Authorize logins from any IP address

December 10, 2007 @ 3:53 pm · Filed under Configuration, Tips
By Scott Hemmeter

Salesforce has mostly implemented their security changes. FYI, this is the help file page explaining to admins how to setup Network Access in the application and what happens when a user logs in.

If you have an org that you need access to without the burden of this restriction (e.g. an org you use to perform demos at various locations and/or from many different computers where you might not have email access), you can authorize all IPs by making 0.0.0.0 the start IP and 255.255.255.255 the end IP in a Network Access record.

Doing this will essentially put that org’s security back to what it was before Salesforce made their enhancements. I wouldn’t recommend making this change unless you actually need it, but it can come in handy even if for a short-term fix.

This is the approach Salesforce.com has taken for Test Drive orgs on AppExchange listings so that Test Drive users are not restricted access to a demo. All of my Test Drives had a record with this range pre-populated by Salesforce when they made their security changes.

Note: I do not recommend anyone do this for their corporate Salesforce.com org as this would negate all the good work Salesforce has done to button things up.

5 Comments

  1. Pete 'Fifedog' Fife Said,

    December 12, 2007 @ 2:38 pm

    Scott – Awesome-ness again. I just was having an issue with a EMEA support rep who works from home and his ISP gives him a dynamic IP every day. Therefore he was being asked every morning to authentic. I total forgot about which I think will solve my issue. Now I’m not going to enable it for my company, just my Level 3 CSR’s. Therefore if they do travel and go on site and have to use a different computer they will not have to authenticate. At least that’s the feedback so far from the support managers. Thanks again.

  2. Stuart 'Kickingboy' Gascoyne Said,

    January 5, 2008 @ 3:39 am

    I don’t agree that the security enhancements are a result of all the good work salesforce has done. After all the motivation resulted from a gullible SFDC employee responding to a phishing attack. It is a real inconvenience for me because I can no longer access my SFDC account from the browser on my mobile phone because I have no way of accessing the activation link. The IP address restrictions are a sledgehammer to crack a nut. By contrast I can access my bank account from my mobile phone or any computer I choose. Their security measures involve requesting random characters from my password and and a secret question. Think again Salesforce is my view.

  3. Chris Lively Said,

    March 3, 2008 @ 8:13 am

    I agree with Stuart. This “security” measure is a serious PITA and simply defeats the run “anywhere” attitude that SalesForce used to have.

  4. David Schach Said,

    April 25, 2008 @ 2:57 pm

    I tried this in a production org, and it wouldn’t let me do it.
    I could go from 10.0.0.0 to 12.0.0.0 but not to 13.0.0.0.
    Apparently there’s a specific number of IP addresses allowed to be specified.

  5. Scott Hemmeter Said,

    April 25, 2008 @ 3:12 pm

    @David: Yeah, Salesforce fixed some things on their end and only allow smaller ranges to be created. So this post is a bit outdated. To accomplish the same thing, you’ll have to create a number of smaller ranges.

RSS feed for comments on this post