Salesforce Where Can Admin See Username for Login Attempt

In this web log serial, Onapsis Enquiry Labs will introduce you to the different types of audit capabilities that Salesforce has, analyze them, and run into how they complement each other.

Having proper auditing capabilities (and reviewing the results) is key to maintaining a high level of security. Without information technology, organizations are blind to what is happening in their nearly critical systems and processes. Proper auditing helps to rapidly detect unusual behavior that is often an indicator of misuse or worse... signal compromise.

In this series, I plan to cover the post-obit topics:

Login History
Setup Audit Trail
Issue Monitoring
Real-Time Upshot Monitoring

Notation: Salesforce provides some other interesting feature called "Field History Tracking" which tracks changes in selected fields. Although important and very useful, I won't be roofing it in this series.

Salesforce Login History

Login History is 1 of the virtually common logging facilities. You can observe it under the "Settings" → "Login History" menu. Information technology allows Salesforce Security Administrators to review and proceed runway of login attempts that are fabricated to the organization'southward Salesforce instance. Past default, you tin obtain unlike information about a login attempt, including username, engagement and time, IP address, and whether the login was successful or non. If yous need additional data, yous can create a custom view and add fields such as country of login origin and the HTTP method used.

The Login History stores up to six months of login information that yous can download equally a CSV file or compressed. (Notation: If your company has a retention policy requiring that login attempts be stored for a longer time frame, you will demand to manually download and shop them.) Login History is included without having to pay for whatever add-ons, a big difference compared to other useful tools such as the "Event Monitoring" add-on.

Login History Limitations

An interesting behavior worth mentioning is that Login History does non capture login attempts by users that do not exist in the organization. When analyzing the information provided, have into consideration how long user sessions last before reaching the timeout. It could happen that you expect for a login event on a certain day, only if your organization has configured long periods of inactivity (12 or 24 hours, for example), user sessions could bridge two days and you therefore will not find a login event for the day in question.

Another corner example not covered by the Login History is the "Login-Every bit" feature. This feature allows Salesforce Administrators to log in as another user, useful to reproduce bugs or troubleshoot missing permissions. If your organization has this feature enabled and a Salesforce Administrator logs in as another user, it won't be logged in the Login History as this login works using a different machinery than the traditional login. If you need to review logins performed through this method, you can use the "Setup Audit Trail". We'll comprehend information technology in a time to come weblog post.

Login History Employ Cases

The Login History can be very useful to detect different attacks or adherence to compliance policies, for example:

Password guessing attempts (a large number of invalid logins affecting i or more accounts)
Credentials stolen or account sharing (multiple logins of the aforementioned account from unlike IP addresses)
Compliance with login policies (usage of specific login methods)

If you need to perform complex searches, you can admission the Login History using SOQL queries. A simple example is shown below:

Simple query retrieving "LoginTime" and "UserId" fields

Another selection is to swallow the Login History through Lather API calls, but given its complexity, I'll save this for the next blog postal service.

Equally you can see, y'all tin swallow information from Salesforce's Login History feature to keep track of who is logging in to your organization and from where — and act appropriately. In the next blog mail, I'll continue analyzing other alternatives that complement Login History and help us to go along our organization secure. Stay tuned!

References

https://developer.salesforce.com/docs/atlas.en-united states.232.0.object_reference.meta/object_reference/sforce_api_objects_user.htm
https://programmer.salesforce.com/docs/atlas.en-us.sfFieldRef.meta/sfFieldRef/salesforce_field_reference_LoginHistory.htm