Salesforceへのアクセス制限に関しては、セキュリティの厳しいお客様から非常によく聞かれますので、どのようなアクセス制限が可能か、また個体識別でのアクセス制御が可能かなどについて記事に纏めたいと思います。
- Salesforceのアクセス制御の種類
- 個体識別(個別の端末を識別)してのアクセス制御が可能か
Salesforceへのアクセス制御方法
まず、Salesforceはパブリッククラウドサービスのため、基本的にはインターネット経由でどこからでも、どんな端末からでもアクセス可能な仕組みとなっています。
セキュリティの観点から限られたユーザや端末のみからのアクセスを制限しないといけない要件がある場合には、以下のような方法が提供されています。
IPアドレス制限
組織単位もしくは、上記のようにプロファイル事にIPアドレス制限をすることが可能です。
IPアドレスのホワイトリスト登録を行います。許可するIPアドレスをFrom-Toで指定します。
デフォルトでは、本設定をしない限り全てのIPアドレスが許可された状態となっています。
ログイン時間帯の制御
プロファイル毎の制御となりますが、曜日ごとにログイン可能な時間帯を制御することができます。
開始から終了時間を設定すると、指定した時間帯以外はアクセス不可となります。
専用のVPN接続
閉域網のVPNでセキュアにアクセスするため専用のVPNを用意することも可能です。
こちらの詳細については以下、NTT Communications社が提供する「Salesforce over VPN」をご検討ください。
カスタムログインフロー
カスタムログインフローを使って、生体認証などの認証技術を組み合わせて、ユーザ認証を強化する方法もあります。
※今後は、全てのSalesforce組織で、多要素認証(MFA)の利用が必須となるため、さらに組み合わせて認証をするとかなり手間になることが想定されます。
カスタムログインフローを使うとログインの制御以外に、例えば、勤務時間外にログインしたユーザがいた場合に通知を送信するなどの仕組みを構築することができるため、お客様の要件によってはカスタムログインフローも使えると思います。
カスタムログインフローの詳細は以下を参照ください。
個体識別(端末単位)でのアクセス制御について
例えば、Salesforceのモバイルアプリを利用してアクセスするのは許可するが、会社から貸与した端末だけしかアクセスは許可しない(私用携帯からはアクセス不可)というような要件がある場合にどのような対応が可能か説明します。
2022年1月10日現在)Salesforceが提供する機能だけで、端末単位にアクセス制御をすることは難しいという結論となります。
2022/03/30 モバイルデバイス追跡機能と、Apex+フローを組み合わせることで個別端末のアクセス制御が実現できそうです。
※詳しくは本章の最後をご確認ください。
Salesforceのモバイルアプリケーションを利用することで、Winter ’21 で正式リリースされる「モバイルデバイス追跡」機能を使うことで、端末固有の識別子(シリアル番号など)を捕捉することが可能となります。
そのため、この端末固有の識別子を使うことで、アクセスの制御をすることは可能(アクセスできないようにブロックすることが可能)となりますが、ブロックするためには、ログインされた後にシステム管理者によって、対象の端末をアクセスするというような作業が必要となってしまうという課題があります。
※ログイン前にアクセス制御することができない。
また、ブロックするためにはAPIやApexを使っての操作が必要となるため、端末一覧を表示してチェックされた端末をブロックするような画面とか処理を開発する必要がありそうです。
「モバイルデバイス追跡」の機能を利用する場合には、Salesforceサポートへ問い合わせをして有効化の手続きが必要となります。
詳細は、以下公式HELPサイトをご確認ください。
最後に注意点として、スマホやタブレットからSalesforceにアクセスする際にネイティブアプリのSalesforceモバイルアプリケーションを利用する場合には、上記モバイルデバイス追跡にて個体識別が可能となりますが、ブラウザ(ChromeやSafari)を使ってアクセスされた場合には、追跡ができないので注意が必要です。
【お勧めの対応方法】
モバイルのブラウザアクセスはプロファイルのIPアドレス制限で対応し、モバイルアプリからのアクセスはIPアドレス制限の緩和を実施し、モバイルデバイス追跡機能で制御するというやり方がよさそうです。
Update 2022/03/30
モバイルデバイス追跡機能と、Apex+フローを組み合わせることで、モバイル端末の初回ログインを制御することはできそうです。
ログインフローを使って、ログインユーザのIDで、UserDeviceオブジェクトを検索し(Apexが必要)、StatusがApprovedでない場合は強制ログアウトさせるという方法となります。
詳細は、別途記事を作成してご紹介したいと思います。
VPNを使っての制御
VPNを利用することで端末の制御を方法があります。
SalesforceにはVPNのアドレスだけをアクセス許可と設定しておき、許可したモバイル端末だけVPN接続できるようにすることで、アクセス制御します。
サードパーティーを使っての実現
サードパーティーの製品となりますが、conexio(コネクシオ社)の「verifycloud」という製品を利用することで、端末ごとにアクセスを制御することができるようです。
以下のような内容が実現可能ということです。
- デバイスごとにSalesforceのアクセス権を付与することが可能
- WebブラウザやSalesforceアプリのCookie情報をもとに認証するためVPNが不要
- 専用ブラウザではなく、SafariやGoogleChromeといった通常のブラウザ、Salesforceモバイルアプリが利用可能
費用体系は以下となっています。(2022/1/10現在)
1ライセンス ¥200/月[税抜]
年間契約(¥2,400)[税抜]・10ID単位
詳細は、以下のサイトをご確認ください。
https://sol.conexio.co.jp/biz/verifycloud
まとめ
現時点では、セールスフォースの標準機能だけでは、個別端末の制御はできないため、VPNやサードパーティー製品を用いて実現する必要がありそうです。
お客様の要件(何を実現したいか)によっては、IPアドレス制限や時間帯の制限、カスタムログインフロー等での対応も可能な場合もあると思います。
サポーターさん
Very nice post and right to the point. I am not sure if this
is in fact the best place to ask but do you
people have any ideea where to get some professional writers?
Thanks 🙂 Lista escape room
Very interesting subject, regards for putting up..
Fine way of telling, and pleasant piece of writing to obtain information on the topic
of my presentation subject, which i am going to present in school.
my page: 만세력
Hi, I do believe this is an excellent blog. I stumbledupon it 😉 I may revisit yet again since i have bookmarked it. Money and freedom is the best way to change, may you be rich and continue to guide other people.
Bahis sitelerinde deneme bonusu ile Aviator oynayarak büyük kazançlar elde ettim!
Can I just say what a relief to discover somebody that really understands what they’re talking about on the net. You actually understand how to bring an issue to light and make it important. A lot more people need to read this and understand this side of your story. It’s surprising you are not more popular given that you certainly possess the gift.
Aw, this was an exceptionally good post. Taking a few minutes and actual effort to create a top notch article… but what can I say… I procrastinate a lot and don’t manage to get nearly anything done.
İlk para yatırmamda aldığım bonus sayesinde hemen kazanmaya başladım.
I’m impressed, I must say. Seldom do I encounter a blog that’s equally educative and engaging, and let me tell you, you have hit the nail on the head. The issue is an issue that too few people are speaking intelligently about. I am very happy that I came across this in my hunt for something relating to this.
Düşük bahislerle oynadığımda bile Razor Shark’tan büyük kazançlar elde ettim.
Deneme bonusu sayesinde hiç para yatırmadan kazandım, herkes denemeli!
Can I simply just say what a relief to discover someone that really understands what they’re talking about over the internet. You actually know how to bring a problem to light and make it important. More people should look at this and understand this side of your story. I was surprised that you’re not more popular given that you most certainly possess the gift.
Nice post. I learn something totally new and challenging on sites I stumbleupon every day. It will always be useful to read through articles from other writers and practice a little something from other sites.
Bu casino’da slot oyunları oynamak çok eğlenceli, jackpotlar ise inanılmaz!
Deneme bonusu sayesinde hiç para kaybetmeden büyük kazançlar sağladım, çok memnunum!
Daha önce böyle büyük bir jackpot kazanmamıştım, çok mutluyum!
Casino’daki slot oyunlarının grafikleri ve ses efektleri gerçekten mükemmel.
Oh my goodness! Awesome article dude! Thank you so much, However I am having issues with your RSS. I don’t understand why I am unable to subscribe to it. Is there anybody else getting the same RSS problems? Anybody who knows the solution will you kindly respond? Thanx!!
Oh my goodness! Awesome article dude! Thanks, However I am going through difficulties with your RSS. I don’t know why I can’t subscribe to it. Is there anybody having the same RSS problems? Anyone who knows the answer can you kindly respond? Thanks!
It’s difficult to find experienced people on this subject, but you sound like you know what you’re talking about! Thanks
Slot oyunlarının kazandırma oranları çok yüksek, bu casino favorim oldu!
En sevdiğim slot oyunu Razor Shark, her spin büyük bir kazanç fırsatı sunuyor.
Crash oyunları arasında Aviator favorim, deneme bonusu ile risksiz oynayarak büyük kazançlar elde ediyorum!
A fascinating discussion is worth comment. I think that you should publish more about this topic, it might not be a taboo matter but generally people do not speak about such topics. To the next! Many thanks.
Deneme bonusu ile bahis yaparken risk almadan büyük kazançlar sağlıyorum.
Deneme bonusu sayesinde para yatırmadan kazandım, gerçekten çok heyecanlı!
Deneme bonusu sayesinde hiç para kaybetmeden kazandım, bu fırsatı kaçırmayın!
En sevdiğim slot oyunlarından biri Wolf Gold, her spin büyük bir kazanç şansı sunuyor.
Deneme bonusu sayesinde hiç para kaybetmeden büyük ödüller kazandım!
Bu casino’daki geniş bahis seçenekleri her seviyede oyuncuya hitap ediyor.
Yüksek bahislerle oynadığımda Jammin’ Jars’ta devasa kazançlar elde ediyorum!
Bu casino’daki futbol bahis seçenekleri her maçta ekstra kazanç fırsatları yaratıyor!
Oyunların çeşitliliği beni şaşırttı, her türden oyun var.
Yüksek bahislerle oynadığım futbol bahislerinde her zaman devasa kazançlar elde ediyorum!
This site certainly has all the info I wanted about this subject and didn’t know who to ask.
Everything is very open with a very clear explanation of the issues. It was really informative. Your site is very useful. Thank you for sharing!
Bu casino’daki slot oyunları ile büyük kazançlar elde edebilirsiniz, şansınızı denemelisiniz!
Futbol bahislerimde aldığım bonuslar ile daha fazla bahis yapabiliyorum ve kazancımı artırıyorum!
Bu casino’da futbol bahislerinde doğru stratejiyle her zaman kazançlı çıkıyorum!
Deneme bonusu ile bahis yapmak riski sıfıra indiriyor, büyük kazançlar elde ediyorum!
Bu casino’daki slot oyunları her zaman kazandırıyor, büyük jackpotlar kazanmak çok heyecanlı!
Bahis siteleri deneme bonusu ile oyuna başlamadan önce şansınızı ücretsiz deneyin!
Canlı casino oyunları ile slot oyunları arasında geçiş yapmak çok kolay, bu site mükemmel!
Hi there, There’s no doubt that your website could possibly be having web browser compatibility issues. Whenever I look at your blog in Safari, it looks fine however, if opening in I.E., it has some overlapping issues. I simply wanted to provide you with a quick heads up! Aside from that, fantastic blog!
I truly love your website.. Excellent colors & theme. Did you create this web site yourself? Please reply back as I’m planning to create my own personal website and want to know where you got this from or exactly what the theme is named. Appreciate it!
Crash oyunları arasında Aviator favorim, deneme bonusu ile riske girmeden oynayarak büyük kazançlar sağladım!
Bu casino’daki futbol bahis seçenekleri her maçta ekstra kazanç fırsatları yaratıyor!
Hey there! I simply wish to offer you a huge thumbs up for the excellent info you’ve got right here on this post. I will be coming back to your site for more soon.
Yüksek bahislerle Sweet Bonanza slotunda büyük ödüller kazanmak çok heyecan verici!
Deneme bonusu sayesinde hiç para kaybetmeden kazanç sağladım, çok memnunum!
An intriguing discussion is definitely worth comment. There’s no doubt that that you need to write more about this subject, it may not be a taboo matter but typically people don’t talk about such topics. To the next! Kind regards.
Bahis siteleri deneme bonusu ile oyunlara risksiz başlamak gerçekten harika!
Good day! I could have sworn I’ve been to your blog before but after looking at some of the posts I realized it’s new to me. Nonetheless, I’m certainly delighted I stumbled upon it and I’ll be book-marking it and checking back often.
Everything is very open with a clear explanation of the issues. It was definitely informative. Your site is useful. Many thanks for sharing!
An outstanding share! I’ve just forwarded this onto a friend who was doing a little research on this. And he in fact bought me lunch simply because I discovered it for him… lol. So allow me to reword this…. Thanks for the meal!! But yeah, thanks for spending some time to discuss this subject here on your website.
I used to be able to find good advice from your blog posts.
Deneme bonusu ile oyuna başlamak gerçekten çok kazançlı, hiç yatırım yapmadan kazandım!
En sevdiğim slot oyunu Great Rhino Megaways, kazançlarım her geçen gün artıyor.
Her gün casino slot oyunlarında yeni rekorlar kırıyorum!
Canlı bahis seçenekleri futbol maçlarını izlerken ekstra heyecan katıyor!
Bu sitenin sunduğu deneme bonusu ile bedava bahis yaparak hemen kazanmaya başladım!
Casino’nun sunduğu turnuvalar ile slot oyunlarında ekstra kazanç elde etmek çok kolay!
It’s hard to come by educated people about this subject, but you seem like you know what you’re talking about! Thanks
En sevdiğim slot oyunu Fire Joker, grafikler harika, kazançlar büyük!
Bu casino’nun sunduğu geniş bahis seçenekleri futbol maçlarına ekstra heyecan katıyor!
Casino’nun sunduğu bonuslar, slotlarda daha uzun süre oynamamı sağlıyor.
As a person that’s constantly been cautious about my blood glucose, discovering Sugar Defender
has been an alleviation. I feel so much more in control, and my current exams have
revealed favorable improvements. Knowing I have a dependable supplement
to sustain my regular provides me assurance. I’m so thankful for Sugar Protector’s
impact on my health!
For several years, I’ve fought unforeseeable blood sugar level
swings that left me feeling drained and inactive.
But since integrating Sugar Protector right into my regular,
I have actually observed a substantial improvement in my total power and security.
The dreadful mid-day distant memory, and I value that this natural treatment achieves these outcomes without any unpleasant or unfavorable responses.
honestly been a transformative exploration for me.
Incorporating Sugar Defender into my everyday program general
wellness. As a person who focuses on healthy eating,
I value the additional security this supplement provides. Given that starting to take
it, I have actually discovered a significant renovation in my energy levels and a significant
decrease in my desire for unhealthy treats such a such a profound influence on my
daily life.
Integrating Sugar Protector right into my daily regimen general well-being.
As somebody that prioritizes healthy eating, I appreciate the extra security this supplement offers.
Because beginning to take it, I have actually noticed a significant enhancement in my power degrees
and a considerable decrease in my desire for
undesirable treats such a such a profound effect on my day-to-day live.
I’ve had problem with blood sugar level changes for several years, and it actually
affected my power levels throughout the day. Considering that beginning Sugar Protector,
I feel more balanced and sharp, and I don’t experience those afternoon drops any longer!
I love that it’s an all-natural option that works with no rough
adverse effects. It’s genuinely been a game-changer for me
Casino’nun sunduğu promosyonlar sayesinde slot oyunlarında şansımı artırıyorum.
Keo nha cai 5 – Kèo bóng đá. Introducing to you the most prestigious online entertainment address today. Visit now to experience now!
I was very pleased to uncover this great site. I need to to thank you for ones time due to this fantastic read!! I definitely enjoyed every part of it and I have you bookmarked to see new stuff in your web site.
Introducing to you the most prestigious online entertainment address today. Visit now to experience now!
You’ve made some good points there. I looked on the net for more info about the issue and found most people will go along with your views on this site.
It’s difficult to find experienced people about this subject, however, you sound like you know what you’re talking about! Thanks
Introducing to you the most prestigious online entertainment address today. Visit now to experience now!
Suncity888
This is a very good tip especially to those new to the blogosphere. Brief but very accurate info… Appreciate your sharing this one. A must read article!
Howdy! Do you know if they make any plugins to assist with Search Engine Optimization? I’m trying
to get my site to rank for some targeted keywords but I’m not seeing very good success.
If you know of any please share. Thanks! I saw similar blog here: Wool product
Having read this I thought it was very informative. I appreciate you finding the time and energy to put this content together. I once again find myself spending a lot of time both reading and posting comments. But so what, it was still worthwhile!
You’ve made some good points there. I checked on the web for additional information about the issue and found most people will go along with your views on this web site.
Spot on with this write-up, I actually believe this web site needs a lot more attention. I’ll probably be returning to see more, thanks for the advice!
Good article! We are linking to this great article on our site. Keep up the great writing.
Spot on with this write-up, I honestly think this web site needs a lot more attention. I’ll probably be back again to read through more, thanks for the information!
Aw, this was a very good post. Taking a few minutes and actual effort to generate a really good article… but what can I say… I procrastinate a lot and never seem to get nearly anything done.
Daga – Introducing to you the most prestigious online entertainment address today. Visit now to experience now!