TRUST is one of the core values of Salesforce and the foundation block that it is built upon. Parker Harris, Salesforce co-founder says, “Nothing is more important to our company than the privacy of our customers’ data”. Trust requires security and Salesforce has developed various features over time to live up to that commitment. One such security feature is called Transaction Security Policy.
Using Transaction Security Policy, you can define events to monitor and take action when that event happens. Here are a few examples of the events that you can monitor
- You want to block and notify the administrator when somebody tries to export the ‘Contact’ information
- You want to raise the session security to Two-Factor Authentication (2FA) when a user tries to access Salesforce from two different IP Address within the last 24 hours
- You want to block the access when someone tries to log in from a particular country or from a particular operating system or browser
- You want to block chatter posts containing particular keywords
- You want to limit the concurrent number of sessions for a user or for an administrator
And when these events occur, you can take these actions
- Block – Don’t let the user complete the request
- Two-Factor Authentication – Step up the security and prompt the user to confirm identity by using two-factor authentication, such as the Salesforce Authenticator app
- Freeze user – Prevent further logins into your org by the user.
- End session – Prompt the user to end an existing session when the number of concurrent sessions a user is allowed to have is strictly limited
I hope you get the gist of it now. But for one last time – Transaction Security is a framework that intercepts Salesforce events in real-time and applies appropriate actions and notifications based on the security policies you create.
One more thing before we go any further. Please do note that Transaction Security Policy requires purchasing Salesforce Shield or Salesforce Event Monitoring add-on subscriptions. TSP, unfortunately, is not free 🙁
So how do you configure Transaction Security Policy in your Salesforce Org? Here is your less than 30 minutes step-by-step guide on how to configure TSP in Salesforce. In this we are going to apply TSP on two different events – One, we’ll block the user from exporting contact information and second, we will step up the session security to two-factor authentication if a user tries to log in from two different IP addresses within 24 hours.
References & Useful URLs:
- Trailhead Module – Enhanced Transaction Security – https://trailhead.salesforce.com/content/learn/modules/enhanced_transaction_security
- Help Article – Enhanced Transaction Security – https://help.salesforce.com/articleView?id=sf.enhanced_transaction_security_policy_types.htm&type=5
- Enhanced Apex Transaction Security Implementation Examples – https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/enhanced_transaction_security_policy_apex_examples.htm
- YouTube Video (23:00 mins) – Implementing Real-Time Actions with Transaction Security
Blog Post Change Log:
- March 2021 – Replaced screenshots to show new ‘Condition Builder’ & ‘Apex’ methods to create Transaction Security Policy
- April 2019 – 1st Published