101 thoughts on “User Setup & Login Process – Free”
Hi John,
I am in my developer org as sysAdmin, and went to create a queue (Setup | Queues) to try queues out. But there is no button to create a queue.
Any idea why this would be? I checked the System Administrator profile and the three items Salesforce has documented are all checked.
That historically was the case, although the documentation isn’t crystal clear (if login ip ranges inherently are counted as trusted… seems yes):
Salesforce then checks whether the user’s profile has IP address restrictions. If IP address restrictions are defined for the user’s profile, logins from an undesignated IP address are denied, and logins from a specified IP address are allowed. If the Enforce login IP ranges on every request session setting is enabled, the IP address restrictions are enforced for each page request, including requests from client applications.
If profile-based IP address restrictions are not set, Salesforce checks whether the user is logging in from a device used to access Salesforce before.
If the user’s login is from a device and browser that Salesforce recognizes, the login is allowed.
If the user’s login is from an IP address in your organization’s trusted IP address list, the login is allowed.
If the user’s login is not from a trusted IP address or a device and browser Salesforce recognizes, the login is blocked.
What I am struggling to understand still is below scenario.
1. if i set up login range against a X profile lets say 10.1.1.1 – 10.1.1.5
2. I set up trusted ip range of 10.1.1.11-10.11.15
3. now user with profile X logs in from ip 10.1.1.11, will he be allowed to login?
My understanding is that trusted ip is used to bypass additional authentication(like sms based token number) and hence in above scenario user will not be allowed to login.
Hi John,
I have question regarding users and role hierarchy for data access as manager.
–>@any user’s edit page we can assign Manager to the user…as whom User have to report!.
–>And when other way Role hierarchy also have one more manager whom same user have to report,.
So this both have same access to subordinates data?
Tejal.
Took the test 2 weeks ago, one question came out like this (please dont take it literally) :
“Jane´s profile has login hours from 8am to 5pm. She is currently working on an Opportunity and the clock has just turn to 5pm, what will happen?
a) The session will be terminated, losing the work
b) The session will continue until Jane logs out, and she will not be able to log back in again until next business day at 8am
c) A pop up window will let Jane know her session is about to end
d) The session will be terminated, but Jane will be able to keep working on the same record
I will never know. But when testing on my DEV, it actually let me keep working and session did not terminate, then I assumed the session could go on and on. (Reason why I chose B)
When I tested again, I realized that after 6 minutes !!! (6 minutes is a lot) the session terminated. So I would blame the SF times not being too precise.
Any chance you had the default org time zone set differently (e.g. the default is probably PST)? 6 minutes does sound long- I did this test some time ago, but I remember it terminating my session almost down to the second.
I also had this question and am stumped because I get conflicting answers – but according to Salesforce why wouldn’t it be (d) – I think to not warn people when their session is ending and just boot them out leaving unsaved work lost is a very inefficient use of time – but no where can I find mention that the “Save” function would be nulled out – so even though she may not be able to add more content, she should be able to save the record and then session is terminated. Is my thinking wrong here?
https://help.salesforce.com/apex/HTViewHelpDoc?id=login_hours.htm&language=en_US
Set the days and hours when users with this profile can use the system.
To allow users to log in at any time, click Clear All Times. To prohibit users from using the system on a specific day, set the start and end times to the same value.
****If users are logged in when their login hours end, they can continue to view their current page, but they can’t take any further action.*****
If users are logged in when their login hours end, they can continue to view their current page, but they can’t take any further action.
–> this is misleading. If they leave the page open, the browser will continue to display CACHED information. If they REFRESHED the page after login hours expired, they would get logged out.
Any action (save, refresh, etc.) after login hours are expired would terminate the session and would be ignored (not saved).
Thanks John for getting back on this … perhaps I should add a post on the Ideas site to have some type of warning that the session is getting close to time out or allow “save” function to work on open records when login hours are enforced.
Cheers!
That’s a good idea!
Had this question on my exam, but the choices included:
Logged out – lose unsaved work
Logged out – unsaved work kept until next login
Now, is the correct answer still, logged out, lose unsaved work, since I can’t find any note that states the work unsaved will be kept? This was one (of many I should add) of those tricky questions on the exam that is gnawing at me as to which was correct.
Logged out, lose work is correct!
I will make a note of this for the next batch of updates.
The reason for this is that every action in salesforce (record view, save, etc.) is predicated on a valid session. The information isn’t saved anywhere (only shown locally to the user in the browser) until the save button (clicked by the user) invokes the save action at the database level. The save action will be rejected if the session is invalidated (by login hours in this case, or by the user being deactivated, whatever).
Hi John
If I up login hours on user profile X that are matched with my org. time zone say 8:00-18:00 CET. My colleague who has the user profile X is now login our org. environment from her business trip in NYC, she logs in at 13:00PM NYC time but it is way pass the time indicated on her profile (on CET time zone) – will she be able to login?
So in this case, I would need to change her login hours on her user record? is that the Locale field?
Would that allow her to login outside of defined org default hours?
Login hours are configured on the profile and are matched against the org default time zone- you would need to adjust the login hours on the profile to match the org hours.
I got a bit confused..
1. We are able to set up Organisation login hours and even create teams that might have different login hours
ONLY for the purpose of Escalation process?
2. Profile: we can assign login hours on profile
Determine the time a user can login in?
3. User record: locale setting
Not sure what this affect?!
1. Login hours PREVENT login at certain times of the day. Login hours are based on the organization time zone- make sure to do the time zone math accordingly. This means if you needed to enforce login hours based on region, you would need a new profile for each region in a different time zone.
2. Yes
3. Locale does things like change the date format (e.g. from MM/DD/YYYY to DD/MM/YYYY)- more to it than that but that’s an example.
Under section: Session Security Levels
Two-Factor Authentication — High Assurance
John, could you please explain what two-factor auth. means?
2 factor is just that- 2 different ways to validate upon authentication.
The most common form of authentication is 1 factor- password.
If you were to add a second component (in ADDITION to the password), such as a bio-metric fingerprint scan (or token generation, or any number of other options), you would have two methods of authentication- hence 2 factors.
Lock sessions to the domain in which they were first used Associates a current UI session for a user, such as a community user, with a specific domain to help prevent unauthorized use of the session ID in another domain. This preference is enabled by default for organizations created with the Spring ’15 release or later.
I have noticed that this is not enabled at my org. – is it something I should consider? I must say i am not sure i fully understand it could you please explain or direct me to reference on this?
I believe what this setting is doing is restricting a session to a single domain upon login. For example if you logged in via the community site (e.g. community.yourorg.com) but then tried to access the full salesforce site (e.g. myorg.my.salesforce.com – with my domain enabled), you would then have to re-authenticate to facilitate access (even if you were using the same credentials).
A custom hierarchy field is a lookup from the user object to the user object. (e.g. A field to indicate a cross-report to a secondary non-direct manager)
I think it reads OK as written, but others please chime in if you think this is unclear: Describe the different methods that can be used to authenticate to Salesforce.
Hi John noticed 2 things
1) SMS Identity Confirmation [Could / Long / Salesforce.com] this link is broken now
2) Minor thing, the link User Authentication [Must / 6m / CertifiedOnDemand.com] refers to IP addresses and appears before the link What is an IP address?
[Could / Long / howstuffworks.com]. Might be useful to get the IP information earlier.
Hi John, I guess as of Summer 15 update users no longer need to grant Admins access, Admins can log in as Any user and is is now a standard feature, correct?
Please confirm. When the business hours are set at the company profile level, blank = closed/no access and 12:00 AM-12:00 AM=24-hour access. When login hours are set at the user profile level, 12:00AM-12:00AM=closed/no access.
If this is right, what does “None” mean at the user profile level? Does it mean 24-hour access?
Set 24 hours checkbox for biz hours for around the clock; they are declared org wide but multiple hours can be set and referenced in case management. No login hours declared on the profile will allow 24 hour access. When login hours are set, then they are enforced.
Hi John, can I check for this question: If user was logged in at 4.55pm but 5pm is the restricted time frame. What will happen after 5pm? Will he be automatically logged out with his items saved?
The next action they take after 5pm will log them out – that means if they don’t click ‘save’ before 5pm, then their work will not be saved. Doesn’t matter what the action is (save, view a new record, report, etc.), they will get logged out.
When logged in the top navigation bar continues to display ‘Login’ instead of ‘Logout’. However when I’m leaving this message it does correctly state that I’m logged in as ……
Hi , quick question on queues, when assigning a case to a queue on creation, is it best practice to use assignment rules or a workflow which changes the owner when the record is saved? Or, doesn’t it matter?!
There is one question about a user’s unsuccessful attempts to login. Administrator checked and found out the user trying with incorrect password. What should Administrator do? There are two options to choose out of four options.
a. Click reset password on users detail page.
b. Send email with users password.
c. Click unlock on user’s record detail page.
d. login as user and reset password.
Option “a” is valid one but rest don’t make any sense to me.
i. I am not able find any unlock option (Salesforce help:Resetting locked-out users’ passwords automatically unlocks their accounts as well.).
ii. No option to send email user’s password as this done with reset as well.
iii. Why you need to login as user (if possible) and reset password where reset password option is there.
I have searched the possible answers and found the options a,c everywhere but I am not convinced. So your help required hope you don’t mind
A user’s account can get locked if they attempt to login too many times with an invalid password. Check the security settings in the org- it will indicate the max # of attempts and the lockout policy. You may not see the option to unlock the account if it is not currently locked. I suspect A & C are valid- where is the question coming from?
You are right, when user locked out an “Unlock” button appears on user detail page which unlock the user and user can still use old password where as resetting password reset/change user’s password and it unlock the user as well.
I have simulated this scenario and found that system will logged you out with the message:
“Your login attempt has failed. The username or password may be incorrect, or your location or login time may be restricted. Please contact the administrator at your company for help.”
Correct- and it should not allow the user to take any actions (CRED) after login hours have expired. It won’t show them logged out on the screen until they refresh the page or try to take some action.
User trying to login but after several attempts he/she failed. You as administrator checked and there is no login attempt by this user at all. What is the reason ?
* I think he is using wrong user id but there is no option to select as wrong user id.
Login access will be denied if they are outside the login IP range set on the profile. Think of the scenario where someone in a department that should not have access is attempting to login. They are still a part of the company, and inside the trusted range, but they are not part of the department that has been allowed access.
*****This exact question was on my exam***** and I drew a little picture on the paper to help myself create the scenario.
[—Trusted Range———(Login IP Range)—-{user_in_question}——]
Looks like they have removed the video entitled Securing your sales force organization as of 12/4/2014. Is there something else we should look at as a substitute?
Sales Cloud editions — Group Edition includes ‘Contact Management’, I do not see a separate edition for Contact Manager, please refer to the link below:
seen from the exam asking, Which Feature Restricts a user’s ability to log into Salesforce? Choose 2.
A. Trusted IP Ranges
B. Login Hours
C. Login IP Ranges
D. Password Policies.
D is obviously out.
Amongst options A, B and C, many people advocate that A and B are the right answers. However, according to your definition for each of these methods suggest that Login Hours and Login IP Ranges limit users to access, whereas Trust IP Ranges remove the restriction. Hence I would choose B and C as right answers against the majority of the people.
I’ve added a disclaimer to the start of the guide – the Improved Setup User Interface needs to be disabled. The instructions will then work. If the enhanced setup menu is enabled, the steps will vary some.
Hi John,
I am in my developer org as sysAdmin, and went to create a queue (Setup | Queues) to try queues out. But there is no button to create a queue.
Any idea why this would be? I checked the System Administrator profile and the three items Salesforce has documented are all checked.
Thanks,
Hank
Never mind – I see it now.
What did you see 😉 We are all learning from each other!
Hi John,
‘What languages does Salesforce support?’ link in not valid anymore.
Cheers,
Sid
Thanks, updated
Hi John, if ip range restriction is applied on profiles in an org, then trusted ip range is irrelevant, correct?
Regds
Nikhil
Hi Nikhil,
That historically was the case, although the documentation isn’t crystal clear (if login ip ranges inherently are counted as trusted… seems yes):
Salesforce then checks whether the user’s profile has IP address restrictions. If IP address restrictions are defined for the user’s profile, logins from an undesignated IP address are denied, and logins from a specified IP address are allowed. If the Enforce login IP ranges on every request session setting is enabled, the IP address restrictions are enforced for each page request, including requests from client applications.
If profile-based IP address restrictions are not set, Salesforce checks whether the user is logging in from a device used to access Salesforce before.
If the user’s login is from a device and browser that Salesforce recognizes, the login is allowed.
If the user’s login is from an IP address in your organization’s trusted IP address list, the login is allowed.
If the user’s login is not from a trusted IP address or a device and browser Salesforce recognizes, the login is blocked.
https://help.salesforce.com/articleView?id=admin_loginrestrict.htm&language=en_US&type=0
What I am struggling to understand still is below scenario.
1. if i set up login range against a X profile lets say 10.1.1.1 – 10.1.1.5
2. I set up trusted ip range of 10.1.1.11-10.11.15
3. now user with profile X logs in from ip 10.1.1.11, will he be allowed to login?
My understanding is that trusted ip is used to bypass additional authentication(like sms based token number) and hence in above scenario user will not be allowed to login.
Regds
Nikhil
Correct they should not be able to login, as they are outside of the login ip range
Queues Overview Link is not working..Please correct it.
fixed, thanks
Do you offer a study guide for the App Developer certification? I thought the Admin study guide was extremely helpful.
Thanks Diana
Not at this time but considering 🙂
Hi John,
i have an exam on Tuesday, so please advise.
when a user is logged in and time expires what happens, i am getting 2 contrasting views
thanks
They should get logged out
immediately or when they try to move to a different page within Salesforce?
Different page (or any action, e.g. save)
Hi John,
I have question regarding users and role hierarchy for data access as manager.
–>@any user’s edit page we can assign Manager to the user…as whom User have to report!.
–>And when other way Role hierarchy also have one more manager whom same user have to report,.
So this both have same access to subordinates data?
Tejal.
Manager only influences security if manager groups are used- otherwise it is role hierarchy only
John,
Manager group????
No idea..:(
I was only asking for single manager selection at subordinate’s user’s detail .
Tejal.
Hi john,
I wan to know where can we see API request from any users?
Thank you
Tejal.
You can see login requests through the user audit log (when they have logged in via the API) from the user record- hope that helps!
where can i find audit log?….:(
Can u pls navigate me…
Thank you
Tejal.
Login history under the user record.
Took the test 2 weeks ago, one question came out like this (please dont take it literally) :
“Jane´s profile has login hours from 8am to 5pm. She is currently working on an Opportunity and the clock has just turn to 5pm, what will happen?
a) The session will be terminated, losing the work
b) The session will continue until Jane logs out, and she will not be able to log back in again until next business day at 8am
c) A pop up window will let Jane know her session is about to end
d) The session will be terminated, but Jane will be able to keep working on the same record
Please comment on this, especially after listening to “Who sees what: Organization Access” between 0:51 and 1:06 (link provided)
https://www.youtube.com/watch?v=IYS9fwsZZ-s&index=2&list=PL6747B4DAE356E17C
Thanks,
JR
It should be A- no actions can be taken (including saving a record) and all current sessions will be terminated once login hours are out of range.
I will never know. But when testing on my DEV, it actually let me keep working and session did not terminate, then I assumed the session could go on and on. (Reason why I chose B)
When I tested again, I realized that after 6 minutes !!! (6 minutes is a lot) the session terminated. So I would blame the SF times not being too precise.
Any clues?
Any chance you had the default org time zone set differently (e.g. the default is probably PST)? 6 minutes does sound long- I did this test some time ago, but I remember it terminating my session almost down to the second.
I also had this question and am stumped because I get conflicting answers – but according to Salesforce why wouldn’t it be (d) – I think to not warn people when their session is ending and just boot them out leaving unsaved work lost is a very inefficient use of time – but no where can I find mention that the “Save” function would be nulled out – so even though she may not be able to add more content, she should be able to save the record and then session is terminated. Is my thinking wrong here?
https://help.salesforce.com/apex/HTViewHelpDoc?id=login_hours.htm&language=en_US
Set the days and hours when users with this profile can use the system.
To allow users to log in at any time, click Clear All Times. To prohibit users from using the system on a specific day, set the start and end times to the same value.
****If users are logged in when their login hours end, they can continue to view their current page, but they can’t take any further action.*****
If users are logged in when their login hours end, they can continue to view their current page, but they can’t take any further action.
–> this is misleading. If they leave the page open, the browser will continue to display CACHED information. If they REFRESHED the page after login hours expired, they would get logged out.
Any action (save, refresh, etc.) after login hours are expired would terminate the session and would be ignored (not saved).
Thanks John for getting back on this … perhaps I should add a post on the Ideas site to have some type of warning that the session is getting close to time out or allow “save” function to work on open records when login hours are enforced.
Cheers!
That’s a good idea!
Had this question on my exam, but the choices included:
Logged out – lose unsaved work
Logged out – unsaved work kept until next login
Now, is the correct answer still, logged out, lose unsaved work, since I can’t find any note that states the work unsaved will be kept? This was one (of many I should add) of those tricky questions on the exam that is gnawing at me as to which was correct.
Logged out, lose work is correct!
I will make a note of this for the next batch of updates.
The reason for this is that every action in salesforce (record view, save, etc.) is predicated on a valid session. The information isn’t saved anywhere (only shown locally to the user in the browser) until the save button (clicked by the user) invokes the save action at the database level. The save action will be rejected if the session is invalidated (by login hours in this case, or by the user being deactivated, whatever).
Hi John
If I up login hours on user profile X that are matched with my org. time zone say 8:00-18:00 CET. My colleague who has the user profile X is now login our org. environment from her business trip in NYC, she logs in at 13:00PM NYC time but it is way pass the time indicated on her profile (on CET time zone) – will she be able to login?
Regards,
Gil
Login hours are based on the org default time zone; the user’s time zone will have no impact.
https://help.salesforce.com/apex/HTViewHelpDoc?id=login_hours.htm&language=en_US
Hi John,
So in this case, I would need to change her login hours on her user record? is that the Locale field?
Would that allow her to login outside of defined org default hours?
Login hours are configured on the profile and are matched against the org default time zone- you would need to adjust the login hours on the profile to match the org hours.
I got a bit confused..
1. We are able to set up Organisation login hours and even create teams that might have different login hours
ONLY for the purpose of Escalation process?
2. Profile: we can assign login hours on profile
Determine the time a user can login in?
3. User record: locale setting
Not sure what this affect?!
on point 3: http://beta.certifiedondemand.com/salesforce-user-localization-settings/
Ok!
1. Login hours PREVENT login at certain times of the day. Login hours are based on the organization time zone- make sure to do the time zone math accordingly. This means if you needed to enforce login hours based on region, you would need a new profile for each region in a different time zone.
2. Yes
3. Locale does things like change the date format (e.g. from MM/DD/YYYY to DD/MM/YYYY)- more to it than that but that’s an example.
Under section: Session Security Levels
Two-Factor Authentication — High Assurance
John, could you please explain what two-factor auth. means?
Regards,
Gil
Sure- for more detail: https://en.wikipedia.org/wiki/Two-factor_authentication
2 factor is just that- 2 different ways to validate upon authentication.
The most common form of authentication is 1 factor- password.
If you were to add a second component (in ADDITION to the password), such as a bio-metric fingerprint scan (or token generation, or any number of other options), you would have two methods of authentication- hence 2 factors.
Thank you:)
Lock sessions to the domain in which they were first used Associates a current UI session for a user, such as a community user, with a specific domain to help prevent unauthorized use of the session ID in another domain. This preference is enabled by default for organizations created with the Spring ’15 release or later.
I have noticed that this is not enabled at my org. – is it something I should consider? I must say i am not sure i fully understand it could you please explain or direct me to reference on this?
Many thanks,
Gil
I believe what this setting is doing is restricting a session to a single domain upon login. For example if you logged in via the community site (e.g. community.yourorg.com) but then tried to access the full salesforce site (e.g. myorg.my.salesforce.com – with my domain enabled), you would then have to re-authenticate to facilitate access (even if you were using the same credentials).
http://help.salesforce.com/apex/HTViewHelpDoc?id=users_freeze.htm&language=en_US
“Let’s say a user just left your company. You want to deactivate the account, but the user is selected in a custom hierarchy field. Because you can’t immediately deactivate the account, you can freeze it in the meantime.”
I am not sure i understand what “selected in a custom hierarchy field” means, could you please explain it?
Thank you,
Gil
A custom hierarchy field is a lookup from the user object to the user object. (e.g. A field to indicate a cross-report to a secondary non-direct manager)
in user Authentication in objective “User ” word is missing i think.
I think it reads OK as written, but others please chime in if you think this is unclear: Describe the different methods that can be used to authenticate to Salesforce.
Hi John noticed 2 things
1) SMS Identity Confirmation [Could / Long / Salesforce.com] this link is broken now
2) Minor thing, the link User Authentication [Must / 6m / CertifiedOnDemand.com] refers to IP addresses and appears before the link What is an IP address?
[Could / Long / howstuffworks.com]. Might be useful to get the IP information earlier.
Thanks
Fixed the link. Will think about moving the ip info, thanks.
Hi John, I guess as of Summer 15 update users no longer need to grant Admins access, Admins can log in as Any user and is is now a standard feature, correct?
It might be auto-enabled in new orgs… I can still configure it in my existing org.
The link to SMS Identity confirmation is broken.
Letting Your Salesforce Administrator Access Your Account – The video has been removed.
I’m experiencing the same issue. It says : This video has been removed by the user.
Updated, thanks
Please confirm. When the business hours are set at the company profile level, blank = closed/no access and 12:00 AM-12:00 AM=24-hour access. When login hours are set at the user profile level, 12:00AM-12:00AM=closed/no access.
If this is right, what does “None” mean at the user profile level? Does it mean 24-hour access?
Set 24 hours checkbox for biz hours for around the clock; they are declared org wide but multiple hours can be set and referenced in case management. No login hours declared on the profile will allow 24 hour access. When login hours are set, then they are enforced.
Hi John, can I check for this question: If user was logged in at 4.55pm but 5pm is the restricted time frame. What will happen after 5pm? Will he be automatically logged out with his items saved?
The next action they take after 5pm will log them out – that means if they don’t click ‘save’ before 5pm, then their work will not be saved. Doesn’t matter what the action is (save, view a new record, report, etc.), they will get logged out.
When logged in the top navigation bar continues to display ‘Login’ instead of ‘Logout’. However when I’m leaving this message it does correctly state that I’m logged in as ……
Correct, the menu system does not change when you login.
Needs editing:
The security token is mechanism
…should read
The security token is a mechanism
Thanks, updated. I had good grammar once upon a time 🙂
Hi , quick question on queues, when assigning a case to a queue on creation, is it best practice to use assignment rules or a workflow which changes the owner when the record is saved? Or, doesn’t it matter?!
Many thanks,
Katie
I would review the service cloud section – if you can use an assignment rule, best practice would be to use an assignment rule over workflow
Thanks John putting everything together. I have passed today and this site really helps a lot. Looking forward to see Advance stuff soon.
Regards
Congratulations Mian! I second the motion for more courses if you can find the time, John.
Congrats Mian! Will work on additional courses one of these days 🙂
Congrats.
How long did it take you to go through everything, and do you have other experience? Yes, this site is really to the point and excellent.
There is one question about a user’s unsuccessful attempts to login. Administrator checked and found out the user trying with incorrect password. What should Administrator do? There are two options to choose out of four options.
a. Click reset password on users detail page.
b. Send email with users password.
c. Click unlock on user’s record detail page.
d. login as user and reset password.
Option “a” is valid one but rest don’t make any sense to me.
i. I am not able find any unlock option (Salesforce help:Resetting locked-out users’ passwords automatically unlocks their accounts as well.).
ii. No option to send email user’s password as this done with reset as well.
iii. Why you need to login as user (if possible) and reset password where reset password option is there.
I have searched the possible answers and found the options a,c everywhere but I am not convinced. So your help required hope you don’t mind
Regards
A user’s account can get locked if they attempt to login too many times with an invalid password. Check the security settings in the org- it will indicate the max # of attempts and the lockout policy. You may not see the option to unlock the account if it is not currently locked. I suspect A & C are valid- where is the question coming from?
Thanks for your quick reply.
You are right, when user locked out an “Unlock” button appears on user detail page which unlock the user and user can still use old password where as resetting password reset/change user’s password and it unlock the user as well.
Thanks again for your help.
What actually happen when user is working on something but login hours end time reached.
Will user be forcely logged out ?
Will user be able to continue work until he/she logged out ?
According to salesforce help user will be able to continue work but its not clear if user can do any CRUD actions/save changes or what ?
I have simulated this scenario and found that system will logged you out with the message:
“Your login attempt has failed. The username or password may be incorrect, or your location or login time may be restricted. Please contact the administrator at your company for help.”
Correct- and it should not allow the user to take any actions (CRED) after login hours have expired. It won’t show them logged out on the screen until they refresh the page or try to take some action.
User trying to login but after several attempts he/she failed. You as administrator checked and there is no login attempt by this user at all. What is the reason ?
* I think he is using wrong user id but there is no option to select as wrong user id.
Wrong user ID is the only possible answer unless they went to the wrong login URL. (test.salesforce.com for example)
This question was also on my exam and wrong user ID was an option. (and the one I selected)
Thanks Paul.
User trying to login from an IP.
IP is in Company trusted IP range but not in Login IP range.
Will user be able to login or access will be denied ?
Login access will be denied if they are outside the login IP range set on the profile. Think of the scenario where someone in a department that should not have access is attempting to login. They are still a part of the company, and inside the trusted range, but they are not part of the department that has been allowed access.
*****This exact question was on my exam***** and I drew a little picture on the paper to help myself create the scenario.
[—Trusted Range———(Login IP Range)—-{user_in_question}——]
Hope this helps.
Thanks
Looks like they have removed the video entitled Securing your sales force organization as of 12/4/2014. Is there something else we should look at as a substitute?
Thanks for the update – this information should be well covered in the security section, I wouldn’t worry too much about additional material.
“How to implement two factor authentication” is now 404
Thanks Paul, updated
Hello John,
Sales Cloud editions — Group Edition includes ‘Contact Management’, I do not see a separate edition for Contact Manager, please refer to the link below:
http://www.salesforce.com/crm/editions-pricing.jsp
It is referenced in the PDF: http://www.salesforce.com/crm/editions-pricing.jsp
Something to be aware of but not really critical to the exam by any stretch…
Thank you.
typo:
This is their primarily license.
thanks updated
seen from the exam asking, Which Feature Restricts a user’s ability to log into Salesforce? Choose 2.
A. Trusted IP Ranges
B. Login Hours
C. Login IP Ranges
D. Password Policies.
D is obviously out.
Amongst options A, B and C, many people advocate that A and B are the right answers. However, according to your definition for each of these methods suggest that Login Hours and Login IP Ranges limit users to access, whereas Trust IP Ranges remove the restriction. Hence I would choose B and C as right answers against the majority of the people.
Can you please assist?
Thanks,
Kaira- correct.
Trusted IP Ranges do not prevent access; B & C would be correct.
What majority are you referring to btw?
FYI – just doubled check for my own sanity, B&C is correct 🙂
http://help.salesforce.com/apex/HTViewSolution?id=000005594&language=en_US
https://help.salesforce.com/htviewhelpdoc?id=security_networkaccess.htm&siteLang=en_US
Letting Your Salesforce Administrator Access Your Account: The steps have changed a bit .. so the video might need an updation
I’ve added a disclaimer to the start of the guide – the Improved Setup User Interface needs to be disabled. The instructions will then work. If the enhanced setup menu is enabled, the steps will vary some.
Hi!
In the text to the right of “Understanding User License Types”.
“Every user must be assigned one (and only one) feature license. This is their primarily license.
Users can also optionally be assigned one or more feature licenses.”
Should it read, “Every user must be assigned one (and only one) USER license. This is their primarily license.
Users can also optionally be assigned one or more feature licenses.”
Thanks Julie, this is updated!
The video, Securing Your Salesforce Organization, isn’t loading so I’ve raised a case with Salesforce support.