Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Control Login Access Policies

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Control Login Access Policies

            Control whether your users are prompted to grant account access to Salesforce admins, and whether users can grant access to publishers.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience

            Available in: all editions

            Granting administrator access available in: Enterprise, Performance, Unlimited, Developer, and Database.com Editions
            User Permissions Needed
            To control login access policies: Manage Login Access Policies
            1. From Setup, enter Login Access Policies in the Quick Find box, then select Login Access Policies.
            2. To allow admins to log in as any user in the org without first asking them to grant access, enable Administrators Can Log in as Any User.

              To have this feature removed from your org, contact Salesforce. If you remove the feature, a user must grant login access before an admin can log in to that user’s account for troubleshooting.

            3. To prevent users from granting access to a publisher—for example, to comply with regulatory or privacy concerns—click Available to Administrators Only for that publisher.
            4. Click Save.

            Users can’t grant login access to managed packages that are licensed to your entire Salesforce org. Only admins with the Manage Users permission can grant access to these publishers. Also, some managed packages don’t have login access. If a package isn’t listed on the Login Access Policies page, login access isn’t available for that package.

            The org listed in the Support Organization column, is the License Management Org that owns the managed package.

            When multi-factor authentication (MFA) is enabled for your org, admins can still log in as another user. There’s only one scenario where an admin needs to coordinate with a user to have them respond to an MFA challenge: when the user's profile requires a High Assurance session at login, but the admin is logged in with a standard security session level. To avoid this situation, admins should always log in using MFA, which automatically results in a High Assurance session. See Multi-Factor Authentication.

            See Also

             
            Loading
            Salesforce Help | Article