Definition
Login History is a Setup page that displays a log of all login attempts for the org over the past six months, including successful and failed logins. It shows the username, login time, source IP address, login type (UI, API, OAuth), browser, and platform for each attempt.
Real-World Example
After a user reports a suspicious login notification, the security admin at TechNova reviews Login History and finds a successful login from an unfamiliar IP address in another country at 3:00 AM local time. She immediately resets the user's password, revokes all active sessions, and enables IP range restrictions for that user's profile.
Why Login History Matters
Login History provides a comprehensive audit log of every login attempt to the Salesforce org over the past six months. Each entry records the username, timestamp, source IP address, login type (UI, API, OAuth), geographic location, browser, platform, and whether the attempt succeeded or failed. This data is essential for security monitoring, compliance auditing, and troubleshooting access issues. Administrators can filter and export Login History data to identify patterns such as brute-force attempts, unauthorized access from unusual locations, or API integrations that generate excessive login traffic.
As organizations face increasing security threats and regulatory scrutiny, Login History becomes a frontline defense tool. Security teams use it to detect compromised accounts by identifying logins from unusual IP addresses, countries, or times. Compliance auditors reference Login History to verify that access controls are working and that terminated employees no longer have active sessions. Without regular Login History monitoring, compromised accounts can persist undetected for weeks or months, increasing the blast radius of security incidents. Organizations that integrate Login History exports into their SIEM systems gain real-time alerting capabilities that transform this passive log into an active security monitoring tool.
How Organizations Use Login History
- TechNova Security — After a user reports a suspicious login notification, TechNova's security admin reviews Login History and finds a successful login from an unfamiliar IP address in another country at 3 AM. She immediately resets the password, revokes all active sessions, and enables IP range restrictions for that user's profile. Post-incident analysis of Login History reveals the compromised credentials were obtained through a phishing attack.
- Meridian Compliance Group — Meridian exports Login History monthly for their SOC 2 audit. The auditors verify that terminated employees have no login attempts after their offboarding date and that all API logins come from whitelisted IP ranges. This automated export replaced a manual access review that previously took the compliance team three days per quarter.
- RapidScale Technologies — RapidScale's IT team uses Login History to diagnose why a third-party integration fails intermittently. They filter Login History by the integration user's API login attempts and discover that the integration hits the concurrent API session limit during peak hours. They restructure the integration to use connection pooling, resolving the failures.