Identity Check

From now on, the login process at salesforce.com depends not only on the user-name, the password and the limits concerning time anymore, but additionally on the IP-address and the physical location where the login is tried from.

An activation is required in order to log in over an unknown IP-address. Therefore the login will initially fail. By receiving an error mail, the user is asked to log in over a so-called login link. The validity of this link is 24 hours.

The system administrator can define reliable IP-addresses and IP-areas within the safety regulations that can be found at Setup | Security Controls| Network Access. So the process that has been described above needn’t be fulfilled since users can log in without any difficulty from these IP-areas.
 


After having analyzed the login history of the last weeks, Salesforce predefined the hitherto used IP-areas in the course of the introduction of the new safety regulations. Administrators urgently have to check and if applicable extend these IP-areas or even define new ones. For that purpose, considering the login history of the users seems to be meaningful. It can be found at Setup | Manage Users| Users.

Desktop Applications

A “personal token” must be attached to the password in order to log in over the desktop applications of an “unreliable computer” such as Connect for Outlook, Connect Offline, Connect for Office, Connect for Lotus Notes or the Data Loader. This token is a safe, automatically generated password by salesforce.

{mypasswordXXTokenXX}

The user can have the token sent by using the personal adjustment which can be found at My personal Information | Reset My Security Token.
 


As long as the user either generates a new token or establishes a new password, the token remains the same. By changing the password, a new token is generated and sent to the user.

Concerning the integration of outlook, the token can be saved within the salesforce regulations for outlook. It is necessary to manually fill in the token for other desktop applications. The token is only necessary if the IP-address hadn’t been defined as reliable before.

New registration-website for salesforce.com:
https://login.salesforce.com

On 13th December Salesforce.com introduces a new login-website. Administrators should inform their users in order to enable them to update their bookmark. If you log in on salesforce.com as usual, no problems will occur. The administrator must change the URL for organizations using Single Sign On.

Please see trust.salesforce.com for further information.