Loading
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Manage Device Access with Mobile Device Tracking

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Manage Device Access with Mobile Device Tracking

            You can manage which devices access your Salesforce data. Store a mobile device’s unique identifier, then you can approve or revoke that device’s access.

            Required Editions

            Available in: Enterprise, Performance, Unlimited, and Developer Editions
            User Permissions Needed
            To view user devices that access Salesforce: View Devices
            To edit user devices: Manage Devices

            Devices are exposed in the UserDevice and UserDeviceApplication sObjects. Use UserDevice to represent information that is unique to a device. Use UserDeviceApplication to represent information about applications installed on a device that is accessing Salesforce. See UserDevice and UserDeviceApplication in the Object Reference for Salesforce and Lightning Platform Developer Documentation.

            The UserDevice sObject contains the UserProvidedDeviceIdentifier field. In this field, you can store a mobile device’s identifier like a serial number. When you add a device, its status is set to Pending Approval. To show that you’re allowing a device to access your org, you can change its status to approved. To revoke access to a device, change the device’s status to revoked.

            Disallowing device access based on device status requires a setting change. From Setup, in the Quick Find box, enter System Settings, and then select System Settings. Enable Prevent login from mobile user devices with revoked status. You can also access this setting in Identity Verification Settings. From Setup, in the Quick Find box, enter Identity Verification, and then select Identity Verification.

            Note
            Note Apple no longer supports IMEI calls at the device level in the Salesforce app. Use your EMM solution to provide this information.

            Revoke devices through Apex using the UserDevice sObject.

            Example
            Example

            This Apex call fetches a device for a specific user, revokes it, and updates the list of records.

            // Fetch UserDevice sObjects for a specific user
List<UserDevice> userDevices = new List<UserDevice>();
userDevices = [SELECT Id FROM UserDevice WHERE User.Username = 'astro@salesforce.com'];

// Loop through UserDevices in the list and change the status to revoked
for (UserDevice ud : userDevices) {
    ud.status = 'Revoked';
}

// Update the list of UserDevices records in Salesforce
update userDevices;
             
            Loading
            Salesforce Help | Article