Help get this topic noticed by sharing it on Twitter, Facebook, or email.
I’m confident

Is DBAMP impacted by Salesforce changes to "forced logins"?

Is this going to be a problem for DBAMP? Doesn't seem like it would be, but wanted to make sure. Thanks!

As an admin of a Salesforce org, we want to notify you that we are adding measures to prevent scripts, sites and other sources from automatically logging in users without the user’s explicit authorization. This type of automatic logging in of users is commonly known as “forced login”, and while it’s not necessarily nefarious - some system administrators intentionally use this technique for the convenience of their users - we believe it will provide a more trusted login experience if users give their explicit authorization. We have detected that this change may impact your organization as you may be using forced login with a program or script.

What is the change?
With the Winter ‘16 release*, users will be warned when a website, application, or other source uses a link or script to force a user to login to Salesforce. When Salesforce detects this activity, we will prompt the user to verify the account and login attempt.

*Currently scheduled for October 2015; date subject to change

Users can select or deselect ‘Don't ask again’ on their device. When this option is selected, Salesforce remembers the preference for the account and browser combination by storing the information in cookies. Salesforce will not prompt users when logging in through a web form and using a standard login page, such as https://login.salesforce.com, or a login page for custom Salesforce domains, portals, or communities. Single sign-on, two factor authentication, and non-browser logins will also not receive this message.

How may this impact my Salesforce implementation?
Programs and scripts developed to send requests that look like they come from a browser will likely prompt the warning message page. These programs or scripts may need to be modified by changing their HTTP request behavior, or updated to handle the new message appearing in the login flow. Please see login() from the API Developer’s Guide.
1 person has
this question
+1
Reply