Security Tokens in Salesforce.com

Download Free Salesforce Training Materials with Realtime Scenarios

Security Tokens in Salesforce.com

In this Salesforce Tutorial, we are going to learn about Security Tokens in Salesforce.com, how to reset security token in salesforce.com and why security token is used in Salesforce.com.

Why Security Token is used in Salesforce.com?

Force.com has an additional layer of access for external and client application. If a user running a development tool like Data loader or Force.com IDE or developing a web application which uses Web services API, every user must append a security token at the end of their passwords. Security Token in Salesforce are used at the end of the passwords if the IP address is outside of the trusted IP range. If the IP address is in trusted range, then there is no need of Security Token.

  • Security Token is automatically generated which have 24 characters, alphanumeric string.
  • They are case sensitive.
  • It is used only once, every time new security token must be generated.

How Security Token is Sent to User?

When a user want’s to reset their passwords a new security token will be sent automatically to user email address. To get Security Token, user must go to reset security Token settings. To rest your security token follow the steps given below.

How to reset Security Token in Salesforce.com.

To receive or reset security token follow the steps given below.

  • Go to Setup=>Personal Setup=>My Personal Information=>Reset Security Token.

Security Tokens in Salesforce.com

Click on reset Security Token button, automatically email will be sent to the user.

How to use security token?

Every time security token must be added immediately after the password. If a user have password is “password” and new generated security token is “xyzabc” then user must enter as “passwordxyzabc”.¬†We must be very careful when reseting administrator password as it may affect running applications and lock users out. It is advised that for external application we must create new “API-only” user and set it password to never expire.