The superusers of our application will have received the below e-mail sent out by Salesforce. This article will give a short explanation on the impact this might have on your org.
Logging on to Salesforce is done by you and your colleagues. Your IT-department might have whitelisted the IP-addresses Salesforce currently uses. In this case these IP-addresses need to be updated. Please reach out to your IT-department to verify this and provide them with the article below containing the necessary instructions.
Logging on to Salesforce is also done in case you have a website that is custom made. An Iframed website is not affected! If you have a custom website, please reach out to your web-development agency to verify if they have enabled IP-whitelisting. It is very rare for a webdeveloper to have implemented an IP-whitelist, but it is better to be safe then sorry.
In case your website is delivered by Connexys: we have made sure that your website will operate independent of the upcoming change of IP-addresses.
ACTION REQUIRED: Verify your Network Settings by November 2015
Product & Service Notification
At Salesforce, trust is our top priority and we’re working to improve your loginperformance, regardless of which instance you’re logging in from.
In the last year, we further improved the resiliency of our infrastructure by adding additional login pools to our North American and APAC data centers. On November 14, 2015 (US Pacific Time), we are adding more login pools to our North American and EMEA data centers. If your end users are accessing Salesforce from the North American or EMEA regions, they may authenticate via these new login pools, thus reducing the time it takes to login.
In order to take advantage of this improvement to the login experience, please take the actions below to prepare your organization.
If you do not take action, your end users may not be able to log in, and your inbound integrations may stop working starting on November 14, 2015 (US Pacific Time).
What are login pools?
Login pools process all login requests when end users or inbound-traffic integrations attempt to access the Salesforce app. Once enabled, end users and integrations will be sent to one of our login pools across our data centers, which then verifies credentials and forwards to the appropriate instance.
What does this mean to me?
Login pools only affect you if both of the following apply:
|1.||Your end users or inbound traffic integrations use login.salesforce.com to access your production instance.|
|2.||Your IT department has set up your corporate network settings (ie. proxy settings or firewalls, etc.) to restrict access to only certain Salesforce data centers or instances (ie. whitelisting certain IP addresses or ranges, hard-coding references to your specific instance, etc). Please note: This is not done in the Salesforce app, but in your corporate IT network settings.|
You will need to take action only if both of the above criteria apply to you. Otherwise no action is necessary.
What action do I need to take?
If your IT department has set up your corporate network settings to restrict access to only certain Salesforce data centers or instances, you will need to update your corporate network settings to allow access to all Salesforce data centers.
If your IT department currently restricts access by certain IP addresses or ranges, please refer them to the the full list of Salesforce IP ranges available in the What Saleforce IP ranges should I whitelist? article. For security purposes, you will need tologin with your Salesforce credentials to view the list of IP ranges.
If you would like to confirm that your corporate network settings are prepared for loginpools, please see the How to Prepare for Additional Login Pools article. Please note: You will need to allow access to all of the ranges for every data center, regardless of where your instance resides.
What if I do not update my IP ranges to include all Salesforce data centers?
If you do not update your corporate network settings to allow access to all Salesforce data centers, and your end users and integrations reference login.salesforce.com, your end users may not be able to log in and your inbound integrations may stop working starting on November 14, 2015 (US Pacific Time).
When is this change taking effect?
We’re adding a login pool to our North American and EMEA data centers on November 14, 2015 (US Pacific Time). Please check trust.salesforce.com/trust/
Why am I receiving this information?
As a Salesforce admin, if you have end users with multi-national internet entry points, then you should whitelist all IP ranges. This includes remote offices and end users trying to access Salesforce while traveling. (For example, if you have an employee traveling to the EMEA region and you do not allow access to the IP ranges as outlined in the What Saleforce IP ranges should I whitelist? article, the employee would not be able to log in as our login pools would not be able to process their authentication due to your restricting access to certain IP ranges.)
Where do I get more information?
To help answer your questions, we have prepared this How to Prepare for AdditionalLogin Pools article & FAQs.
You can also reach out to Customer Support by opening a case via the Help & Training portal.