Transaction Security is a security feature that observes the activity in your Salesforce org in real-time to catch the potential security issue based on conditions you create. In Transaction Security, we create policies that include events, conditions, and actions.
Transaction Security is an add-on subscription service so you have to purchase a Salesforce Shield license/subscription.
An event is an activity that happens in the Salesforce org, including user logins, logouts, reports download & export, record changes, etc. Events in Salesforce are unalterable and timestamped.
When we create a Transaction Security policy in Salesforce org, we first choose an event to monitor for, and then we choose actions that take place when the event occurs. This bundle of rules and actions we create are known as policies. Transaction security policies are built for many use cases, and we can extend the functionality with Apex for customized security requirements.
Don't forget to check out: Learn About Record Level Security in Salesforce
Steps Create Transaction Security policies in your org
Setup > Transaction Security policies > Enable > New
You can build the conditions for transaction security by following two methods:
- Point-and-Click - This feature allows us to create conditions without any code, it offers a path to block the user or insist on two-factor authentication.
- Block the user while exporting reports that match with conditions
- Insist the user follow the two-factor authentication
- Restrict the user from logging in while login from an untrusted IP address
- Apex Code - If you want to create complex/advanced conditions that can be created using Apex, by implementing the standard TxnSecurity.EventCondition interface. Apex conditions allow Block or notify the user.
- Block data export via API/List View/Report according to certain criteria
List of actions that can be performed if the policy is triggered:
- Block the user or activity.
- Require MFA (multi-factor authentication).
- Sent policy notification via:
- In-app notification
- Both (Email, In-app notification)
Let’s create a transaction security policy that prevents the users from login in if they try to login into Salesforce org from the Mozilla Firefox browser.
Step1: Setup > Transaction Security policies > New
Step2: Clicks or code>choose Condition Builder > click Next
Step3: Choose Login Events from the Event dropdown
Step4: Choose Clicks or code from the Condition Logic dropdown
- Condition: Browser
- Operator: Contains
- Value: Firefox
Step5: Choose the ‘Block’ option from the Action dropdown
Step6: Checked the Email notification, In-App notification and choose the Recipient
Step7: Finally give the name to your security policy, make status Active and click Finish.
List of some of the common event types for Transaction Security
API Event - This event is used for monitoring and securing all API queries. This aborts the unauthorized data exports from Salesforce org.
List View Event- List views event used for monitoring the access to various list views. This monitors users’ access to list views from the UI as well API queries.
Login Event - This event monitors all about login details. This blocks the user from login in from untrusted applications, restricted browsers, and restricted IP ranges.
Report Event - Report event monitors the activity related to reports view and export. This blocks or requires MFA (multi-factor authentication) for access to specific reports or notifies when reports are run or exported from the org.