Restrict Login Access By IP Address (Control Access to Organisation)
By default, Salesforce doesn’t restrict the location for login access. However, for added security, administrators can restrict login access by IP.
Administrators can specify an IP address range for the entire organization as well as for specific user profiles, but the behavior is very different for each option.
If the login IP range is set at:
Organization Level
Users who log in outside the IP range(which is set) are shown a login challenge. If they complete the challenge question, typically by entering an activation code sent to their mobile device or email address, login access is granted. This method does not restrict access, entirely, for users outside of the IP range(which is set). Here the set IP range is called the “trusted” IP range.
Profile Level
Users outside the permitted IP range(which is set) are always denied access.