Loading
Salesforce now sends email only from verified domains. Read More
Help Agent Performance DegradationRead More
Manage Users and Data Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Edit Session Settings in Profiles

            You are here:

            1. Salesforce Help
            2. Docs
            3. Manage Users and Data Access

            Edit Session Settings in Profiles

            You can control session settings on a user profile basis. If you don’t configure the profile session settings, the org’s session settings apply to users of the profile. When set, the profile settings override the org-wide settings.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: Essentials, Professional, Enterprise, Performance, Unlimited, Developer, and Database.com Editions
            Custom Profiles available in: Essentials, Professional, Enterprise, Performance, Unlimited, and Developer Editions
            User Permissions Needed
            To edit session and password settings in profiles: Manage Profiles and Permission Sets
            1. From Setup, in the Quick Find box, enter Profiles, and then select Profiles.
            2. Select a profile.
            3. Depending on which user interface you’re using, take the corresponding step.
              • In the enhanced profile user interface, click Session Settings, and then click Edit.
              • In the original profile user interface, click Edit, and then scroll to the Session Settings section.
            4. For Session Times Out After, select a timeout value from the dropdown list.
              Set how many minutes or hours of inactivity elapse before a user’s authentication session times out. At the end of the session, the user must log in again.
            5. For Session Security Level Required at Login, select High Assurance to require users to verify their identity with multi-factor authentication when they log in. After users authenticate successfully, they’re logged in to Salesforce.
              It’s possible that users are prompted to verify their identity with multi-factor authentication twice during an OAuth approval flow. The first challenge is on the UI session. The second challenge happens when the access token is bridged into the UI because the High Assurance session security level isn’t transferred to the access token.
            6. Enable different login policies for your org’s employees depending on whether they log in to Salesforce or an Experience Cloud site.
              1. To give employees less restrictive access to a site as compared to logging in to Salesforce, select Separate Experience Cloud site and Salesforce login authentication for employees.

                Employees are often required to log in to Salesforce from the corporate network or VPN. If you don’t select this option, employees have the same policies for logging in to Salesforce and to their Experience Cloud sites.

                When you select this option, Salesforce and Experience Cloud sites are treated as separate apps, so you can loosen site login policies for employees. As a result, employees with an active Salesforce session can be required to log in again when accessing a site. And employees who log in to a site can be required to log in to Salesforce.

                When employees who have these options enabled in their profile navigate to Experience Cloud site workspaces, they’re prompted to log in to the site again. Users who have these options enabled and the required permissions can still create Experience Cloud sites.

                Note
                Note External customers and partners can typically log in to Experience Cloud sites without such restrictive login policies.
              2. To ignore IP address restrictions for this user profile, select Relax login IP restrictions.
              3. To make it easier for employees to access Experience Cloud sites, select Skip employee device activation during Experience Cloud site login.
                With this setting enabled, Salesforce doesn’t prompt employees for identity verification when they access an Experience Cloud site from an unrecognized browser, device, or IP address. This setting doesn’t skip device activation when an employee logs in to your org.
              4. To support authorization with OAuth for employees who have the Separate Experience Cloud site and Salesforce login authentication for employees setting enabled on their profile, select Allow OAuth for employees.
            7. Optionally, for customer and partner profiles, configure these extra settings.
              1. To control how long a customer or partner session lasts before the user must log in again, for Session Times Out After, select a timeout value from the dropdown list.
                The maximum session length depends on the community user license associated with the profile. For most community licenses, such as the Customer Community User and Partner Community licenses, the maximum length is 24 hours. For the External Identity and High Volume Customer Portal licenses, you can extend sessions up to 7 days.
              2. To improve security by requiring customers and partners to verify their identity when they log in from an unrecognized browser, device, or IP address, select Enable device activation for customers.
                This option applies to users with community licenses or the External Identity license.
              3. To prevent customers or partners from being logged out when they close the browser, select Keep users logged in when they close the browser.
                This setting keeps customer or partner user sessions active until users log out of the site or the session times out. If you don’t select this setting, customers or partners are logged out when they close their browser. This option applies only to the External Identity and High Volume Customer Portal licenses.
            8. Save your changes.
             
            Loading
            Salesforce Help | Article