Security Updates in Spring ‘18


Every Spring season brings with it the opportunity for a fresh start. Another thing that Spring brings every year: a new Salesforce release! What better time to think about making some updates to the way you secure your data? In this post, we’ll highlight some of the most important security updates for Admins in the Spring ‘18 release.

Security Health Check

First up is Health Check – the amazing, free security tool that comes standard with every CRM implementation. What’s new in this release? Health Check has six new settings, including a setting requiring secure connections (verified by the green padlock icon next to the URL in your browser) for all third-party domains. Enabling this setting will help protect your users from visiting unsecured, or non-HTTPS, web domains.

If you’re already a Health Check expert and using custom baselines, it’s now possible to update them right from the UI! Rather than having to import a whole new set of baselines, you are able to add individual settings directly from the interface. If you already have a custom baseline uploaded, you’ll be prompted to update it the next time you log in with new Health Check settings. Just click “Update Baseline” when promoted to automatically add the settings. If you cancel, you are prompted again the next time you load the baseline.

Authentication and Identity

Starting with Spring ‘18, you can now control when community users are challenged to verify their identity, making it easier for users to log in to community sites. In addition, the process to set up identity verification is simpler through a centralized Setup page.

If you have a community set up in your org, you can now specify different login policies, making the login process faster and easier for internal users. You are able to control access to the Salesforce app and communities separately, which allows you to create less strict policies for device activation and IP constraints for internal, trusted users to provide a better login experience. For example, you can set up less restrictive access policies for employees that log in to your community, but external users are subject to profile IP restrictions.

Improved social sign-on experiences with optimized authorization provider URLs is now standard in both Lightning Experience and Salesforce Classic. When implementing social sign-on (for example, logging in to Salesforce using Facebook credentials) users will now experience fewer HTTP redirects and improved performance by using subdomain and community-specific URLs. To further optimize and simplify URLs, the orgID was removed. These enhancements are available to orgs with My Domain deployed.

Already using social sign-on and loving it? You can now add dynamic branding to your Embedded Login and authentication providers, allowing you to extend your brand across multiple login experiences.

Other Security Updates

We’ve talked a little bit about the importance of educating your users about phishing. To help protect users from malicious links, we’ve added the ability to enable a warning to alert users before they leave the domain. This alert will occur whenever a user clicks a link taking them outside the domain. For added security, we also show the full URL and domain they’re navigating to.

To enable this feature, go to Setup and search “Session Settings.” Under “Redirections,” select “Warn users before they are redirected outside of Salesforce.” And that’s it. You’re done!

Hopefully, you learned something valuable by reading this post that will help in your everyday life as an #AwesomeAdmin. Keeping your org secure can be a challenge at times, but we’re here to help you make it as easy as possible! If you’re interested in learning more about how to secure your Salesforce data, we’ve included some helpful resources, below:

Get hands on with this trail
Learn how you and your users can work together to keep your data safe.
Introducing Files and Attachments Backup in Salesforce Backup.

Introducing Files and Attachments Backup in Salesforce Backup | Spring ’24

What is Salesforce Backup? Salesforce Backup is our native backup and restore solution designed to safeguard customers’ valuable data. Geared for user-friendly operation, Salesforce Backup automatically creates backup copies of business data, empowering organizations to effortlessly restore data and recover from even the most challenging scenarios. With the Spring ’24 Release, we’re thrilled to announce […]

Introducing Salesforce Backup.

Introducing Salesforce Backup: Your Data’s Safety Net

What is Salesforce Backup? On August 15, Salesforce announced the general availability of Salesforce Backup, a native backup and restore solution designed to safeguard customers’ valuable data. Built with ease of use in mind, Salesforce Backup automatically creates backup copies of business data, empowering any organization to restore data and recover from even the worst-case […]

Cloudy with a laptop standing next to text that says, "Security + AI Basics for Salesforce Admins."

Security + AI Basics for Salesforce Admins

Artificial intelligence (AI) is everywhere right now and everyone is talking about it. From having fun with generative imaging to staring in wonder at driverless cars, it seems that AI is popping up all over the place. Salesforce has made a ton of AI announcements with Sales GPT, Service GPT, Slack GPT, and beyond. As […]