No matches found
Try choosing different filters or resetting your filter selections.
Security: Passwordless Login, Set Validity Period for Login Links
Give your customers the convenience of logging in with verification
codes instead of passwords. Build dashboards for them to manage the phone numbers and email
addresses they use for verification. Set different community login policies to relax
requirements for internal users. And to improve your community experience, control how long ID
tokens and verification links are valid.
-
Optimize Account Roles to Improve Performance and Scale Your Org (Generally Available)
Minimizing the number of roles you use for customer and partner community accounts can improve performance. Consider using account role optimization if you anticipate having a large volume of business accounts with a single community user. In this scenario, all accounts with one community user owned by the same employee use a single shared person role. This optimization could replace the need for possibly thousands of account roles. This feature was a pilot in Spring ’18 and is now generally available. -
Make It Easy for Your Community Users to Log In with Identity Verification Methods Instead of Passwords
Give your community members, customers, and other external users the convenience of logging into your community with a verification code instead of a password. For example, have your external users log in with a code that you send in an email or text message. This feature is called passwordless login. -
Expire Community Links in Welcome Emails
You know that handy link to the community that we send out in our welcome emails? Now you can determine how long that link is live. One day? Seven days? One hundred and eighty days? It’s up to you! -
Administrator-Initiated Password Reset Links Expire After 24 Hours
Administrator-initiated password reset links in emails to users expire after 24 hours. Previously, these links did not expire. The new validity period also applies to password reset links in emails sent before Summer ’18. -
Keep Links in Forgot Password Emails from Expiring Prematurely
We’ve all forgotten a password and requested to reset it, right? Improve your users’ experience, and let reset password links in forgot password emails stay active until a user confirms the password reset request. Previously, the links in forgot password emails expired after the link was clicked. -
Enable Users to Review and Manage Their Verification Methods
Give users more control over the identity verification methods that they use to access your org. You can use administrative tools to build custom registration screens and verification dashboards for both internal and external users. With custom interfaces, users can review and manage the mobile phone numbers and email addresses that they use for verification. -
Trailing Slash Removed from an ID Token’s Issuer URL
Salesforce no longer adds a trailing slash (/) to the issuer URL for a community that does not have a root path prefix (/) in the ID token. This change conforms to the OpenID Connect Discovery standard. -
Authentication Provider Endpoints Require HTTP or HTTPS
Authentication provider endpoints must start with HTTP or HTTPS. Non-HTTP protocols, such as data://, feed://, or ftp://, are no longer supported in Auth. provider URLs. -
Configure the Validity Period and Audiences for ID Tokens
When you configure authentication settings for a connected app, you can now specify the length of time that an ID token is valid for after it’s issued. Also, you can specify multiple audiences for the ID token. -
Set Different Login Policies for Salesforce and Community Users (Beta)
If you have a community set up in your org, you can specify different login policies for internal users. Control access to the Salesforce app and communities separately. For instance, you can relax device activation and IP constraints for internal, trusted users to provide a better login experience. -
Renamed Option for Verifying Community External Users’ Identity
When external users access a Salesforce community from a new device or browser, you can verify their identity as an extra measure of security. On an external user’s profile, the option Verify identity when external users access Salesforce from new browser or device (device activation) has been renamed Enable device activation. -
Make Sure That Your Head Markup Is Valid
Do you have custom markup in your <head> markup? To improve security, in Summer ‘19 all existing code must be compliant for the <head> to function, and all new code must be compliant to be saved. This enhancement builds on the changes introduced in Winter ‘18 that applied extra restriction to <head>.