Require High-Assurance Session Security for Sensitive Operations
To secure different setup areas in your org, require a high-assurance level of security for sensitive operations, such as accessing reports and managing IP addresses. You can also block users from accessing these setup areas.
Required Editions
| Available in: all editions |
| User Permissions Needed | |
|---|---|
| To modify session security settings: | Customize Application |
These settings apply only to users who have user permissions to access these operations. If users have a high-assurance session after logging in, they aren’t prompted to verify their identity in the same session, even if you require high assurance for sensitive operations.
- In Setup, enter Identity in the Quick Find box, and then click Identity Verification.
- Under Session Security Level Policies, raise the session security level to high assurance,
or block users.
- Reports and Dashboards—Controls access to reports and dashboards. This setting is also available on the Reports and Dashboards Access Policies page. You can change this setting in either location.
- Manage Encryption Keys—Controls access to the Platform Encryption page, the Certificate and Key Management Setup page, and the TenantSecret object.
- Manage Auth. Providers—Controls access to the Auth. Providers page, the User Details Setup page, and the AuthProvider object.
- Manage Certificates—Controls access to the Certificate and Key Management Setup page, Single Sign-On Settings Setup page, and the Certificate object.
- Manage Connected Apps—Controls access to the Connected Apps Setup pages and the App Manager Setup page.
- Manage Data Export—Controls access to the Data Export Setup page.
- Manage IP Addresses—Controls access to the Network Access Setup page.
- Manage Login Access Policies—Controls access to the Login Access Policies Setup page.
- Manage Password Policies—Controls access to the Password Policies Setup page and profile details.
- Manage Permission Sets and Profiles—Controls access to the Permission Sets and Profile Setup pages and related objects.
- Manage Roles—Controls access to the Roles Setup page, the UserRole object, and the Role object in Metadata API.
- Manage Sharing—Controls access to the Sharing Settings Setup page, the SharingRules object, and the CustomObject’s sharingModel field in Metadata API.
- Manage multi-factor authentication in API—Controls access to the VerificationHistory, TwoFactorInfo, and TwoFactorTempCode objects.
- Manage multi-factor authentication in User Interface—Controls access to the Identity Verification History Setup page and the VerificationHistory, TwoFactorInfo, and TwoFactorTempCode objects.
- Manage Users—Controls access to the Users Setup page.
- Unlock Users and Reset Passwords—Controls permission to reset passwords and unlock users on the Users Setup page.
- View Health Check—Controls access to the Health Check Setup page.
You can’t block users from accessing the setup areas controlled by the Manage Permission Sets and Profiles or Manage Users settings.
Did this article solve your issue?
Let us know so we can improve!
