Up next in 10
Show More Show Less
View Video Transcript
0:07
Hello everyone. In this video, we are
0:10
going to see how to prevent Salesforce
0:13
users, especially the integration users
0:17
doing SOAP API login requests.
0:23
Salesforce will is going to stop
0:25
supporting SOAP API login now.
0:29
and then they have planned it for
0:31
retirement. It is supported from
0:34
versions 31.0
0:37
through 64.0.
0:40
But with the summer 27 release coming
0:42
up,
0:44
Salesforce is planning to stop
0:47
and they are going to retire this API
0:50
login
0:52
um request. Let's say you wanted to be
0:57
more proactive and then you wanted to
0:59
block all uh Salesforce SOAP API
1:03
requests uh from an uh specific
1:05
integration user. In order to achieve
1:08
it, we can make use of transaction
1:11
security policy in Salesforce. If you go
1:14
to
1:16
transactions security policies in
1:19
Salesforce setup, you should be able to
1:21
create a new transaction uh security
1:24
policy. Here I have given the name as
1:26
block soap API for integration.
1:31
In the condition I have set event login
1:35
event and in the condition I have set
1:38
API type if it contains SOAP and uh if
1:43
the username is uh test user at
1:45
salesforce.com agentforce and this is a
1:48
dummy user name I have given you have to
1:50
use the right integration user you are
1:53
using it once you set this up in the
1:57
action I have selected the recipient and
1:59
also I have selected uh uh not yeah I I
2:04
have selected email notification and the
2:07
recipient is admin user and in the email
2:09
notification content I have selected the
2:11
default email content now
2:15
save it make sure the status is enabled
2:20
once it is saved click done
2:25
now if that particular test uh user or
2:29
the username whatever Whatever we have
2:31
configured there try to login into
2:34
Salesforce using SOAP uh login request
2:38
then it will fail. Let's do it. So this
2:41
is my Salesforce my domain URL/services/
2:45
SOAP/U
2:48
the version number the current version
2:50
number is 64.0. So I'm using the latest
2:54
one. In the header I am making use of
2:57
content type as text
2:59
/xml
3:01
soap action login car set UTF - 8. In
3:08
the body I'm using uh the XML uh given
3:12
by Salesforce so that I can make a login
3:15
request. Here I'm using my username and
3:17
password. So now if I do a post request,
3:22
it should fail for this particular user.
3:27
And here it clearly states that it is
3:29
because of transaction security. The
3:32
login request was blocked by one of uh
3:35
one or more of your organization's
3:38
security policies. To access this,
3:40
contact your Salesforce uh contact your
3:43
administrator. So I got an email also
3:46
saying that
3:47
this particular user uh tried to do a
3:52
SOAP API request and then it got failed
3:57
and it gave me the org ID and also the
4:00
Salesforce user ID along with the user
4:04
name and also the time at which this
4:07
particular user tried to make use of
4:11
SOAP API requests.
4:18
Please check the video description. In
4:20
the video description, I have shared my
4:22
blog post. From the blog post, you
4:25
should be able to see the steps what we
4:28
discussed in this video for your
4:30
reference.
4:39
I hope it was helpful.
4:46
Thank you for watching.
#Internet Software