Restrict Login Access by IP Address (Control Access to Organisation)

By default, Salesforce doesn’t restrict the location for login access. However, for added security, administrators can restrict login access by IP.

Administrators can specify an IP address range for the entire organization as well as for specific user profiles, but the behavior is very different for each option.

If login IP range is set at:

Organization level:

Users who log in outside the set range are shown a login challenge. If they complete the challenge question, typically by entering an activation code sent to their mobile device or email address, login access is granted. This method does not restrict access, entirely, for users outside of the set IP range. Here the set IP range is called the “trusted” IP range.

Profile level:

Users outside the permitted range are always denied for the access.

Let us now learn how to restrict login access by time.

Share This Post