Security Updates in Spring ‘18


Every Spring season brings with it the opportunity for a fresh start. Another thing that Spring brings every year: a new Salesforce release! What better time to think about making some updates to the way you secure your data? In this post, we’ll highlight some of the most important security updates for Admins in the Spring ‘18 release.

Security Health Check

First up is Health Check – the amazing, free security tool that comes standard with every CRM implementation. What’s new in this release? Health Check has six new settings, including a setting requiring secure connections (verified by the green padlock icon next to the URL in your browser) for all third-party domains. Enabling this setting will help protect your users from visiting unsecured, or non-HTTPS, web domains.

If you’re already a Health Check expert and using custom baselines, it’s now possible to update them right from the UI! Rather than having to import a whole new set of baselines, you are able to add individual settings directly from the interface. If you already have a custom baseline uploaded, you’ll be prompted to update it the next time you log in with new Health Check settings. Just click “Update Baseline” when promoted to automatically add the settings. If you cancel, you are prompted again the next time you load the baseline.

Authentication and Identity

Starting with Spring ‘18, you can now control when community users are challenged to verify their identity, making it easier for users to log in to community sites. In addition, the process to set up identity verification is simpler through a centralized Setup page.

If you have a community set up in your org, you can now specify different login policies, making the login process faster and easier for internal users. You are able to control access to the Salesforce app and communities separately, which allows you to create less strict policies for device activation and IP constraints for internal, trusted users to provide a better login experience. For example, you can set up less restrictive access policies for employees that log in to your community, but external users are subject to profile IP restrictions.

Improved social sign-on experiences with optimized authorization provider URLs is now standard in both Lightning Experience and Salesforce Classic. When implementing social sign-on (for example, logging in to Salesforce using Facebook credentials) users will now experience fewer HTTP redirects and improved performance by using subdomain and community-specific URLs. To further optimize and simplify URLs, the orgID was removed. These enhancements are available to orgs with My Domain deployed.

Already using social sign-on and loving it? You can now add dynamic branding to your Embedded Login and authentication providers, allowing you to extend your brand across multiple login experiences.

Other Security Updates

We’ve talked a little bit about the importance of educating your users about phishing. To help protect users from malicious links, we’ve added the ability to enable a warning to alert users before they leave the domain. This alert will occur whenever a user clicks a link taking them outside the domain. For added security, we also show the full URL and domain they’re navigating to.

To enable this feature, go to Setup and search “Session Settings.” Under “Redirections,” select “Warn users before they are redirected outside of Salesforce.” And that’s it. You’re done!

Hopefully, you learned something valuable by reading this post that will help in your everyday life as an #AwesomeAdmin. Keeping your org secure can be a challenge at times, but we’re here to help you make it as easy as possible! If you’re interested in learning more about how to secure your Salesforce data, we’ve included some helpful resources, below:

Get hands on with this trail
Learn how you and your users can work together to keep your data safe.
How to Use UX Principles to Shape Your Security Model

How to Use UX Principles to Shape Your Security Model

Congratulations! Your organization, Awesome Admin Automotive, made the investment in Salesforce. You’ve absorbed so much great content and can’t wait to dive right in and try out all the new bells and whistles! While it’s a very exciting journey ahead, as Simon Sinek’s book “Start With Why” suggests, it’s important to first take some time […]

Get Ready for MFA: Tips to Help Users Recover Access

Get Ready for Multi-Factor Authentication: Tips to Help Users Recover Access

As an #AwesomeAdmin, part of your role is managing and maintaining user access. So when multi-factor authentication (MFA) goes into effect for your org–whether you’re turning it on yourself or waiting for Salesforce to auto-enable it for you–it’s important to know how to resolve MFA-related access issues that users may encounter. Access issues typically fall […]

Permissions Updates

Permissions Updates | Learn MOAR Spring ’23

Follow and complete a Learn MOAR Spring ’23 trailmix for admins or developers by March 31, 2023, 11:59 p.m. PT to earn a special community badge and be automatically entered for a chance to win one of five $200 USD Salesforce Certification vouchers. Restrictions apply. Learn how to participate and review the Official Rules by […]


Have an Idea for a Story?

We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?