Set Different Login Policies for Salesforce and Community Users (Generally Available)

If you set up a community in your org, you can specify different login policies for internal users when they log in to a community instead of the Salesforce app. Also, OAuth authentication for internal users is now supported on community domains.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.

Why: For example, you can enforce IP restrictions for internal users logging in to a community, and relax IP restrictions when they log in to the Salesforce app. By controlling access to the Salesforce app and communities separately, you can relax device activation and IP constraints for internal, trusted users to provide a better login experience.

How: In Setup, in the Quick Find box, enter Profiles, and then edit an internal user’s profile. Under Session Settings, select Separate community and Salesforce login authentication for internal users (1). To set less restrictive login policies, select Relax login IP restrictions or Skip device activation, or both. To support authentication with OAuth for internal users who have Separate community and Salesforce login authentication for internal users enabled on their profile, select Allow OAuth for Internal Users (2).

Note

Note

When internal users who have these options enabled navigate to community workspaces, they are prompted to log in to the community again. Users who have these options enabled and the required permissions can still create communities.

Profile showing Session Settings area