Monday, November 25, 2013

The Most Important Thing I Learned About Salesforce1 And Connected Apps At Dreamforce

The big news at Dreamforce this year centered around Salesforce1 as a new way of accessing your Salesforce data via mobile devices.  With APIs, you can expect to see a lot of new mobile apps taking advantage of this as well, and you may be surprised to learn that some of your existing Installed Packages from the AppExchange can be monitored more closely now as connected apps.

New Settings to Consider

Restricting access to mobile apps with
For administrators, Salesforce1 and the mobile APIs require new attention to security settings.  If you have IP restrictions on your Salesforce org, they are automatically applied to mobile apps.  With IP restrictions on user profiles, you can ensure that data is only accessed through your company WiFi by specifying the appropriate address range for Salesforce user profiles.

But, if you are trying to limit the devices from which users can access Salesforce data, IP restrictions may not be enough.  Make sure mobile devices cannot access your WiFi by limiting access based on a device's MAC address or similar security controls that
allow you to selectively allow devices to connect to your WiFi.

To provide access to acceptable mobile devices when they are outside the range of your company WiFi, install a Virtual Private Network (VPN) to give the device access from any location.

Login and Authorization Settings

Mobile and connected apps provide even more opportunities to specify security settings.  In addition to limiting IP addresses based on user profile, you can define how frequently users are required to login from a mobile device and whether users can automatically authorize their own mobile access. To do this, go to Setup | Manage Apps | Connected Apps  Select the application to edit access settings.

Salesforce also provides a means for reviewing who is able to use mobile and connected apps and blocking access for a specific app or revoking any user's access via a specific app.  For example, you may want to revoke access to Salesforce 1 for certain users while leaving it available to others.  Or you may want to block the app altogether.  This option is available through  Manage Apps | Connected Apps OAuth Usage

More Connected Apps Than You Might Think

In addition to Salesforce1, other apps may appear in your Connected Apps list.  For example,  SalesforceA for administrators all appear in the list after it has been accessed in your org.  The list of connected apps extends beyond mobile with the following apps likely to appear among others your users have accessed:
  • Saleforce Help and Training, 
  • Community, 
  • Power of Us Hub, 
  • Salesforce for Outlook, 
  • AppExchange and 
  • Workbench.  

You may also find older mobile applications such as Chatter Mobile, Salesforce Touch and even Mobile CRM.  As administrator, you may want to monitor the apps that have access to your data and consider Blocking some of the older apps or revoking access from selected users.

Installed Packages and Mobile Administration Changes

Administrators will likely also notice another recent change to their org under Installed Packages that is related to Salesforce1 and the APIs.  "Salesforce Connected Apps" along with "Salesforce1 and Chatter Apps", both managed packages, likely have been installed in your org by "Automated Process". This change relates to users accessing the org via any of the connected or mobile apps and is pushed out automatically by Salesforce.

One final consideration for setting up Salesforce1 is whether users should have access to the new mobile interface via the browser on their mobile device, as opposed to via an app.  By default, Salesforce has enabled access to Salesforce1 through the browser.  To edit this so that mobile browsers go directly to the full site instead, use the Mobile Administration options: Setup | Mobile Administration | Salesforce1

Even for administrators who were not planning to roll out Salesforce1, consider looking into the new settings available for connected apps and Salesforce.

No comments:

Post a Comment