Security Updates in Spring ‘18

By

Every Spring season brings with it the opportunity for a fresh start. Another thing that Spring brings every year: a new Salesforce release! What better time to think about making some updates to the way you secure your data? In this post, we’ll highlight some of the most important security updates for Admins in the Spring ‘18 release.

Security Health Check

First up is Health Check – the amazing, free security tool that comes standard with every CRM implementation. What’s new in this release? Health Check has six new settings, including a setting requiring secure connections (verified by the green padlock icon next to the URL in your browser) for all third-party domains. Enabling this setting will help protect your users from visiting unsecured, or non-HTTPS, web domains.

If you’re already a Health Check expert and using custom baselines, it’s now possible to update them right from the UI! Rather than having to import a whole new set of baselines, you are able to add individual settings directly from the interface. If you already have a custom baseline uploaded, you’ll be prompted to update it the next time you log in with new Health Check settings. Just click “Update Baseline” when promoted to automatically add the settings. If you cancel, you are prompted again the next time you load the baseline.

Authentication and Identity

Starting with Spring ‘18, you can now control when community users are challenged to verify their identity, making it easier for users to log in to community sites. In addition, the process to set up identity verification is simpler through a centralized Setup page.

If you have a community set up in your org, you can now specify different login policies, making the login process faster and easier for internal users. You are able to control access to the Salesforce app and communities separately, which allows you to create less strict policies for device activation and IP constraints for internal, trusted users to provide a better login experience. For example, you can set up less restrictive access policies for employees that log in to your community, but external users are subject to profile IP restrictions.

Improved social sign-on experiences with optimized authorization provider URLs is now standard in both Lightning Experience and Salesforce Classic. When implementing social sign-on (for example, logging in to Salesforce using Facebook credentials) users will now experience fewer HTTP redirects and improved performance by using subdomain and community-specific URLs. To further optimize and simplify URLs, the orgID was removed. These enhancements are available to orgs with My Domain deployed.

Already using social sign-on and loving it? You can now add dynamic branding to your Embedded Login and authentication providers, allowing you to extend your brand across multiple login experiences.

Other Security Updates

We’ve talked a little bit about the importance of educating your users about phishing. To help protect users from malicious links, we’ve added the ability to enable a warning to alert users before they leave the salesforce.com domain. This alert will occur whenever a user clicks a link taking them outside the salesforce.com domain. For added security, we also show the full URL and domain they’re navigating to.

To enable this feature, go to Setup and search “Session Settings.” Under “Redirections,” select “Warn users before they are redirected outside of Salesforce.” And that’s it. You’re done!

Hopefully, you learned something valuable by reading this post that will help in your everyday life as an #AwesomeAdmin. Keeping your org secure can be a challenge at times, but we’re here to help you make it as easy as possible! If you’re interested in learning more about how to secure your Salesforce data, we’ve included some helpful resources, below:

Get hands on with this trail
Learn how you and your users can work together to keep your data safe.
Core responsibilities of a Salesforce Admin

Core Responsibilities of a Salesforce Admin: Your Blueprint for Success

As admins, you hold the keys to success for your users and companies to get the most out of Salesforce. You have the unique opportunity to build and manage trusted solutions that drive productivity and innovation through five core admin responsibilities: security, user management, data management, analytics, and a new core responsibility: product management.  The […]

READ MORE
User management enhancements Winter '25

User Management Enhancements | Winter ’25 Be Release Ready

Winter ’25 is almost here! Learn more about user management and check out Be Release Ready to discover more resources to help you prepare for Winter ’25. We’re continuing to innovate in Setup starting with user access and user management. We have several exciting enhancements in store for Winter ’25–many thanks to your feedback and […]

READ MORE
Troubleshoot user access with SOQL

How to Troubleshoot User Access with SOQL (Beginner Friendly)

Awesome Admins, we know that troubleshooting user access is a common task. You’re frequently asked questions like “Why can Jane access this field, but John can’t?” or “Why can John view this record when he shouldn’t be able to?” In Summer ’24, we introduced helpful summary views for users, public groups, permission sets, and permission […]

READ MORE