Home
IT Hub

Best Login Security Practices for Salesforce Users

Salesforce
Reco Security Experts
Updated
July 1, 2024
July 1, 2024

Salesforce is one of the most secure CRM tools among its competitors, and with its multiple clouds, businesses can tailor each cloud to the exact needs of their users. Its function is to help companies store and manage their data effectively. Specific standard guidelines are expected to be met, known as best practices. 

Logging into Salesforce is not merely a routine action; it is the first access point for any user. Everything outside the org barely affects the internal operations of a Salesforce-using firm. Therefore, it is crucial that the security at this point of entry is rock-solid to ward off any strange entrants. This article will examine some of the best login security practices for Salesforce users.

Multi-Factor Authentication (MFA)

Multi-factor authentication in Salesforce is an additional layer of security that protects a company’s Salesforce org from being invaded by outsiders. Every Salesforce administrator must fully understand the processes of implementing MFA for their Salesforce org. While MFA is a simple process, it could be complicated if not studied with aim. Understand the options you have to implement MFA based on your business needs. More importantly, train your users to navigate MFA to make your work easier. When your users know what to do when they suspect they are being targeted, you are one step ahead in protecting your Salesforce org. We have a detailed article on how Multi-factor authentication can be implemented in your org.

The above image shows how to access the multi-factor authentication Assistant in a Salesforce Org through the Setup menu, using the quick find search bar to locate the multi-factor authentication option.

Principle of Least Privilege (PoLP)

It is essential to ensure that the correct data within the org is accessible only to the appropriate users. The Principle of Least Privilege states that users should only be granted access to the information necessary for their role. This principle applies to all types of organizations and cloud platforms. For businesses utilizing the Sales cloud, it is recommended that Sales representatives only be provided access to the information essential for their job performance. In the case of non-profit cloud users, Salesforce suggests that Salesforce Administrators prioritize security and permission settings by restricting data access to the minimum required level while ensuring that all users can carry out their job responsibilities effectively.

This image shows the steps to specify IP ranges on Salesforce using Trusted IP Ranges. The process involves navigating to the Setup menu and selecting Network Access. 

Set Login Ranges and Trusted IPs

Salesforce's security architecture enables Salesforce administrators to establish login ranges and trusted IPs. Restricting access based on IP addresses helps safeguard data from unauthorized access and phishing attacks. When IP ranges are defined, the Salesforce administrator specifies a range of allowed IP addresses, ensuring that unidentified IPs are denied access or prompted to authenticate their login request.

The above image shows how to set trusted IP ranges on Salesforce by accessing the network access section within the Setup menu. 

Cautiously Assign Profiles

Profiles in Salesforce determine the level of permissions a user can have. They are essential aspects of any user's experience and must be assigned with care. Profiles are manually assigned to users upon creation. The apex profile in Salesforce is the System Administrator profile, usually assigned to the Salesforce Administrator. The Salesforce Administrator is responsible for setting up Salesforce for their org and ensuring the platform runs smoothly. Salesforce Administrators have special permissions; they can add or deactivate users and define what they can or cannot see in the org. They can create objects, workflows, reports, and much more! The System Administrator profile is not a profile that should be assigned carelessly. It is best practice to assign this profile only to users who need the highest level of access to the Salesforce org. Assigning the System Administrator profile to users who do not need it can expose your Salesforce org to dangerous security risks.

The above image shows how to access profiles in your Salesforce organization by going through Setup, using Quick Find, and selecting Profiles.

Other Security Best Practices

There are security best practices that Salesforce administrators should follow on their org while carrying out various admin duties. Some of them include:

Understanding Data Privacy Laws

As an administrator, ensure you understand and review the unique laws guiding your business and its org. Particularly, understand what constitutes Personally Identifiable Information (PII) and what rules apply to your organization. For instance, the General Data Protection Regulation (GDPR) regulates data protection for organizations that deal with data in the European Union.

Run Health Checks

Health Checks are a vital tool for administrators to maintain Salesforce security. They provide a comprehensive understanding of how well your org meets Salesforce security risks and can be instrumental in limiting data loss. With the health check feature in Salesforce, a Salesforce administrator can identify and fix vulnerabilities in their org all from a single page accessible in the setup interface. A calculated summary score usually displays how well the org aligns with Salesforce-standard security expectations.

This screenshot shows how to access the health check feature in Salesforce by navigating through Setup, using Quick Find, and selecting Health Check.

Conclusion

Salesforce's best practices are available for administrators and users to ensure they get the most out of its security architecture. Like many others on our platform, this article has been written to educate Salesforce users and admins on the standard expectations that should be followed to maximize security.

Explore More
See more articles from our Hub

Start Securing Your Entire SaaS Lifecycle

Request a demo