Security Updates in Spring ‘18


Every Spring season brings with it the opportunity for a fresh start. Another thing that Spring brings every year: a new Salesforce release! What better time to think about making some updates to the way you secure your data? In this post, we’ll highlight some of the most important security updates for Admins in the Spring ‘18 release.

Security Health Check

First up is Health Check – the amazing, free security tool that comes standard with every CRM implementation. What’s new in this release? Health Check has six new settings, including a setting requiring secure connections (verified by the green padlock icon next to the URL in your browser) for all third-party domains. Enabling this setting will help protect your users from visiting unsecured, or non-HTTPS, web domains.

If you’re already a Health Check expert and using custom baselines, it’s now possible to update them right from the UI! Rather than having to import a whole new set of baselines, you are able to add individual settings directly from the interface. If you already have a custom baseline uploaded, you’ll be prompted to update it the next time you log in with new Health Check settings. Just click “Update Baseline” when promoted to automatically add the settings. If you cancel, you are prompted again the next time you load the baseline.

Authentication and Identity

Starting with Spring ‘18, you can now control when community users are challenged to verify their identity, making it easier for users to log in to community sites. In addition, the process to set up identity verification is simpler through a centralized Setup page.

If you have a community set up in your org, you can now specify different login policies, making the login process faster and easier for internal users. You are able to control access to the Salesforce app and communities separately, which allows you to create less strict policies for device activation and IP constraints for internal, trusted users to provide a better login experience. For example, you can set up less restrictive access policies for employees that log in to your community, but external users are subject to profile IP restrictions.

Improved social sign-on experiences with optimized authorization provider URLs is now standard in both Lightning Experience and Salesforce Classic. When implementing social sign-on (for example, logging in to Salesforce using Facebook credentials) users will now experience fewer HTTP redirects and improved performance by using subdomain and community-specific URLs. To further optimize and simplify URLs, the orgID was removed. These enhancements are available to orgs with My Domain deployed.

Already using social sign-on and loving it? You can now add dynamic branding to your Embedded Login and authentication providers, allowing you to extend your brand across multiple login experiences.

Other Security Updates

We’ve talked a little bit about the importance of educating your users about phishing. To help protect users from malicious links, we’ve added the ability to enable a warning to alert users before they leave the domain. This alert will occur whenever a user clicks a link taking them outside the domain. For added security, we also show the full URL and domain they’re navigating to.

To enable this feature, go to Setup and search “Session Settings.” Under “Redirections,” select “Warn users before they are redirected outside of Salesforce.” And that’s it. You’re done!

Hopefully, you learned something valuable by reading this post that will help in your everyday life as an #AwesomeAdmin. Keeping your org secure can be a challenge at times, but we’re here to help you make it as easy as possible! If you’re interested in learning more about how to secure your Salesforce data, we’ve included some helpful resources, below:

Get hands on with this trail
Learn how you and your users can work together to keep your data safe.
Image of Mia Pacey next to text that says "Skills for Success: Security Management."

Hone Your Security Management Skills as a Salesforce Admin

As Salesforce Admins, we work with important data and have a powerful platform at our fingertips. But as the saying goes, with great power comes great responsibility. You, as an admin, must promote a culture of positive security controls, protect your organization’s data from unauthorized access, and be security responsible. You play a crucial role […]

Green meadow and text that says "Admin Configuration Kit: Security & Visibility."

Design User Security and Visibility with This Admin Configuration Kit

What’s an Admin Configuration Kit? Let’s set the scene. You’re an admin. You’ve talked to your users. You know what they want, functionally, but you don’t know how to configure it. You don’t even know what you’re supposed to configure! Normally at this point, you’d start searching Google, Help & Training, Trailhead, the Trailblazer Community, […]

Ruth and Cloudy having a picnic next to text that says "Learn MOAR: #5 Event Monitoring."

Learn MOAR in Spring ’22 with Event Monitoring 💻

Follow and complete a Learn MOAR Spring ’22 trailmix for admins or developers by March 31, 2022, 11:59 p.m. PT, to earn a special community badge and enter for a chance to win one of five $200 USD Salesforce Certification vouchers. Learn how to participate and review the Official Rules by visiting the Trailhead Quests […]


Have an Idea for a Story?

We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?