, lowercase, or special characters.
- How many days is a password valid?
- How many times can someone try to log in with invalid credentials before being locked out?
- How long should passwords be?
- Choose what to do about forgotten passwords and locked accounts.
- Click Save.
Restrict Login Access by IP Address
- If you set your trusted IP range for your whole org, users with addresses outside that range aren't completely excluded. They can log in if they complete a challenge question, typically by entering an activation code sent to their phone or email.
- If you set your trusted IP range only for a given user profile, all users with that profile who are outside the trusted range are locked out.
By default, Salesforce doesn't restrict locations for login access. If you do nothing, users can log in from any IP address.
Go to your Setup panel.
- If you're doing this for your whole org, use the Quick Find box to find Network Access.
- If you're doing this for a profile, find Profiles instead, then click the name of the profile you want to edit.
Click New in the Login IP Range related list.
- Enter the start and end point of the range of trusted IP addresses, and save.
Restrict Login Access by Time
- In Setup, use the Quick Find box to find Profiles.
- Click the profile you want to change.
- Under Login Hours, click Edit.
Set the days and hours when users with this profile can log in to the
- To allow users to log in at any time, click Clear all times.
- To prohibit users from using the system on a specific day, set the start and end times to the same value.