CHI-LTD
asked on
Securing Hosted Apps
Hello
We are to deploy Sales force Cloud to users. From initial testing 2FA looks to work well using the authenticator app, however we are now proposing to block access by corporate IP ranges i.e. our firewall WAN IPs, rather than 2FA. This will mean VPN for remote users will be required not only for SF but other current and future apps.
Unfortunately the subscription/evaluation has expired and SF wont extend the trial, i have to pay a years fee to continue.
We are also looking at SF inbox, marketing cloud, SF inbox and other 3rd party tools to help integrate SF with exchange.
So, if w ego the route of IP blocking can anyone confirm if this can be setup in Sales Cloud globally for Inbox, marketing and sales cloud? I only see option to white-list SF IPs.
Thanks
We are to deploy Sales force Cloud to users. From initial testing 2FA looks to work well using the authenticator app, however we are now proposing to block access by corporate IP ranges i.e. our firewall WAN IPs, rather than 2FA. This will mean VPN for remote users will be required not only for SF but other current and future apps.
Unfortunately the subscription/evaluation has expired and SF wont extend the trial, i have to pay a years fee to continue.
We are also looking at SF inbox, marketing cloud, SF inbox and other 3rd party tools to help integrate SF with exchange.
So, if w ego the route of IP blocking can anyone confirm if this can be setup in Sales Cloud globally for Inbox, marketing and sales cloud? I only see option to white-list SF IPs.
Thanks
ASKER
Small user base, already have VPN in place and works well. Just need to get SF IP filtering to work..
Any ideas where or if this setting is?
Any ideas where or if this setting is?
Okay.
Help me understand.
Sounds like you're trying to circumvent the Sales Force time limit on trial memberships.
If this is correct, you should avoid this for many reasons.
Best option is to just pay the minor fee charged by SF to use their code.
If I'm missing something here, try a rephrase of your question.
Start by saying if you're trying to circumvent SF check or doing something else.
Help me understand.
Sounds like you're trying to circumvent the Sales Force time limit on trial memberships.
If this is correct, you should avoid this for many reasons.
Best option is to just pay the minor fee charged by SF to use their code.
If I'm missing something here, try a rephrase of your question.
Start by saying if you're trying to circumvent SF check or doing something else.
ASKER
No we are trying to restrict non-corporate devices accessing the SF platform (once we re-sign back up with a years membership).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If all your end users are part of your company, you can force them to take this level of pain.
If not, best stick with a simple method.
No VPN will ever provide better encryption than HTTPS, so just wrap access to your App in HTTPS + a login to authenticate valid users.
This approach means your end users don't require setting up a VPN.
Note: If you force random customers to setup a VPN, then best have a very large budget to pay a support staff for 24x7 support helping people setup their VPN + fix VPN breakage, every time an end user updates their OS.