5 Salesforce Security Tips

Let’s face it, we all live in an evolving digital world. Our personal lives, work lives, and finances all gravitate towards the world of the internet, electronic media, and mobile computing. Unfortunately, this widespread phenomenon puts us at a risk of facing malicious attacks, fraud, invasions of privacy, and other unpleasantries. These are just some of the biggest reasons why cybersecurity is such an integral part of a well-organized and secure digital world.

With Salesforce being the hub of information for many software-as-a-service (SaaS) organizations, it’s no surprise that every Salesforce-powered organization wants to keep its Salesforce instance and integrations secure. There is no denying the fact that Salesforce offers one of the most trusted and reliable CRM platforms but organizations still need to make ensure all security measures are in place to minimize external threats and breaches.

1. Two-Factor Authentication

The easiest way to enhance the security level of your Salesforce instance is by setting up two-factor authentication. For this, you can enable two-factor authentication for logins to add a security layer by asking every user to verify their identity through an authentication application such as the Salesforce Authenticator App or call/text message every time they try to login to the Salesforce org.

Two-Factor Authentication for Reports

In Salesforce, you can leverage two-factor authentication for safeguarding access to reports. For this, an admin will need to “Raise the session level to High Assurance” in Setup under “Session Security Levels”.

2 factor auth setup in Salesforce

Regulating control access to printing and exporting reports

Salesforce can be configured for prompting users to verify their identity when printing or exporting reports. For this, you need to enable “Raise the Session to High Assurance” in Setup type in “Identity Verification” and under “Security Level Policies”.

Salesforce security level policies

2. Configure Network-Based Security

You need to make sure that the Trusted IP range feature is configured in Salesforce. The trusted IP range generally denotes office locations and private networks accessed by employees so everyone outside of that range is prompted to verify their identity before Salesforce can be accessed.

Salesforce network based security access

To set up an org-wide Salesforce configuration, you’ll need to click “New” in Setup search for Network Access for creating a new trusted IP Range.

Salesforce trusted IP range edit

Pro Tip: You can add informative descriptions in case you have multiple trusted IP ranges so that it is easier to specify and recognize which range applies to which use case.

3. Track Login History in Salesforce

To increase the safety of your Salesforce org, you can track login history by accessing a standard report called “New Login Location Report”. You can make a quick search for Login History under the Setup menu.

Tracking Salesforce login history screenshot

4. Enable App Allowlisting

App Allowlisting (formerly Whitelisting) should ideally be enabled in the Salesforce org to block end users from offering solutions access to Salesforce if a third-party app requires access to Salesforce.

Steps to enable App Allowlisting

Step 1:

The Admin(s) of your Salesforce instance is required to call Salesforce or submit a case to enable App Allowlisting. Once enabled, the admin can assign the permission set access and specific profiles to certain applications. For instance, Data Loader is a commonly-used app but every user should not have access to it.

Step 2:

Click “Edit” next to Dataloader Partner under “Manage Connected Apps”.

Step 3:

Authorized users can click “Admin approved users are pre-authorized” under OAuth policies.

Data loader partner

Step 4:

You can then assign Profiles and Permission Sets to gain access to Data Loader under “Manage Connected Apps”.

Managed connected apps in Salesforce setup

5. Invest in a reliable and dedicated Salesforce Integration User

Investing in a reliable and dedicated Salesforce Integration User (a full Salesforce license) has become of paramount importance these days with more and more organizations and users integrating AppExchange Apps and other paid tools with their Salesforce instance. It facilitates seamless integration and also enhances the security of your Salesforce instance.


Cybercrimes can happen to anyone and it’s not just the big organizations that get hit. Even everyday consumers experience ransomware attacks, phishing schemes, data breaches, financial losses, and identify theft. Therefore, you should make it a point to set up and manage a more secure instance of Salesforce.


  1. https://www.simplilearn.com/cybersecurity-and-you-article
  2. https://www.cloudkettle.com/blog/top-five-salesforce-security-tips-to-make-your-instance-more-secure/
  3. https://intellectualpoint.com/5-reasons-why-cybersecurity-is-important-now-more-than-ever/