We’ve made the powerful security features in Salesforce even
stronger, while adding simplicity of management and ease of use. Now you can encrypt sensitive
data for regulatory compliance, manage user accounts on other services based on changes to
your own user accounts, and much more.
Data Residency Option (DRO) Feature Retirement
We are retiring the Data Residency Option solution on August 15, 2015. After that date, we will no longer support new installations, and we will discontinue support for existing installations. While you can continue to use the DRO solution, we can’t guarantee it will be compatible with future Salesforce releases.
Continuously Enforce IP Addresses in Login IP Ranges
The Enforce login IP ranges on every request Session Settings option restricts the IP addresses from which users can access Salesforce to only the IP addresses defined in Login IP Ranges. This option affects all user profiles that have login IP restrictions.
Track Geographic Location of User Logins
You can now track the geographic location of the IP addresses of user logins from the Login History or Session Management pages, or by querying the LoginGeo object.
Track Authentication Service by ID with Login History
The authentication service ID is now associated with a user’s login history. For example, this addition allows developers to create reports that track the SAML or authentication provider configuration for a login event.
Log In Once for Concurrent Apps That Use OpenID Connect
After users log in and authorize an application to access their Salesforce user data, they aren’t prompted to log in again when they authorize other applications. This behavior applies to single sign-on using OpenID Connect (or OAuth, if a user logs in to another Salesforce app).
Create Single Sign-On Settings from a File or URL
You can configure SAML for single sign-on by importing the settings from an XML file or public URL, instead of having to specify them manually. This streamlines setup and lets you use settings from your identity provider easily.
Access SAML Metadata URL for a Community or Custom Domain
You can share the SAML configuration information for a community or custom domain with your service provider via a public URL. The URL points to metadata that your service provider can conveniently use to configure single sign-on settings to connect to Salesforce.
Choose the Logout Page for Salesforce Users
Direct users to a specific logout destination that maintains your own branding experience after they log out of Salesforce. Or, send them to a specific authentication provider’s page.
Test and Use Advanced Networking Protocols Apex callouts, workflow outbound messaging, delegated authentication, and other HTTPS callouts now support Transport Layer Security (TLS) version 1.2, TLS 1.1, and server name indication (SNI). HTTPS callouts continue to support TLS 1. We recommend that you test your callouts for compatibility in a sandbox before the upgrade.
Comply with FedRAMP Standards by Setting Minimum Password Length at 15 Characters
We’ve added the option to set the minimum password length for your organization at 15 characters. Requiring this minimum length puts your organization in compliance with United States Federal Risk and Authorization Management Program (FedRAMP) and Defense Information Systems Agency (DISA) security standards. Previously, the longest minimum password length you could require was 12 characters.
Supported Login Flow Types
When you connect a login flow to a profile in your organization, only flows of type Flow are supported.
User Provisioning for Connected Apps (Generally Available)
Automatically create, update, and delete user accounts on services, such as Google and Box, based on changes to user accounts in your Salesforce organization or Active Directory service. This feature dramatically reduces the time required to on-board new users, update user accounts, or deactivate accounts. It also provides a centralized view of all user accounts across applications and services.
Get Quicker Updates on My Domain Name Propagation
The time Salesforce takes to check the status of the DNS propagation of a new domain decreased from 10 minutes to 30 seconds. This change means you can receive notification that your new domain propagation is complete sooner than in previous releases.