Device Activation for Experience Cloud Sites
To add extra verification to unfamiliar login attempts, set up device activation for your Experience Cloud site. With device activation, Salesforce challenges users to verify their identity when they log in from an unrecognized browser or device.
Required Editions
| Available in: both Salesforce Classic and Lightning Experience |
| Available in: Enterprise, Performance, Unlimited, and Developer Editions |
Device activation works differently depending on whether you use org-wide trusted IP ranges. Here's a summary of how it works.
sfdc_lv2 platform cookie.| Org-Wide Trusted IP Range Configuration | When Is verification required? | When Is Verification Skipped? |
|---|---|---|
| Not configured | Salesforce doesn't recognize the browser or device. | Salesforce recognizes the browser or device. |
| Configured | The login attempt is from an untrusted IP address, even if Salesforce recognizes the browser or device. | The login attempt is from a trusted IP address. |
To verify a user's identity during device activation, Salesforce uses the highest-priority identity verification method available. Here's the order that Salesforce follows for verification methods.
- Built-in authenticator registered with the user’s account, such as Touch ID or Windows Hello
- U2F security key registered with the user’s account
- Push notification or location-based automated verification with the Salesforce Authenticator mobile app connected to the user’s account
- Time-based one-time password (TOTP) generated by a mobile authenticator app connected to the user’s account, such as Google Authenticator™
- One-time password (OTP) sent via SMS to the user’s verified mobile device
- OTP sent via email to the user’s registered email address
For customers and partners logging in to Experience Cloud sites, device activation is automatically disabled. You can manage device activation for customers and partners through Session Settings in profiles. You can also use profiles to manage device activation for employees logging in to Experience Cloud sites. To change device activation settings in profiles, take these steps.
- From Setup, in the Quick Find box, enter Profiles, and then select Profiles.
- Select a profile.
- Depending on which user interface you're using, edit the profile.
- Enhanced profile user interface—Click Session Settings, and then click Edit.
- Original profile user interface—Click Edit, and scroll to the Session Settings section.
- Depending on the profile you're editing, different device activation settings are available. Edit the settings, and save your changes.
Here’s a summary of device activation settings and the profiles where you find them.
| Setting | Description |
|---|---|
| Enable device activation for customers | Require device activation for customers and partners logging in to Experience Cloud sites. These are some of the standard profiles that have this setting.
|
| Skip employee device activation during Experience Cloud site login | Allow employees in your org to bypass device activation when they log in to an Experience Cloud site. However, employees must still complete device activation when they log in to your org. These are some of the standard profiles that have this setting.
|
