- Salesforce Platform App Builder Certification Handbook
- Siddhesh Kabe
- 467字
- 2021-07-16 11:21:38
Authentication on Force.com
We can log in to Force.com from any standard web browser or third-party application. As a security measure, Salesforce tries to prevent unauthorized access to your account as it requires verification whenever you log in from a new IP address. The user is authenticated using the username, password, and the IP address of the system. The IP address where account is created is automatically white-listed for the user:
Every time the user logs in from a separate IP address, the application verifies the IP by sending an e-mail to the registered e-mail address in the personal profile. Alternatively, the system administrator can enable access by setting the trusted IP ranges. Users who log in from the white-listed IP ranges are not asked to validate their IP address or the security token.
Tip
The Force.com username is in the format of an e-mail address: xyz@abc.com; the username is unique across the global organization of Salesforce. If you already have a developer organization with abc@hotmail.com, you won't be able to create another one in with the same username. You can give a separate username (someone@something.com) and a valid e-mail (abc@hotmail.com) in this case.
Exercise – adding trusted IP addresses
Use the following steps to whitelist an IP address:
- Go to Setup | Administer | Security Controls | Network Access.
- Add your IP address to Trusted IP Ranges, as shown in the following screenshot:
If you are within a LAN network of your office, university, and so on, the IP address given by the ipconfig command in DOS will give you the internal network-specific IP. This IP address is not seen by Force.com; you need the public domain IP address to whitelist the address. To find your public domain IP address, you can visit http://www.whatismyip.com.
Whitelisting the IP address has its own pros and cons; the main benefit is that when logging in via the API, such as with Data Loader or the Force.com IDE, you aren't challenged to provide the security token. The disadvantage is that the security token challenge and IP address verification challenge are not enforced, thus lowering the security threshold of a malicious login attempt.
When you log in to Force.com from a third-party tool, such as the Force.com IDE, Outlook Edition, Data Loader, or the API, you need an additional security token along with a username and password. Every login user gets a security token tied to the password. We need to reset the security token the first time. It is automatically reset whenever the password is changed.
Exercise – resetting security tokens
Reset your security token in the new org.
To reset your security token, navigate to Your Name | My Settings | Personal | Reset My Security Token, as shown in the following screenshot, and click on Reset Security Token:
- Instant Node Package Manager
- Docker技術(shù)入門與實(shí)戰(zhàn)(第3版)
- TensorFlow Lite移動(dòng)端深度學(xué)習(xí)
- Learning Selenium Testing Tools with Python
- Mastering QGIS
- Dependency Injection in .NET Core 2.0
- HTML5 and CSS3 Transition,Transformation,and Animation
- Java編程技術(shù)與項(xiàng)目實(shí)戰(zhàn)(第2版)
- KnockoutJS Starter
- Microsoft Azure Storage Essentials
- 現(xiàn)代C++編程實(shí)戰(zhàn):132個(gè)核心技巧示例(原書第2版)
- Mastering Python Design Patterns
- jQuery從入門到精通(微課精編版)
- SCRATCH編程課:我的游戲我做主
- HTML5 Canvas核心技術(shù):圖形、動(dòng)畫與游戲開發(fā)