Loading
Ongoing maintenance for Salesforce HelpRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Network Access Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Network Access Control

            Define Trusted IP Ranges.

            Control Name

            Network Access - Trusted IP Ranges

            Recommended Configuration

            Setup>Network Access>New>Start - End IP Addresses.

            Control Overview

            Define Trusted IP Ranges.

            Security Risk If Not Configured

            Failing to configure trusted IP ranges in Salesforce network access creates a significant security vulnerability by allowing users to attempt logins from any location or network globally. Although Salesforce still requires standard credentials, the lack of IP restrictions means that if a password is compromised via phishing or credential stuffing, an attacker can bypass the "trusted network" layer and access sensitive corporate data from an unauthorized external environment.

            Threat Scenarios

            A primary threat scenario involves a credential harvesting attack, where a malicious actor obtains a high-privileged user’s login credentials through a targeted phishing campaign. Without trusted IP ranges defined, the attacker can successfully log in to Salesforce from a remote, unauthorized location—such as an overseas server or a public network—bypassing the security layer that would otherwise trigger a login challenge for an unrecognized IP. When inside, the attacker can export sensitive customer data, modify critical configurations, or install malicious third-party integrations.

            Estimated CVSS Score Range

            Critical (9.0–10.0).

            Risk Impact Considerations

            Depending on the sensitive data stored in the platform and any users or integration users that can access the data.

            Higher Risk When

            Sensitive Data is stored in custom fields and no additional access controls restriction in place, and Salesforce secure by default control such as Forced Device Activation is waived.

            Low or No Risk When

            This control can be considered low risk when one or more of the following are implemented:

            • MFA is configured
            • Single Logout is configured
            • IP Login Restriction is enabled at the profile level

            Business and Integration Considerations

            Customers should evaluate IP addresses related to integration users.

            Recommended Remediation

            Consider integration users, and connected or external application network connecting to the org.

            Security Health Review Guidance

            Security Health Review identifies Network Setup by inspecting whether there are IP ranges setup as part of the trusted IP addresses.

            See Also

             
            Loading
            Salesforce Help | Article