We can track identity verification activity, use new identity verification Apex methods in your custom apps, and apply two-factor authentication at a more granular level.
- New Special Character Assistance When Changing Passwords
salesforce has made it easier for users to verify their identity in Salesforce. The redesigned Salesforce Authenticator mobile app alerts users of logins and other account activities that require identity verification. Users verify the activity by responding on their mobile device. Salesforce Authenticator works for both Lightning Experience and Salesforce Classic. - Streamlined Setup of Two-Factor Authentication for Single Sign-On and Social Sign-On Users
If Salesforce org has SAML single sign-on or social sign-on through an authentication provider enabled, Salesforce has simplified the process of requiring two-factor authentication at login. Salesforce admins can now use profile policies and session settings to require users in these orgs to complete two-factor authentication when they log in. Previously, we had to create a custom login flow. This feature is available in both Lightning Experience and Salesforce Classic. - New Profile Policy for Session Security Level at Login
Salesforce has added a Session security level required at login setting for profiles. By default, the setting has a value ofNone for all profiles. Salesforce asmins can change the setting to High Assurance to require that users assigned to the profile log in with two-factor authentication. This feature is available in both Lightning Experience and Salesforce Classic. - Session Timeout Name Changed in Profile Settings
Salesforce has changed the name of the Session Timeout setting that controls how many minutes or hours of inactivity elapse before a session expires for users of a profile. On the profile overview page, in the Session Settings area, the setting is now called Session times out after. This feature is available in both Lightning Experience and Salesforce Classic. - Control Session Security Level for Device Activation
A new value in Session Security Levels, Device Activation, gives you more control over how and when your users are prompted to verify their identity. This feature is available in both Lightning Experience and Salesforce Classic. - Track User Identity Verifications
As an administrator, we can now monitor and audit the past six months of your users’ identity verification activity. For example, suppose that two-factor authentication is enabled when a user logs in, and the user provides a valid time-based one-time password as proof of identity. That information is recorded in Identity Verification History. This feature is available in both Lightning Experience and Salesforce Classic. - Implement Identity Verification in Your Custom Solution with Apex
A new Apex method, Auth.SessionManagement.generateVerificationUrl, invokes an identity verification flow in our custom solution. For example, if we have a custom Visualforce page that displays sensitive account details, you can challenge the user to verify identity before viewing it. This feature is available in both Lightning Experience and Salesforce Classic. - Improved Security for Identity Verification
Since an IP address isn’t a reliable indicator of a user’s identity, Salesforce has changed risk-based authentication protocol. When users log in to Salesforce from a device or browser Salesforce don’t recognize, they are now prompted to verify identity, even if they log in from an IP address Salesforce has seen before. - Improved Security for High-Assurance Resource Access Using APIs
If org has a policy to require a high-assurance session to access connected apps, reports, or dashboards, they can’t access them in a standard-assurance session using the Analytics or SOAP APIs. When using the Analytics API, if user's try to access a resource that requires a high-assurance session, an error message will be received. This feature is available in bothLightning Experience and Salesforce Classic. - New Special Character Assistance When Changing Passwords
- When your users change a password that requires a special character, they now see a tooltip. The tooltip lists the characters that are allowed (!#$%-_=+<>). Previously, special characters were described only in Salesforce Help. This feature is available in both Lightning Experience and Salesforce Classic.
- New Time Values for Connected App Mobile App Settings
We can now allow a mobile-connected app that requires PIN protection to be idle longer before it locks and requires the PIN. Previously, the values for the Require PIN after setting were none (no locking), 1, 5, 10, and 30 minutes. We’ve added values of 60, 120, 180, and 240 minutes. This feature is available in both Lightning Experience and Salesforce Classic. - External Identity Users Can Work with Accounts, Person Accounts, Assets, and Contacts
Users with an External Identity license can now read and edit accounts. They can also read, create, and edit assets and contacts. Previously, they couldn’t access these objects. If person accounts are enabled in org, the expanded access lets your external identity users work with person accounts. This feature is available in Salesforce Classic only. - Create a Custom Authentication Provider Plug-in with Apex
We can create our own external auth provider if we don’t see your preferred provider on our list. The custom authentication provider plug-in allows us to create our own single sign-on (SSO) auth provider. Admins and users can continue using the SSO credentials they already use for non-Salesforce applications with their Salesforce orgs. This feature is available in both Lightning Experience and Salesforce Classic. - Username Added to Identity Verification Email Message
Salesforce have added the username to the email that users receive when they log in to Salesforce from a device we don’t recognize. The Subject of the email message is “Verify your identity in Salesforce.”
No comments:
Post a Comment