Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            ApexClassCheckforIP Check Configured Set to True Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            ApexClassCheckforIP Check Configured Set to True Control

            Enforces IP restriction validation within Omnistudio Integration Procedures when they invoke Apex classes.

            Control Name

            Omnistudio - Object and Field Level Security (Select ApexClassCheckforIP Check Configured set to 'True').

            Control Overview

            Enforces IP restriction validation within Omnistudio Integration Procedures when they invoke Apex classes, making sure that backend code respects org-level trusted IP ranges even through low-code orchestration layers.

            Description

            When enabled via Custom Settings, Omnistudio checks the running user's IP against Login IP Ranges and Network Access IP filters before allowing Apex class execution within Integration Procedures, DataRaptors, or other backend calls.

            Recommended Configuration

            Select ApexClassCheckforIP Check Configured set to "True" in Setup>Custom Settings>Omnistudio global security settings.

            Security Impact

            Prevents IP-based trusted access bypass through Omnistudio workflows; compromised accounts from untrusted IPs cannot execute sensitive Apex logic disguised as legitimate Integration Procedure calls.

            Business Impact

            Maintains consistent IP security policy across custom low-code and traditional Apex development. Supports compliance requirements for network access controls in Vlocity/Omnistudio implementations.

            Security Risk If Not Configured

            Lack of advanced security checks enforcement to strictly validate object, field-level, and Apex class permissions for all users using Omnistudio Integration Procedures allows IP restriction evasion.

            Threat Scenarios

            Compromised external/partner accounts bypass IP allowlisting by invoking sensitive Apex classes through Omnistudio Integration Procedures; attackers from untrusted networks execute privileged backend operations via low-code UI flows.

            Estimated CVSS Score Range

            Critical (9.0–10.0).

            Risk Impact Considerations

            Essential when IP restrictions protect production data access. May block legitimate remote workers unless VPN IP ranges are properly configured in Network Access settings.

            Higher Risk When

            Omnistudio Integration Procedures call Apex classes handling PII/financial/PHI data, strict IP allowlisting enforced, external/Experience Cloud users enabled, or complex multi-cloud IP filtering.

            Low Risk When

            No IP restrictions are configured, internal users are only on corporate network, or Omnistudio is used for read-only/display purposes without backend Apex integration.

            Business and Integration Considerations

            Must have for any production Omnistudio deployment with IP restrictions. Verify all Network Access IP ranges include legitimate remote access patterns before enabling.

            Security Health Review Guidance

            Must have.

            Who Is Impacted

            Omnistudio developers building Integration Procedures, security admins managing IP allowlists, remote/hybrid workers accessing production, external partners using Omnistudio portals.

            See Also

             
            Loading
            Salesforce Help | Article