Definition
Login Access Policies is a Setup page where administrators control whether users can grant Salesforce support or other administrators temporary login access to their accounts. It also controls the maximum duration of login access grants and whether the option appears in users' personal settings.
Real-World Example
The admin at FinServe Bank configures Login Access Policies to allow users to grant login access for a maximum of 7 days and restricts the option to only grant access to Salesforce Support (not other admins). When a user needs help troubleshooting an issue, they grant temporary access and the support team can log in as that user to diagnose the problem.
Why Login Access Policies Matters
Login Access Policies is a Setup feature that governs whether and how users can grant temporary login access to their Salesforce accounts. Administrators configure whether users can grant access to Salesforce Support, to other administrators within the org, or both. The policy also sets the maximum duration for any login access grant, typically ranging from 1 to 30 days. This creates a controlled framework for account access that balances the need for troubleshooting support with security requirements, ensuring that temporary access is truly temporary.
For organizations in regulated industries, Login Access Policies are a critical compliance control. Financial services, healthcare, and government agencies often have strict requirements about who can access user accounts and for how long. Without proper Login Access Policies, a user could grant indefinite access to their account, creating an unaudited back door. Organizations that configure these policies thoughtfully can enable efficient support workflows while maintaining a clear audit trail. The policies also protect against social engineering attacks where someone might convince a user to grant access to an unauthorized party.
How Organizations Use Login Access Policies
- FinServe Bank — FinServe configures Login Access Policies to allow users to grant access for a maximum of 7 days and restricts grants to Salesforce Support only, not other administrators. This satisfies their banking regulator's requirement that user account access be tightly controlled and time-limited, while still enabling users to get help from Salesforce when needed.
- SecureHealth Medical — SecureHealth completely disables the ability for users to grant login access to anyone due to HIPAA compliance requirements. When troubleshooting is needed, administrators use the system log and debug tools instead. For escalations requiring Salesforce Support, a designated security officer temporarily enables the policy, monitors the session, and disables it immediately after.
- Apex Dynamics Consulting — Apex Dynamics allows login access grants to both Salesforce Support and org administrators with a maximum duration of 3 days. When a consultant reports an issue with a custom component, the admin asks them to grant login access, reproduces the issue in their context, and resolves it within the window. This approach resolves user-specific issues 60% faster than trying to reproduce them in a test environment.