Home » Admin–2–User Setup–9%

Admin–2–User Setup–9%

This chapter’s objectives are:

  • 2.1- Identify the steps to set up and/or maintain a user (e.g., assign licenses, reset passwords, and resolve locked user accounts)
  • 2.2- Given a scenario, troubleshoot common user access and visibility issues

2.1- Identify the steps to set up and/or maintain a user (e.g., assign licenses, reset passwords, and resolve locked user accounts)

User/Record:

  • Every record in Salesforce must have an owner. Records can be owned by either users or queues.
  • By default, the user that creates the record is the owner. Record owner is typically used to determine responsibilities (e.g. I manage the leads that I own), reporting (I am credited for the opportunities that I own), record security (discussed in Security Model – Free), and for a variety of other purposes.
  • An active user record is required to login to Salesforce. Records can only be assigned to an active user or a queue. 1 Person = 1 User = 1 User License.
  • Maximum Salesforce users per edition: Developer(2), Contact Manager(5), Group(5), Professional, Enterprise, Unlimited (all 3 unlimited)


User creation and fields

  • Every user is identified by:
    • Personal info: name, email, title, phone
    • Security: username, password license, profile, role
    • Locale: timezone, locale, language and currency
  • The profile determines what tasks users can perform, Role what Record they can see
  • User Locale (override company default locale):
    • As per the above chapter, Admin can setup 4 default Organization settings: Default Locale. Default Language, Default Timezone, and Locale Currency.
    • When creating new User, these fields will be filled with the default values, but can be changed
    • After creation User can change his: own Locale. Language and Timezone (and currency if multi-currency is enabled).
    • If you change currency, only the symbol changes, no conversion will take place!
    • Multi-Currency should be a feature request to be enabled by SF team. IT is not present by default.
    • Once activated, Advanced Currency Management is present now
    • Conversion rate are configured by Admin, not auto generated
    • 3 Language types: Fully Supported, End-USer Supported, Platform Language.
  • User Records cannot be deleted, but only de-activated or Frozen:
    • Freezing a user account will temporarily prevent a user from logging in (ex: in a maintenance window, or if configuration prevents user deactivation), while deactivation of a user completely revokes access.
    • Freezing a user – select the user and click on the Freeze button on the top next to Edit.
    • De-activate: Edit a user and uncheck the Active button.

New User Window:

2016-08-01_1937

2016-08-01_1943

License vs. Edition:

  • A Salesforce edition is the “type” of your Salesforce instance. The edition determines:
    • What functionality is available
    • The limits: for example, the maximum number of custom objects, the maximum number of tabs, the maximum number of custom fields. Note that some limits are a based on a combination of edition and user license. For example, data storage is 20 MB per licensed user on Enterprise Edition, but 120 MB per licensed user on Unlimited Edition
  • Licenses are associated with individual users and make functionality available.
    • For example, a Salesforce license has access to the sales cloud functionality (Leads, Opportunities)
    • A platform license doesn’t have access to Salesforce functionaly
    • There are also feature licenses that can be applied to a user to add functionality. For example, Mobile User is a feature license that allows a user with an existing license to use Salesforce Mobile. There are many other licenses available and it can get rather bewildering at times, especially as the license names change on occasion.
  • When a company decides to purchase Salesforce to enhance their business, it will look at the functionalities of each edition, and at the respective edition prices, and then decides which edition is best suited based on the functionalities vs. price.
  • Sales Cloud Editions are:
    • SalesforceIQ CRM Starter: max 5 users, for very small and limited use
    • Professional: does NOT include – Person Account, Sales Team, Knowledge, Advanced Forecasting and Reporting, Visual Workflow, Workflow Rule, Approval…
    • Enterprise: this is the most popular Edition, it includes almost all features
    • Unlimited: this is the top and most expensive Editions. On top of the Enterprise Edition, the following are added: more data storage, 24/7 support, unlimited online training, and some other features.
    • Developer: FREE edition for training and light testing
  • Licenses are associated with individual users and make functionality available.
    • For example, a Salesforce license has access to the sales cloud functionality (Leads, Opportunities) plus any custom Object
    • A Platform license doesn’t have access to Salesforce functionality, but can access any Custom Object
    • A Chatter license will give access to Chatter only, without any Salesforce functionality or custom Object access.
    • There are also feature licenses that can be applied to a user to add functionality. For example, Mobile User is a feature license that allows a user with an existing license to use Salesforce Mobile. There are many other licenses available and it can get rather confusing at times, especially as the license names change on occasion.
  • Note that every user must have a license appropriate for the edition, and these get more expensive as the capability of the edition increases.
  • You cannot mix different user License edition, for example: Enterprise and Unlimited licenses in an Unlimited Edition Org.

Licensing:

  • Each user should be assigned 1 User License
  • A user can be assigned  one or more of Feature Licenses (checkboxes on user page interface). You can also set up accounts for users outside your organization who need to access a limited set of fields and objects. These user licenses can grant access to Customer Portal and partner portal.
  • User License + Feature License = Total Licensing
  • Licensing + Permission (profile) = what user can perform!
  • For example, to create a campaign, a user should have User License + Marketing Feature License + Permission (profile) to create campaign
  • Create new user settings: General Info, Licensing (user and feature license) / Security role and profile) / Localization (Locale, language, timezone, currency)
  • User License type determine which Profile and Feature License are selectable
  • Sales Cloud CRM Prices (August 2016):2016-08-28_1256
  • The total price to pay is determined by the unit price of a license x number of licenses/users r: for example, for an Enterprise Edition, unit price of Salesforce license is 150 USD per user per month, so if you have 20 users using such license, you will pay 150 x 20 = 3,000 USD per month. Note that payment with Salesforce is billed annually, i.e, you will have to pay 1 year in advance (3,000 x 12 = 36,000 USD) for all your users.

License Types:

  • Standard User Licenses – check this Link from Salesforce:
    • Salesforce:
      • Full access, can access any standard and custom app.
      • Available in: All editions
    • Knowledge only User:
      • Designed for users who only need access to the Salesforce Knowledge app.
      • Access to the following tabs: Articles, Article Management, Chatter, Chatter Files, Home, Profiles, Reports,
      • Custom objects, and custom tabs
      • The Knowledge Only User license includes a Knowledge Only profile that grants access to the Articles tab.
      • Note: To view articles, a user must have the “AllowViewKnowledge” permission on their profile. However, this permission is off for default profiles
      • Available in: Enterprise, Unlimited, and Performance Editions
    • Salesforce Platform:
      • Users can access custom apps (incl. AppExchange) but not standard CRM functionality (forecasts, opportunities).
      • Can use core platform functionality (Accounts, contacts, reports, dashboards, documents and custom tabs)
      • Users with this license can only view dashboards if the running user also has the same license.
      • Users with a Salesforce Platform user license can access all the custom apps in your organization.
      • Available in: Enterprise, Unlimited,  Performance and Developer Editions
    • Force.com – 1 App:
      • Designed for users who need access to one custom app but not to standard CRM functionality.
      • Force.com – One App users are entitled to the same rights as Salesforce Platform users, plus they have access to an unlimited number of custom tabs.
      • However, they are limited to the use of one custom app, which is defined as up to 10 custom objects
      • Limited to read-only access to the Accounts and Contacts objects..
      • Available in: Enterprise and Unlimited Editions
    • Force.com – App Subscription:
      • Grants users access to a Force.com Light App or Force.com Enterprise App, neither of which include CRM functionality.
      • A Force.com Light App has up to 10 custom objects and 10 custom tabs, has read-only access to accounts and contacts, and supports object-level and field-level security.
      • A Force.com Enterprise App supports in addition: record-level sharing, can use the Bulk API and Streaming API, and has read/write access to accounts and contacts.
    • Company Community User:
      • Internal user license for employee communities
      • It allows read-only access to Salesforce Knowledge articles
      • Access up to 10 custom objects and 10 custom tabs,
      • Use Content, Ideas, Assets, and Identity features, Use activities, tasks, calendar, and events and Have access to accounts, contacts, cases, and documents.
      • Available in: Enterprise,  Unlimited, Performance and Developer Editions
    • Communities: There are 2 community licenses available for external users: Customer Community and Partner Community
    • Chatter Free: Users can access standard Chatter people, profiles, groups, and files. They can’t access any Salesforce objects or data. You can upgrade a Chatter Free license to a standard Salesforce license at any time, however, you can’t convert a standard Salesforce or Chatter Only license to a Chatter Free license.
    • Chatter External: Designed to allow customers in Chatter groups. Customers are users outside of a company’s email domain.
    • Customer portal: Allows contacts to log into your Customer Portal to manage customer support
    • Customer Portal – Enterprise Administration: Allows contacts with unlimited logins into your Customer Portal to manage customer support Authenticated Website license: is designed to be used with Force.com Sites. It gives named sites users unlimited logins to your Platform Portal to access customer support information.
    • Gold Partner user license: can only access Salesforce using the Partner Portal. Specific permissions to different objects can be given.
    • High Volume Customer Portal license: gives contacts unlimited logins to your Service Cloud Portal to access customer support information. They can have access to accounts, assets, cases, contacts, custom objects, documents, ideas and questions depending on permission settings. Data.com: Add, export Duns & Bradstreet Company data delivered through data.com per month. Default is 300.
    • Database.com User Licenses: Divided in 3 license types (admin, user and Light User). Grants access to database.com schemas or metadata.
Standard User Licenses – Salesforce, Force.com and Knowledge
Salesforce Salesforce Platform Force.com – One App Force.com App Subscription (Light) Force.com App Subscription (Enterprise) Knowledge Only User
Description CRM and AppExchange users. Standard and custom apps. Access to custom apps but not CRM. Access to one custom app. All other access mirrors Platform. Access to a Force.com Light App. No CRM. Access to a Force.com Enterprise App, No CRM. For users who only need access to the Salesforce Knowledge app + Custom Objects and Tabs
Editions  All Enterprise, Unlimited, Performance Developer Enterprise, Unlimited Enterprise, Unlimited, Performance Enterprise, Unlimited, Performance Enterprise, Unlimited, Performance
Available Standard Objects All CRM depending on which cloud purchased Accounts, Contacts [RW] Accounts, Contacts [R] Accounts, Contacts [R] Accounts, Contacts Articles, Article Management, Chatter, Chatter Files, Home, Profiles, Reports, custom objects, and custom tabs
Other

Available Features

– Object-level and Field-Level Security – Object-level and Field-Level Security

– Bulk and streaming API

– Record sharing

 Notes:
 Custom Objects  Unlimited  Unlimited 10 10 10
 Custom Tabs  Unlimited  Unlimited  Unlimited 10 10

 

Standard User Licenses – Chatter
Chatter Free Chatter External Chatter only AKA Chatter Plus
Description For users that don’t have Salesforce licenses but need access to Chatter Designed to allow customers in Chatter groups. Customers are users outside of a company’s email domain. Customers can access information and interact with users only in the groups they’re invited to For users that don’t have Salesforce licenses but need access to some Salesforce objects in addition to Chatter
Editions Group, Professional, Enterprise, Performance, Unlimited, Contact Manager, and Developer Professional, Enterprise Unlimited, and Performance
Available Standard Objects None [N] None [N] Account, Contacts [R]
Other

Available Features

– Standard Chatter features: Chatter people, profiles, groups, and files

– Can be Chatter moderator

– CRM Content, Ideas, and Answers

– Access dashboards and reports

– Use and approve workflows

– Use the calendar to create and track activities

– Activities: Tasks and Events

– Add records to groups

 Notes: – An administrator must expose the tabs for accounts, contacts, dashboards, and reports as they are hidden by default

– Content, Ideas, and Answers are disabled for Chatter Only users by defaul

Custom Objects None [N] None [N]  10 [RW]
Custom Tabs None [N] None [N]


Queue:

  • What is a Queue?
    • A queue can include multiple users, and is assigned to one or more objects, and can contain Records of that object.
    • Members of the queue can then take ownership of a queue’s records.
    • For instance, leads generated from the company’s website are routed to a lead queue “Inside Sales”. Members of the inside sales team then take ownership of leads owned by the queue
    • Queues are used for cases, leads, orders, custom objects, service contracts, knowledge article versions
    • Create queues: Setup | Manage Users | Queue | New – select name (LeadQueue) – select objects that this queue will hold (Lead) | select members in this queue (You can add individuals, roles, public groups, territories, connections, or partner users).
    • After you create a queue for cases or leads, you can set up assignment rules to route cases or leads to it
    • Go to Setup | Build | Customize | Leads | Leads Assignment Rules | create new rules there and assign to User or Queue.
    • Test it by creating a new lead with the criteria you chose in the Assignment Rule. The new lead should have new owner as per the Assignment Rule.
    • Note: Before you can delete a queue, reassign its records to another owner and remove it from any assignment rules.

Two factor authentication

  • Two factor authentication refers to requiring two independent mechanisms to successfully authenticate.
  • The most common example of this is a username/password combined with a randomly generated number (similar to computer activation – however, the randomly generated number may be generated by another system or device, and is required for every authentication)
  • To set it up, go to Setup | Administer | Manage Users | Permission Sets – New
  • Search for “Two-Factor Authentication for User Interface Login” – Select it – Click on Manage Assignment – Add Assignment – Select the users to assign it to.
  • Now this user who has 2 factor authentication should download the phone App Salesforce Authenticator. Then he should connect it to his SF login and password. Now every time he tried to login via Web, the App will prompt him to accept or deny.

Note: Resolve locked accounts is in the below section.


2.2- Given a scenario, troubleshoot common user access and visibility issues

Login to Salesforce:

Ways to login to SF:

  • Website: The standard Salesforce user interface.
  • API: Used for programmatic access, such as the data loader – needs token to be appended to the password to login through API.
    • The security token is a mechanism designed to prevent unauthorized access via the API.
    • A user must append their security token to their password when authenticating via the API (for example, Data Loader), unless they are connecting within a Trusted IP range.
    • Access the Token through the My Settings | Personal page
  • Single Sign On (SSO): Login to company network, and automatically login to SF
  • OAuth: allows external apps to ask user permission to access Salesforce data (no need to security token, but need user interaction) ex. Chatter Desktop.

Troubleshoot Login:

  • you can check the Login history of each user in his User page Reacted List bottom
  • To see all, Login History under Manage Users filter and display up to 20,000 of the most recent login records

  • You can reset a user password by going to the Users page – he will receive an email to reset it
  • Bulk reset passwords: go to Users, select users to bulk rest, click on Rest button
  • If no incorrect attempt then the user was using an invalid email/username to login
  • Other potential issues:
    • Does user profile have any login restriction? (Login Hours, Login IP)
    • Does user IP address in organization’s trusted IP range?
    • Has user been activated from this IP before? (if in non-Trusted IP Range)
    • Does user’s web browser have valid cookies from Salesforce?
  • Login Hours: access outside of the hrs. login is denied
    • Set it up in Profile: Administer | Manage users | Profiles | Login Hours
  • Login IP: access outside of the IP. login is denied
    • Set it up in Profile: Administer | Manage users | Profiles | Login IP Ranges

Security Controls:

  • Computer activation is designed to prevent unauthorized access to Salesforce.com, particularly in the event of a hijacked username and password. Computer activation is required when all of the following conditions are True:

    1. The user is logging in from OUTSIDE a Trusted IP range.

    2. No browser cookie is present indicating a prior login is present.

  • In conclusion, you will get a challenge to authenticate when you login from a new IP address (outside the trusted range) AND a new device / browser.
  • Challenge can be through email or sms
  • To setup Trusted IP Ranges :
    • Setup | Security Controls | Network Access | Trusted IP Ranges
  • To monitor and revoke computer activations:
    • Setup | Security Controls | Activations
    • There you can see all activated session (IP based and browser based). You can remove these activations so that users will need to activate again – A user who logs in from a deactivated browser is prompted to verify identity, unless the login IP address is within a trusted IP range.
  • To setup session timeout value and other session options like (force re-login after Login-As-Use, Enable the SMS method of identity confirmation (cant disable), “enforce login IP range on every request”, etc.:
    • Setup |Security Controls | Session Settings
  • Password policies: password type, age, expiry, lockout when…etc.
    • Setup | Security Controls | Password Policies
  • To view audit :
    • Setup | Security Controls | View Set up Audit Trail (To check the security changes made to the organization by the administrator
  • What happens when a profile is logged in and login hr passes: Nothing will happen until your session expires and you will not be able to re-login after the session. If your admin hasn’t set a session setting the user will be able to stay in the system till he closes the browser.
  • That login restriction is for user who will try logging in after 5:00 pm for example, applicable only when the users are trying to log in and will not end the current session.
  • To solve thism in the session setting: “enforce login IP ranges on every request“.

Unlock user:

If a user is locked (because of many failed login attempts – set up in the password policies), then admin can unlock him from his User detail page: 

 

Login as another User:

  • Grant Login access: so that Admin can login as your user and check the problem
    • My settings | Personal | Grant Account Login Access
    • Choose the Admin or Salesforce and Set the access expiration date by choosing a value from the picklist.
  • Salesforce Org Admin can allow himself to Login as any Account, when this is setup, you as a user, you don’t see the option in the screenshot above. To make SF Admin Login as any user go to Administer | Security Control | Login Access Policies



9 Comments

  1. Hi ,

    In User creation and fields there is a topic User Locale (override company default locale). Fourth point of this topic says “If you change currency, only the symbol changes, no conversion will take place!”
    I performed this in my org in which multi- currency was enabled and this was not the result. Below are my findings:

    Case1: Neither symbol nor value changes for old records even if user changes his /her currency if Parenthetical Currency Conversion is not enabled. But user can create new record in his own currency.
    case2 : If Parenthetical Currency Conversion is enabled user see record in org currency as well as in his own currency in converted amount in parenthesis.

    Thanks

  2. This is the right web site for everyone who really wants to find out about
    this topic. You realize a whole lot its almost hard to argue with you (not that I personally will need to…HaHa).
    You definitely put a brand new spin on a topic which has been written about for years.
    Wonderful stuff, just great!

  3. The best in class, Depoxito present you high-end experience that
    speak to the look and mood of legal VIP standarts, we pay for you the
    best captivating to high-level experience of VIPs expect in any top end casino, grand
    liven up casino royale pay for you the new studio
    design element including the grand blackjack, offering our VIP Customer the best experience of a Salon privee table.

    New style table as a consequence feature across the
    room in the same way as grand roulette upgraded on our provider playtechs
    mini prestige roulette which delivering more engaging and richer playing experience.
    The other experience contains a sum of seven tables
    including five blackjack tables, one roulette table and one baccarat table.
    Grand living casino royale has been tall hand-engineered to fit the needs of
    our customer to using it, and contains unique elements that is specially meant to maximize the impact value we
    got from our customers and diversify it to the existing network.

    Soon, Depoxito will produce an enlarged authenticity
    technology on flesh and blood casino for our VIP member, these
    most open-minded technology ever seen in conscious casino including this enlarged reality.
    Which allow players to experience products on an entire supplementary level which is never
    seen before literally leaping out of the game and taking the
    blackjack, baccarat, roulette and additional game into the
    combined entire level.
    Depoxito VIP Baccarat, we come up with the money
    for you the certainly exclusive enliven VIP Baccarat that is played subsequently
    taking place to 7 players at the same table and our
    terribly trained pretty stir baccarat dealer.

    And of course our VIP zealot will tone as if they
    were essentially sitting at one of the top casino baccarat table.
    This immersive gaming experience creates a hugely thrill-seeking express
    that our VIP players will find difficult to surpass.

    Here is the list of breathing casino game that depoxito provide, we
    find the money for the widest range of stimulate casino games on the push including :
    blackjack unlimited, blackjack prestige, roulette, baccarat,
    poker, hi-lo, sic bo, and grand rouse casino royale such as Grand Baccarat,
    Grand Blackjack and Grand Roulette for our VIP member.
    And of course as a aficionado of Depoxito
    you can enjoy all the games that we have enough money to you, all
    you compulsion to do is just visit our site depoxito and register it
    lonely takes stirring to 3 minutes and after that
    youre adequate to do something any game that you want.

    Be our VIP, monster our VIP enthusiast of course established you the best support you can acquire from
    us all you compulsion to be a VIP member is entirely easy.
    all you compulsion is just keep playing on our site, enlargement and
    pretense following a VIP as soon as the amount
    that our company had written, save playing and our customer support will contact you that you are promoted to become
    a VIP enthusiast upon our site.

  4. Exploring all online gambling game on the internet has become one of the endeavors
    most enjoyed by users of gambling facilities nowadays.

    How not, every the games that used to be
    abandoned enjoyed abroad by people from the upper classes, now
    you can enjoy without having to depart the
    home and use a more affordable cost to work slot gambling in the house.

    This is all thanks to internet technology that can affix online gambling fans
    subsequent to the best gambling facilitate providers in the region of the world.
    As in Indonesia itself, the credited online gambling agent site behind Depoxito is here to
    service those of you who desire to spend pardon become old afterward environment
    online gambling products.

    Since its presence in the domestic online gambling industry, Depoxito has presented various types of gambling games
    of the highest quality. Games such as soccer betting, casino, shooting fish, poker, lottery, and of course
    online slot games are easy to use past international standards
    because they come from leading gambling sites such as Sbobet, Spade Gaming, Microgaming, Playtech, and so
    on.

    For those of you who desire to attempt out
    how risk-taking it is to play in online gambling on the attributed gambling agent website Depoxito, sharply register now and enjoy the best online gambling
    experience that you can’t find anywhere else.

  5. I was planning on how to start revision for my ADM 201 Cert. preparation when I came across this website. Its such an amazing website where all the notes from each section of the exam is collaborated from different modules and badges. You are a savior. Thanks a tonnnnnnn.

Leave a comment

Your email address will not be published. Required fields are marked *