Salesforce Marketing Cloud Security Settings
In Salesforce Marketing Cloud, the Security Settings page is where you control login policies, password requirements, and permissions for exporting data from your account. The settings are set to a default value when you receive your account, but you can edit them to suit the needs of your business.
Marketing Cloud includes many security settings that most users almost always leave set to the default. In the interest of space, the following procedure mentions the security settings that you’re most likely to want to configure according to your specific needs. Use the following steps to get to your Security Settings page and specify the settings and policies that you need:
- On the toolbar, pause your mouse pointer on your username and select Administration from the drop-down menu that appears.
The Administration screen appears.
- Pause your mouse pointer on the Security menu and select Security Settings from the drop-down menu that appears.
The Security Settings page appears.
- Click Edit and complete this field in the Session Settings section:
- Session Timeout: Determines how long a user can be inactive before being logged out. You can choose 20 minutes, 1, 2, 4, or 8 hours from the drop-down menu.
- Complete the following fields in the Username and Logins section:
- Login Expires After Inactivity: Sets how long a user can go without logging in before his or her password expires. Options include 30, 60, or 90 days, one year, or never expire.
- Invalid Logins Before Lockout: Determines how many failed login attempts before locking the user’s account. You can choose 3, 5, or 10.
- Minimum Username Length: Specifies the minimum number of characters that can appear in a username. Options are 4, 6, 8, or 10 characters.
- Restrict Logins by IP Address (IP Whitelisting): Decides whether to require users to log in from an approved IP address.
This restriction is disabled by default, but you can use the drop-down to choose to record logins made by non-whitelisted IP addresses or deny login access to non-whitelisted IP addresses.
If you choose to enable this restriction, you must provide the range of whitelisted IP addresses on the Login IP Whitelist page, which is available under the Account Settings menu.
This setting is highly secure but also highly restrictive and may require ongoing maintenance to keep your whitelist up-to-date. If you enable this restriction, you don’t have to require identity validation codes.
- Device Activation Code Lifetime: Sets how long an identity validation code is good after being sent by the system.
- Complete the information in the Password Policies section:
- Minimum Password Length: Requires a certain number of characters in a password. Options are 6, 8, 10, or 15 characters.
- Password Complexity: Defines a combination of alpha, numeric, and special characters requirement for passwords. Select how many of each type of characters you want to require.
- Enforce Password History: Sets how far back in the list of previous passwords the user has to go before reusing an old password. You can select a number from 1 to 15.
- User Passwords Expire In: Determines the length of time that a user password is valid before requiring a change. Options are 30, 60, or 90 days, one year, or never expires.
- Exclude API Users from Password Expiration: Allows the password on a designated API user account to never expire, even if your other passwords do. Unless you have a very strict security policy, you should leave this option set to Yes to avoid headaches in the future.
- Send Password Change Confirmation Email: Indicates whether to send an email notification to a user after a password change. Sending the confirmation email is a good idea because it can alert users of their account being compromised before they otherwise would have noticed.
- Complete the information in the Single Sign-On Settings section.
These settings set up your account so that users can log in with credentials from another system. This requires additional configuration in Marketing Cloud as well as with the other system that provides the authentication service. Single sign-on is outside the scope of this book. Contact Salesforce Marketing Cloud support or see the Marketing Cloud online help for more information.
- Complete the information in the Data Export Settings section.
This section determines whether the email address that receives data exports must come from an approved list. If you choose to enable this restriction, you must provide the list of whitelisted email addresses on the Export Email Whitelist page.