Salesforce Developer Security High Security Sessions
// Salesforce - Developer - Security - High Security Sessions: You can restrict access to certain types of resources based on the level of security associated with the authentication (login) method for the user’s current session. By default, each login method has one of two security levels: Standard or High Assurance. You can change the session security level and define policies so specified resources are only available to users with a High Assurance level. By default, the following authentication methods are assigned these security levels: 1. Username and Password — Standard 2. Delegated Authentication — Standard 3. Two-Factor Authentication — High Assurance 4. Authentication Provider — Standard 5. SAML — Standard Currently, the only features that use session-level security are connected apps, reports, and dashboards. You can set policies requiring High Assurance on these types of resources and specify an action to take if the session used to access the resource is not High Assurance. The two supported actions are: 1. Block: This blocks access to the resource by showing an insufficient privileges error. 2. Raise session level — This redirects you to a Two-Factor Authentication flow for raising the session’s security level to High Assurance. Once you complete the flow successfully, you can access the resource. To set a High Assurance required policy for accessing a connected app: 1. From Setup, go to Administer -> Manage Apps -> Connected Apps. 2. Click Edit next to the connected app. 3. Select High Assurance session required. 4. Select one of the two actions presented. 5. Click Save. To set a High Assurance required policy for accessing reports and dashboards: 1. From Setup, go to Build -> Customize -> Reports & Dashboards -> Access Policies. 2. Select the High Assurance session required. 3. Select one of the three actions presented. 4. Click Save. The session levels have no impact on any resources in the app other than connected apps, reports, and dashboards for which explicit security policies have been defined.
page revision: 0, last edited: 02 Jan 2017 00:20