Choose login settings to ensure that your users are who they say they are.
Restrict Where and When Users Can Log In to Salesforce You can restrict the hours during which users can log in and the range of IP addresses they can log in and access Salesforce from. If IP address restrictions are defined for a user’s profile and a login originates from an unknown IP address, Salesforce does not allow the login. These restrictions help protect your data from unauthorized access and phishing attacks.
Set Password Policies Improve your Salesforce org security with password protection. You can set password history, length, and complexity requirements along with other values. In addition, you can specify what to do if a user forgets their password.
Expire Passwords for All Users As an administrator, you can expire passwords for all users any time you want to enforce extra security for your organization. After expiring passwords, all users are prompted to reset their password the next time they log in.
Modify Session Security Settings You can modify session security settings to specify session connection type, timeout settings, and IP address ranges to protect against malicious attacks and more.
Enable Lightning Login for Password-Free Logins Say goodbye to the hassle of weak passwords, forgotten passwords, and locked-out accounts. Give your users the enhanced speed, convenience, and security of password-free logins. Enable Lightning Login, assign the required permission to your users, and encourage them to individually enroll in Lightning Login.
Create a Login Flow Use the Cloud Flow Designer to build a login flow process, then associate the finished flow with a profile.
Connect a Login Flow to a Profile After you create a login flow in Flow Designer and activate the flow, you associate it with a profile in your organization. Users with that profile are then directed to the login flow.
Set Up Two-Factor Authentication Admins enable two-factor authentication through permissions or profile settings. Users register devices for two-factor authentication—such as mobile authenticator apps or U2F security keys—through their own personal settings.