Loading

Prevent access to Salesforce from Android or other browsers

Publiceringsdatum: Jun 26, 2023
Beskrivning
You can use login flows to prevent access to salesforce. This article is just a general walkthrough to help with constructing a login flow that stores the logged in user's browser information in a variable and then makes a decision to allow the login attempt based on the logged in user's information. If it is an Android browser it will block the login and if not it will allow the login.

 
Lösning

1. How to to create a variable that stores the browser information.

  1. Double click on (x)Variable under the 'CREATE NEW' section.
  2. Input a value in the 'Name' field. Ex.LoginFlow_UserAgent
  3. Enter a description.
  4. Leave the data type as 'Text'
  5. In the 'Input/Output Type' section click Input Only.
  6. Click on the OK button.

2. Getting the page to display the user's browser.

  1. Select on the Palette tab.
  2. In the 'USER INTERFACE' tab click on the Screen component, then drag it out towards the right. 
  3. Wait till the configuration menu displays for Screen.
  4. Input a Name in the Name field. Ex. "Start Page"
  5. Click on the Add a field section.
  6. Locate the 'OUTPUTS' section in Salesforce.
  7. Drag the Display Text towards the right until you get a blue square and '+'icon.
  8. Highlight the field and then click on the Field Settings tab.
  9. Enter a value for the Unique Name section.'Browser_information'
  10. On the 'Select resource' option click on the arrow.
  11. Click on the VARIABLES section.
  12. Double click on the variable created in Step 1. Ex. LoginFlow_UserAgent
  13. Confirm that the variable is underneath the 'Select resource' in the format and add the message of your choice. ex.{!LoginFlow_UserAgent}
 

3. Create a decision to determine what actions can occur when a user logs in from an Android device.

  1. Locate the LOGIC selection on the 'Palette' tab.
  2. Select the Decision element.
  3. Drag the Decision element towards the right. Wait till the configuration menu displays.
  4. Input a value in the 'Name'. Ex. "Decision page"
  5. On the EDITABLE OUTCOMES click on Add Outcome.
  6. Type the word Block in the Name section.
  7. Click on the arrow towards the right of Select resource.
  8. Locate the variable created in the Step 1. Ex.LoginFlow_UserAgent
  9. Click on the --Select One-- option select contains.
  10. Enter the value Android in the Enter value or select resource.
  11. Click on the [Default Outcome] remove Default Outcome and add Allow.
  12. Click on the OK Button.
 

4. Putting all the logic together.

  1. Locate the USER INTERFACE section.
  2. Click and then drag the Screen element towards the right. Wait for the configuration menu to display.
  3. Enter a value in the Name. Ex. 'Block Page'.
  4. Locate the Navigation Options. 
  5. Locate the show Finish and Previous.
  6. Click the arrow.
  7. Select Don't show Finish Button.
  8. Click on the Add a Field section.
  9. Click and drag the 'Display Text' towards the right.
  10. Highlight the field and then click on the 'Field Settings' tab.
  11. Enter a Unique Name.Ex 'Block message'.
  12. Click on the Text icon.
  13. Enter the custom message.Ex.'Warning: Salesforce can not be access through an Android browser due to your Security policy in place.'
  14. Click on the Ok button.

5. Final steps.

  1. On the first page "Start Page" created in the second step click on the green arrow to make the start page.
  2. In the same page  click on the square and drag the line to the Decision page.
  3. From the "Decision page" click on the square and drag the line to the "Block Page". If you would like to by pass the "Start Page " screen and begin in the "Decision Page" it can be configured as the start page.
  4. Make sure that 'Block' is selected as the decision outcome linked to the "Block Page".
  5. Click the OK button.
  6. Save the flow.
  7. Apply the flow to the users. 
 
In order to ensure the flow runs properly, the following should be disabled from Process Automation Settings: 'Enable Lightning runtime for flows'

To Block Salesforce for Android

1. Go to Setup | Manage Apps | Connected Apps | Salesforce/Chatter for Android.
2. Click Edit.
3. In the 'Permitted Users' section select Admin Approved users are pre-authorized. Remove 
4. Also if needed  IP restrictions could be put in place to only allow IPs from your company network.
5. Finally, proceed to Manage Users | Profiles | name of profile. Then remove access from the Profile Connect Apps section.

Additional Resources: 

Custom Login Flows
Login Flow Examples
Knowledge-artikelnummer

000387318

 
Laddar
Salesforce Help | Article