Loading

Take Action to Prevent Account Compromise in Salesforce

Дата публикации: Apr 22, 2026
Описание

User accounts without Multi-Factor Authentication (MFA), IP restrictions, or strong credentials are at risk of being compromised by bad actors. Once compromised, attackers may use accounts to send phishing emails, exfiltrate data, or install malware. This activity constitutes email abuse and violates Salesforce's Main Services Agreement.

To protect your organization, start with these critical security controls in order of priority:

  1. Enable MFA for all users
  2. Set password complexity requirements
  3. Configure trusted IP ranges

Salesforce offers a variety of customizable settings to tailor your org for secure access. The sections below provide step-by-step guidance for each control.

Available Editions:

Professional, Enterprise, Performance (Unlimited), and Developer

Prerequisites:

Review the Salesforce security documentation linked in each section below before making changes. Changes to MFA, password policies, and IP restrictions affect all users in your org — plan and communicate changes to your user base before implementing.

Решение

Enable Multi-Factor Authentication

Multi-Factor Authentication (MFA) requires users to provide multiple forms of identity verification before accessing Salesforce, significantly reducing the risk of account compromise.

Steps to Enable MFA:

  1. Click the Gear icon in the upper right corner and select Setup.
  2. In the Quick Find box, enter Identity Verification and select Identity Verification.
  3. Enable Require MFA for all direct UI logins to your Salesforce org.
  4. Communicate the change to your users and ensure they enroll their MFA verification method before their next login.

 

For sensitive operations, you can also require high-assurance session security to enforce a higher level of verification for specific actions.

Configure Password Policies

Strong password policies make it significantly harder for bad actors to compromise user accounts through brute force or credential stuffing attacks.

Steps to Configure Password Policies:

  1. Click the Gear icon and select Setup.
  2. In the Quick Find box, enter Password Policies and select Password Policies.
  3. Set the following recommended configurations:
    • Minimum password length: 8 characters or more
    • Password complexity: Must mix alpha, numeric, and special characters
    • Password expiration: Set an appropriate expiration period for your organization
    • Maximum invalid login attempts: Limit the number of failed attempts before lockout
  4. Click Save.
You can also set expiration and complexity requirements at the profile level via password policies in profiles for more granular control per user group.

Set Up IP Restrictions

Restricting the IP addresses from which users can log in helps prevent unauthorized access from unknown locations.

Steps to Configure Trusted IP Ranges (Org-Wide):

  1. Click the Gear icon and select Setup.
  2. In the Quick Find box, enter Network Access and select Network Access.
  3. Click New and enter the trusted IP range start and end addresses.
  4. Click Save.
Users logging in from outside the trusted IP range will receive a login challenge. See Setting Trusted IP Ranges for Your Organization for full details.

Steps to Restrict Login IP Addresses at the Profile Level:

For more granular control, you can restrict login IP addresses in profiles. When IP restrictions are defined on a profile, any login attempt from an address outside the allowed range is denied entirely — not just challenged.
  1. Go to Setup → Users → Profiles.
  2. Select the profile to restrict.
  3. In the Login IP Ranges section, click New and enter the allowed IP range.
  4. Click Save.

Connected App IP and MFA Policies:

You can also define who can use your connected apps and from which IP addresses by managing access to your connected apps. These settings include user access, IP range restrictions, and MFA enforcement per connected app.

Monitor with Shield Event Monitoring

For enhanced alerting and visibility into activity across your org, consider Salesforce Shield's Event Monitoring product — a comprehensive security tool that alerts you to anomalous user behavior and proactively blocks suspicious activity.

What Event Monitoring Provides:

  • Visibility into who viewed what data and when

  • Records of where data was accessed from

  • Logs of when users change records via the UI

  • Login activity including location and access method

  • Integration with Security Information and Event Management (SIEM) tools

Additional Shield Capabilities:

Session Security:

Manage session security settings to limit exposure when users leave sessions unattended and to reduce the risk of internal session misuse. You can also manage session policies for connected apps to define how long a session can remain active before requiring reauthentication.

Номер статьи базы знаний

004333226

 
Загрузка
Salesforce Help | Article