I have a custom .net integration where users log on via a c# component. I want to do away with the need for them to include their security token, so presumably i need to set up trusted IP ranges, they will all be office based when accessing via the API so no problem providing these ranges.

However, i still want users to be able to access from home/wherever they are and so cannot specify the IP range for all these locations. Anyway of achieving this?

Attribution to: paul

Possible Suggestion/Solution #1

*This answer is assuming you want to access salesforce over the web as normal * One alternative for working away, is the security token as youve stated.

When you access from an unidentified location, you are challenged to prove via a code which is sent to your email.

So when your users are accessing from outside the trusted network (non Api) and they get challenged, they get the Email me a verification code link. You can also set up your org to Text you the verification code in most countries.

Once you've entered this verification code, salesforce will set a cookie in the browser which marks it as recognised.

The next time your users login from the same location, they won't be challenged and will be able to login okay.

So this approach works if your users shuttle between a few fixed locations. However if its a different one each time, they will have to request a verification code which will need to be entered to proceed.

A word of caution about not accessing from dodgy locations!

Attribution to: techtrekker

Possible Suggestion/Solution #2

Use OAuth, the interactive flows use the same device activation features/detection as regular browser logins, rather than the security token approach. see http://help.salesforce.com/help/doc/en/remoteaccess_authenticate.htm

Attribution to: superfell
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/2254