Loading
Salesforce now sends email only from verified domains. Read More
Help Agent Performance DegradationRead More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Set IP Allowlist Ranges for Refresh Tokens

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Set IP Allowlist Ranges for Refresh Tokens

            To improve security and help protect your Salesforce data from unauthorized access, set an IP range to allow refresh tokens. When you turn on Enforce Refresh Token IP Allowlist, only IPs in allowed ranges can complete the OAuth web server flow or the refresh token flow.

            Required Editions

            Available in: Lightning Experience
            Available in: Professional, Performance, Unlimited, and Developer Editions
            Note
            Note IP allowlist ranges support both IPv4 and IPv6.

            Refresh Token IP Allowlists differ from Trusted IP Ranges in a few ways. Trusted IP ranges require verification of requests from IP addresses outside the trusted range. The IP allowlist for refresh tokens completely blocks requests that come form outside the allowed ranges. Also, trusted IP ranges affect device activation and might not trigger activation even if the request comes from a trusted IP address. Refresh token IP allowlists have no affect on device activation requests, so device activation will be triggered as long as the request comes from an allowed IP address.

            Configure IP range allowlists for refresh tokens. You can create up to 128 IP address ranges, with no more than 256 IP addresses total.

            1. From Setup, in the Quick Find box, enter External Client Apps Manager, and then select External Client Apps Manager.
            2. From the actions list for the external client app, select Edit Settings.
            3. Turn on Enforce Refresh Token IP Allowlist.
            4. In the Refresh Token IP Allowlist section, click Add.
            5. For the start IP address, enter a valid IP address. For the end IP address, enter the same or higher IP address.
              Enter multiple, discontinuous ranges by clicking Add.
             
            Loading
            Salesforce Help | Article