Patrick Shaw’s Weblog

Special thanks to our colleagues from NPower New York - some of this information duplicates what I posted already - but - I thought I’d post their excellent “how-to” as well:

We are sending this email to NPower NY clients to make sure you are aware of Salesforce.com’s new security changes coming on 12/4.

Special thanks to our colleagues from NPower New York - some of this information duplicates what I posted already - but - I thought I’d post their excellent “how-to” as well:

We are sending this email to NPower NY clients to make sure you are aware of Salesforce.com’s new security changes coming on 12/4.

This email contains:

a) Links to the security webinars

b) Directions on how to login to Salesforce after 12/4 from a new PC

c) Where to go for more help

d) NYC Nonprofit User Group Information

Links to the Security Webinars:

If you haven’t already, view the Salesforce Security webinars:

1) http://salesforce.acrobat.com/securitywebinar - general information about security and phishing

2) http://salesforce.acrobat.com/security3 - specific information about changes to the Salesforce login process - WATCH THIS ONE

Here is the website with all of the security information: http://trust.salesforce.com/security.html

All the information below is taken directly from that site.

Directions on how to login to Salesforce after 12/4 from a new PC

***If you are logging into Salesforce from a new computer or a new location (IP address):

To access Salesforce via a browser, you can “activate” the computer with the following procedure:

1. In response to the error message, click the Send Activation Link button to trigger an email message. Please note salesforce.com will never ask you for your login credentials in an email.
2. Open the email message that contains the activation link.
3. Copy the link and paste it into the browser within 24 hours. A message confirms that the computer has been activated.
4. Once activation is complete, you can log in to Salesforce as usual. You will not have to activate that location or browser again.

***To access Salesforce via a desktop application (like the Outlook connector) or other API-based application (like a website), you must replace your current password with a combination of your password and a security token:

1. Log in to Salesforce via the browser to request your security token.
2. Go to Setup -> My Personal Information -> Reset Security Token.
3. Click the Reset Security Token button to trigger an email which will contain your security token.
4. Select and copy the token from the email.
5. In the application, replace your password with combination of the password and the security token. For example, if your password is “MyPassword” and your security token is “XXXXXX”, you would enter “MyPasswordXXXXXX” into the password field.

For more details and screenshots, view the webinar http://salesforce.acrobat.com/security3 .

***If You are a Salesforce Administrator

Our goal is to minimize the impact of the Identity Confirmation features by allowing established patterns of usage to continue unchallenged, so that users who log in from a known, trusted IP address are not affected. To exempt your users from having to take additional steps to log in, you can define a list of trusted IP ranges in the application.

To facilitate this process, salesforce.com will pre-populate such a list for your company once, based on an analysis of the last four months of your organization’s login data. Users with an address within one of these ranges will not be required to activate their computers or use a security token.

It will be your responsibility to update your list of trusted IP ranges by adding new ranges as needed.

You should be prepared to answer questions from affected users when Identity Confirmation is implemented for your company. The steps below will prepare you to assist your users and to maintain your list of trusted IP ranges.

Important! View the Webinar to be prepared to answer your users’ questions. You can also refer your users to the Webinar.

Rollout will begin on November 26 (More detail forthcoming) to find out when Identity Confirmation will be implemented for your company.

Check the pre-populated list of trusted IP addresses for completeness and accuracy.

Maintain this list to ensure a smooth login experience for your users. To manage the list, go to Setup -> Administration Setup -> Security Controls -> Network Access

If you have additional questions, contact Salesforce.com Support - 415-901-7010.

c) Where to go for more help

Salesforce Customer Support: 415-901-7010 or the security web page: http://trust.salesforce.com/security.html