Salesforce for Outlook security overview
|Knowledge Article Number||000006338|
|Description||This article will touch on key security aspects on Salesforce for Outlook|
- Salesforce for Outlook resides as a .Net Client on a user's local machine and interacts with Salesforce using SSL 128 bit encryption Port 443 is used
- API calls use SSL 256 bit SSL encryption.
- User Authentication is Oauth 2.0 authentication see Oauth and also OAuth 2.0 User-Agent Flow
- The Oauth token is encrypted on the local machine using MS DPAPI
- Other sync data resides on the local machine in an SQLite database
- Synced data is controlled within the Salesforce application by the configuration of specific Data Sets managed by Salesforce Administrators.
- The permission for users to be able sync and data sets constraints are controlled by an Administrator within Salesforce
- TLS 1.1 and higher.
See The Prepare Your Users to Continue Using Salesforce for Outlook After TLS 1.0 Is Disabled and Salesforce disabling TLS 1.0 knowledge articles for more information