Open in app

Sign in

Write

Sign in

Why You Should Be Tracking Salesforce Logins

Emily Sirianni
dbsaver
Published in
Sent as a

Newsletter

3 min readNov 2, 2022

A quick look at your orgs salesforce login history may make your eyes glaze over. Months of usernames, times, and IP addresses that seem to blur together.

But salesforce login data can actually tell you a lot if you know what you’re looking for.

Keep your eye out for;

  • Multiple failed verification attempts
  • A user with multiple IPs or locations at the same time
  • Logins from past employees

A String Of Failed Verification Attempts

Looking at the Status column of your Login History, you can see when a login attempt has succeeded or failed. It will even give you more information upon a failed attempt, like my example below. I used the wrong password a few times before I finally remembered that it’s 12345.

Salesforce login history showing invalid password login attempts

Of course it’s possible that a verified user has simply forgotten their login credentials. But this employee should be able to either reset their password or contact an administrator to solve their problem.

Salesforce login page with invalid credentials

If you’re seeing many failures in a row, it could be worth reaching out to that salesforce user to check in and see if they’re struggling to log in, or if this isn’t coming from them at all. Password guessing can be a sign that an unauthorized user is trying to access your salesforce org.

Same User — Different IPs or Locations

Login history showing that a user has concurrent sessions (the same or overlapping times) from different IP addresses or locations can be a red flag and it’s typically worth looking into. There are two likely scenarios here;

  • Stolen Credentials
  • Account Sharing

They both mean about the same thing; Someone’s credentials have been discovered and are being used by another individual. Stolen credentials would be an outside force gaining access to an org they’re not part of, while account sharing is different people in one company using the same account.

Past Employee Login

A familiar username pops into your Login History… but they were terminated last month? Maybe your employee termination workflow ran into a snag, or the wrong email was selected to be removed.

This is your notice to really delete or deactivate the account. Depending on how sensitive the data in your org is you may need to do more than that. The login history can be the evidence you need to back up any further action you take.

Salesforce has some built in tools that can give you the basic login history for your org over the last six months and event monitoring so that you can set up alerts for suspicious activity.

Want my next post to give an overview of how to set that up? Let me know in the comments.

Salesforce
Salesforce Training
User Login
Salesforce Admin

--

--

Emily Sirianni
dbsaver

Written by Emily Sirianni

6 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams