Loading
Feature Degradation | Agentforce Voice Read More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Best Practices and Additional Information for Anomalous Logins

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Best Practices and Additional Information for Anomalous Logins

            Understanding the nature of anomalous logins and available resources can help you manage and respond to these events effectively.

            Required Editions

            Available in both Salesforce Classic (not available in all orgs) and Lightning Experience.

            Available in: Enterprise, Unlimited, and Developer Editions

            Requires Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.

            A login is considered anomalous when its characteristics (IP address, browser agent, location, etc.) significantly deviate from the user's established baseline of typical logins over the past 90 days. Machine learning models create a profile for each user based on their login history. Incoming logins are compared against this baseline, and an alert is triggered when a significant deviation exceeds a defined threshold. If no response is received for the email notification about this event, the system will assume it was a false positive, and the user will not receive the same notification for the same endpoint (IP, Browser, UserId combination) within a 30-day window.

            Salesforce continuously monitors login activity for various suspicious patterns, including credential stuffing and brute-force attacks. Successful logins from suspicious clients trigger mitigating actions like identity challenges and forced password resets. Practicing good password hygiene, never sharing credentials, and enabling multi-factor authentication (MFA) are crucial steps to prevent unauthorized access.

            Note
            Note The anomalous login score is currently computed only for non-SSO logins. SSO logins with MFA are considered less susceptible to these types of attacks.
             
            Loading
            Salesforce Help | Article