home.social

Search

1000 results for “inherentlee”

  1. gusseting @[email protected] ·

    RE: rssfeed.media/@abcfeeds/116565

    Paul Cleary, author of “title fight” regarding the payout from billionaire Andrew Forrest to First Nations:
    That the amount of [economic] compensation should be in the order of $100,000 … is just extraordinary and obviously inherently unfair," he said.

    Fortescue declined requests for an interview.
    Because “how does it feel to be racist people + planet killing rorters?” does not make for good optics.
    #andrewforrest #Yindjibarndi #Fortescue #racism #australia

    #australia #racism #fortescue #yindjibarndi #andrewforrest
  2. gusseting @[email protected] ·

    RE: rssfeed.media/@abcfeeds/116565

    Paul Cleary, author of “title fight” regarding the payout from billionaire Andrew Forrest to First Nations:
    That the amount of [economic] compensation should be in the order of $100,000 … is just extraordinary and obviously inherently unfair," he said.

    Fortescue declined requests for an interview.
    Because “how does it feel to be racist people + planet killing rorters?” does not make for good optics.
    #andrewforrest #Yindjibarndi #Fortescue #racism #australia

    #andrewforrest #yindjibarndi #fortescue #racism #australia
  3. gusseting @[email protected] ·

    RE: rssfeed.media/@abcfeeds/116565

    Paul Cleary, author of “title fight” regarding the payout from billionaire Andrew Forrest to First Nations:
    That the amount of [economic] compensation should be in the order of $100,000 … is just extraordinary and obviously inherently unfair," he said.

    Fortescue declined requests for an interview.
    Because “how does it feel to be racist people + planet killing rorters?” does not make for good optics.
    #andrewforrest #Yindjibarndi #Fortescue #racism #australia

    #andrewforrest #yindjibarndi #fortescue #racism #australia
  4. Andy Engin Utkan @[email protected] ·

    How Salesforce Will Secure Your Org Against Hackers

    Security and convenience are almost always inversely correlated. Making something more secure inherently makes it harder to access, which creates real friction for everyday users. This tension is nothing new. Hackers have always sought unauthorized access to systems, but historically, the barriers were high: computers were expensive and internet access was scarce. This is no longer true.

    This battle front has always favored attackers. Security teams must successfully defend against every single intrusion attempt, while hackers only need to succeed once. A single breach can cause significant damage.

    What’s changed is the scale and speed of attacks. AI has dramatically lowered the barrier to entry, enabling hackers to probe far more systems, far more frequently than ever before.

    Recently, several Salesforce customers experienced significant system breaches involving their Salesforce instances, most notably those tied to the ShinyHunters cybercriminal group. What made these incidents particularly damaging was that the compromised accounts belonged to users with elevated access, including admins and developers. Salesforce denied responsibility and took limited action, largely confining its response to informing and educating the ecosystem about the risks of phishing and vishing attacks.

    It seems like that is about to change. Big time.

    Salesforce decided to enforce multiple security controls starting June-August 2026 to prevent credential theft, data exfiltration, and account takeovers. IP range restrictions originally planned are no longer being mandated, but MFA for all employee users, phishing-resistant MFA for admins, auto-containment for high-risk connections, and step-up authentication for reports will be enforced.

    This means your life is about to get more difficult, especially if you have elevated access typically used by admins, developers and architects.

    The New Security Direction by Salesforce

    • MFA exemption permission restricted: The “Waive Multifactor Authentication for Exempt Users” permission will be removed except for justified cases (automation/testing users) requiring support approval. 
    • New permission set required: “Modify Transaction Security Policy” permission set introduced. Users need both the new “Modify Transaction Security Policy” permission AND the existing “Customize Application” permission to manage TSPs. Users with only the Customize Application permission will be downgraded to read-only access for TSPs.
    • IP range restriction enforcement removed: The requirement to use IP ranges on profiles and the “enforce login ranges on every request” setting will not be mandated, though strongly recommended for customers who can implement them.
    • Staggered rollout approach: Enforcement timelines extended and staggered by instance to minimize customer disruption.

    Security Controls Being Enforced

    Auto-Containment Measures

    High-risk IP blocking was expanded April 24th to include all connected app and API traffic from anonymizing VPNs, proxies, and high-risk IP addresses; users are contained automatically with admin notifications. Extended login anomaly containment applies to all internal user login behavior (excluding external/community users) and focuses on detecting suspicious login patterns. There is no allow-list override, meaning even allow-listed IP addresses will be contained if classified as high-risk at connection time. There are also AWS integration issues under active investigation, with some AWS IP addresses being incorrectly flagged and the issue currently being resolved.

    MFA Requirements

    All Employee Users

    MFA is required for all employee license users, excluding Experience Cloud and external users. Enforcement is handled via locked settings, so admins cannot disable it. API-only logins are exempt, as the requirement applies exclusively to UI logins. For SSO, providers must pass AMR/ACR signals indicating strong or phishing-resistant MFA.

    Timeline: Sandboxes June 22-29; Production July 20-August 17 

    Admins and Privileged Users

    Phishing-resistant MFA is required for users with elevated privileges, specifically those on the default Sys Admin profile or holding Modify All Data, View All Data, Customize Application, or Author Apex permissions. This standard is stricter than standard MFA, and mobile authenticator apps do not meet the threshold. Only security keys and built-in authenticators or passkeys qualify.

    Timeline: Sandboxes June 22-29; Production July 1-27 

    Email Domain Verification

    DKIM or authorized email domain verification is required for all email sending domains (this was previously announced). Enforcement is being rolled out on a staggered timeline; check the timeline knowledge article for the latest dates. A tool is also available to verify compliance status.

    Step-Up Authentication for Reports

    Time-Based Session Policy:

    • Additional authentication required when users spend considerable time on reports.
    • Admins can configure the “Require step-up authentication within cool-down period” session-level policy to an exact cadence between 2 and 120 minutes (with 120 minutes being the default); logging in with MFA does not reset timer.
    • Verification methods: Users can use any supported MFA method, including Passkeys, Security Keys, Salesforce Authenticator, and third-party TOTP apps. The email and SMS One-Time Password (OTP) options are specifically fallback challenges for Single Sign-On (SSO) users who do not have a Salesforce MFA method registered.
    • Report access blocked if authentication fails (UI only, not API).
    • Timeline: Available May 27 (sandbox/production); Enforced June 3 (sandbox), June 10-July 4 (production). 

    Anomalous Behavior Detection

    • ML-based detection triggers authentication when unusual report viewing/downloading behavior detected.
    • Users must configure at least one verification method (authenticator app, phone, email) or report access blocked. 
    • Timeline: Enforced June 22 (sandbox), July 13 (production). 

    Transaction Security Policy Enhancements (Shield/Event Monitoring customers only): 

    • Step-up authentication required when downloading >10,000 records from reports.
    • Required for any create/update/delete/enable/disable operations on transaction security policies.
    • Timeline: Available June 1 (sandbox), June 15 (production); Enforced June 22 (sandbox), July 13 (production). 

    Additional Considerations

    Mobile SDK Lockout Risk for Admins: Warning for admins using the Salesforce Mobile App or custom Mobile SDK apps. Mobile SDK version 13.2.0 and earlier does not support phishing-resistant MFA. Admins using these older versions will be blocked from logging in unless their org pre-configures advanced authentication in My Domain, or until they utilize the new “Login for Admins” browser-based flow arriving in Mobile SDK 13.2.1

    Impact on “Waive MFA” Permission: Please note the exact behavior of the “Waive Multi-Factor Authentication for Exempt Users” permission. After enforcement, this permission will no longer automatically waive the MFA requirement; users with this permission will actually be prompted to enroll in MFA in the UI. To restore this exemption for valid testing/automation tools, admins must proactively contact Salesforce Support for approval.

    Passwordless Login Recommendation: Please note the best-practice recommendation of enabling “Allow passwordless login with passkeys”. This allows users (especially privileged admins) to meet the strict phishing-resistant MFA requirement by simply logging in with their username and a biometric passkey or security key, bypassing the need for a password and streamlining their experience.

    Trial Org Grace Period: Note that Trial Orgs converted to a paid subscription will no longer receive a 30-day grace period to comply with the MFA requirement.

    MFA Edge Cases and Exceptions

    Experience Cloud and Community users are completely exempt from this specific MFA login mandate. API-only users with the API-only permission assigned are exempt from MFA, as the requirement applies exclusively to UI logins. For Windows SSO, check the AMR field in login history for OIDC, or use the SAML Validator tool for SAML; ignore the strong/weak classification and only verify that the signal is present. Free scratch orgs are not in scope, as MFA enforcement applies only to paid sandbox orgs. When it comes to device activation, MFA takes precedence, and completing MFA exempts users from device activation prompts. Finally, custom IDPs must follow SAML/OIDC industry standards for passing AMR/ACR signals; contact your account team or support for provider-specific nuances.

    Customer Communication Plan

    Knowledge articles were published, you will find the links in this post. System administrators and security contacts received email notifications on the 6th of May, 2026. Product managers will be hosting webinars on Wednesday, May 13th, with both early and late US time slots available. For the early webinar time, click here. For the later time, click here.

    Action Items

    • Partners: Review client orgs for current VPN usage and MFA exemption permission assignments; prepare clients for June-August enforcement timelines. 
    • Admins: Test MFA configurations in sandboxes starting June 22; ensure users have at least one verification method configured (email/SMS/authenticator). 
    • SSO administrators: Verify AMR/ACR signals are being passed correctly using login history (OIDC) or SAML Validator tool (SAML). 
    • Shield customers: Review transaction security policies and prepare for step-up authentication on report downloads >10,000 records and policy modifications. 
    • All customers: Set up DKIM keys or authorized email domains; use in-app verification tool to check compliance. 

    Don’t Wait for Enforcement to Find Your Gaps

    Salesforce’s upcoming security enforcement represents a meaningful shift in how the platform approaches user protection. For years, the responsibility fell almost entirely on customers to configure and maintain their own security posture. That’s changing. Whether you’re an admin, developer, architect, or partner, the June through August enforcement windows are closer than they appear. Audit your orgs, test your configurations in sandbox, and make sure your users are set up with the right verification methods before enforcement kicks in. The friction is real, but so is the risk it’s designed to address. See the official Salesforce documentation here.

    Explore related content:

    Setup with Agentforce: What Salesforce Admins Need to Know

    The Salesforce DKIM Sandbox Problem, and How to Fix It

    Clean Data, Smart Flows: Automating Data Cleanup in Salesforce Nonprofit Cloud

    Salesforce Is Tightening Security Across Every Org

    #DomainVerification #MFA #Salesforce #SalesforceTutorial #Secutiry #Tutorial
    #domainverification #mfa #salesforce #salesforcetutorial #secutiry #tutorial
  5. Andy Engin Utkan @[email protected] ·

    How Salesforce Will Secure Your Org Against Hackers

    Security and convenience are almost always inversely correlated. Making something more secure inherently makes it harder to access, which creates real friction for everyday users. This tension is nothing new. Hackers have always sought unauthorized access to systems, but historically, the barriers were high: computers were expensive and internet access was scarce. This is no longer true.

    This battle front has always favored attackers. Security teams must successfully defend against every single intrusion attempt, while hackers only need to succeed once. A single breach can cause significant damage.

    What’s changed is the scale and speed of attacks. AI has dramatically lowered the barrier to entry, enabling hackers to probe far more systems, far more frequently than ever before.

    Recently, several Salesforce customers experienced significant system breaches involving their Salesforce instances, most notably those tied to the ShinyHunters cybercriminal group. What made these incidents particularly damaging was that the compromised accounts belonged to users with elevated access, including admins and developers. Salesforce denied responsibility and took limited action, largely confining its response to informing and educating the ecosystem about the risks of phishing and vishing attacks.

    It seems like that is about to change. Big time.

    Salesforce decided to enforce multiple security controls starting June-August 2026 to prevent credential theft, data exfiltration, and account takeovers. IP range restrictions originally planned are no longer being mandated, but MFA for all employee users, phishing-resistant MFA for admins, auto-containment for high-risk connections, and step-up authentication for reports will be enforced.

    This means your life is about to get more difficult, especially if you have elevated access typically used by admins, developers and architects.

    The New Security Direction by Salesforce

    • MFA exemption permission restricted: The “Waive Multifactor Authentication for Exempt Users” permission will be removed except for justified cases (automation/testing users) requiring support approval. 
    • New permission set required: “Modify Transaction Security Policy” permission set introduced. Users need both the new “Modify Transaction Security Policy” permission AND the existing “Customize Application” permission to manage TSPs. Users with only the Customize Application permission will be downgraded to read-only access for TSPs.
    • IP range restriction enforcement removed: The requirement to use IP ranges on profiles and the “enforce login ranges on every request” setting will not be mandated, though strongly recommended for customers who can implement them.
    • Staggered rollout approach: Enforcement timelines extended and staggered by instance to minimize customer disruption.

    Security Controls Being Enforced

    Auto-Containment Measures

    High-risk IP blocking was expanded April 24th to include all connected app and API traffic from anonymizing VPNs, proxies, and high-risk IP addresses; users are contained automatically with admin notifications. Extended login anomaly containment applies to all internal user login behavior (excluding external/community users) and focuses on detecting suspicious login patterns. There is no allow-list override, meaning even allow-listed IP addresses will be contained if classified as high-risk at connection time. There are also AWS integration issues under active investigation, with some AWS IP addresses being incorrectly flagged and the issue currently being resolved.

    MFA Requirements

    All Employee Users

    MFA is required for all employee license users, excluding Experience Cloud and external users. Enforcement is handled via locked settings, so admins cannot disable it. API-only logins are exempt, as the requirement applies exclusively to UI logins. For SSO, providers must pass AMR/ACR signals indicating strong or phishing-resistant MFA.

    Timeline: Sandboxes June 22-29; Production July 20-August 17 

    Admins and Privileged Users

    Phishing-resistant MFA is required for users with elevated privileges, specifically those on the default Sys Admin profile or holding Modify All Data, View All Data, Customize Application, or Author Apex permissions. This standard is stricter than standard MFA, and mobile authenticator apps do not meet the threshold. Only security keys and built-in authenticators or passkeys qualify.

    Timeline: Sandboxes June 22-29; Production July 1-27 

    Email Domain Verification

    DKIM or authorized email domain verification is required for all email sending domains (this was previously announced). Enforcement is being rolled out on a staggered timeline; check the timeline knowledge article for the latest dates. A tool is also available to verify compliance status.

    Step-Up Authentication for Reports

    Time-Based Session Policy:

    • Additional authentication required when users spend considerable time on reports.
    • Admins can configure the “Require step-up authentication within cool-down period” session-level policy to an exact cadence between 2 and 120 minutes (with 120 minutes being the default); logging in with MFA does not reset timer.
    • Verification methods: Users can use any supported MFA method, including Passkeys, Security Keys, Salesforce Authenticator, and third-party TOTP apps. The email and SMS One-Time Password (OTP) options are specifically fallback challenges for Single Sign-On (SSO) users who do not have a Salesforce MFA method registered.
    • Report access blocked if authentication fails (UI only, not API).
    • Timeline: Available May 27 (sandbox/production); Enforced June 3 (sandbox), June 10-July 4 (production). 

    Anomalous Behavior Detection

    • ML-based detection triggers authentication when unusual report viewing/downloading behavior detected.
    • Users must configure at least one verification method (authenticator app, phone, email) or report access blocked. 
    • Timeline: Enforced June 22 (sandbox), July 13 (production). 

    Transaction Security Policy Enhancements (Shield/Event Monitoring customers only): 

    • Step-up authentication required when downloading >10,000 records from reports.
    • Required for any create/update/delete/enable/disable operations on transaction security policies.
    • Timeline: Available June 1 (sandbox), June 15 (production); Enforced June 22 (sandbox), July 13 (production). 

    Additional Considerations

    Mobile SDK Lockout Risk for Admins: Warning for admins using the Salesforce Mobile App or custom Mobile SDK apps. Mobile SDK version 13.2.0 and earlier does not support phishing-resistant MFA. Admins using these older versions will be blocked from logging in unless their org pre-configures advanced authentication in My Domain, or until they utilize the new “Login for Admins” browser-based flow arriving in Mobile SDK 13.2.1

    Impact on “Waive MFA” Permission: Please note the exact behavior of the “Waive Multi-Factor Authentication for Exempt Users” permission. After enforcement, this permission will no longer automatically waive the MFA requirement; users with this permission will actually be prompted to enroll in MFA in the UI. To restore this exemption for valid testing/automation tools, admins must proactively contact Salesforce Support for approval.

    Passwordless Login Recommendation: Please note the best-practice recommendation of enabling “Allow passwordless login with passkeys”. This allows users (especially privileged admins) to meet the strict phishing-resistant MFA requirement by simply logging in with their username and a biometric passkey or security key, bypassing the need for a password and streamlining their experience.

    Trial Org Grace Period: Note that Trial Orgs converted to a paid subscription will no longer receive a 30-day grace period to comply with the MFA requirement.

    MFA Edge Cases and Exceptions

    Experience Cloud and Community users are completely exempt from this specific MFA login mandate. API-only users with the API-only permission assigned are exempt from MFA, as the requirement applies exclusively to UI logins. For Windows SSO, check the AMR field in login history for OIDC, or use the SAML Validator tool for SAML; ignore the strong/weak classification and only verify that the signal is present. Free scratch orgs are not in scope, as MFA enforcement applies only to paid sandbox orgs. When it comes to device activation, MFA takes precedence, and completing MFA exempts users from device activation prompts. Finally, custom IDPs must follow SAML/OIDC industry standards for passing AMR/ACR signals; contact your account team or support for provider-specific nuances.

    Customer Communication Plan

    Knowledge articles were published, you will find the links in this post. System administrators and security contacts received email notifications on the 6th of May, 2026. Product managers will be hosting webinars on Wednesday, May 13th, with both early and late US time slots available. For the early webinar time, click here. For the later time, click here.

    Action Items

    • Partners: Review client orgs for current VPN usage and MFA exemption permission assignments; prepare clients for June-August enforcement timelines. 
    • Admins: Test MFA configurations in sandboxes starting June 22; ensure users have at least one verification method configured (email/SMS/authenticator). 
    • SSO administrators: Verify AMR/ACR signals are being passed correctly using login history (OIDC) or SAML Validator tool (SAML). 
    • Shield customers: Review transaction security policies and prepare for step-up authentication on report downloads >10,000 records and policy modifications. 
    • All customers: Set up DKIM keys or authorized email domains; use in-app verification tool to check compliance. 

    Don’t Wait for Enforcement to Find Your Gaps

    Salesforce’s upcoming security enforcement represents a meaningful shift in how the platform approaches user protection. For years, the responsibility fell almost entirely on customers to configure and maintain their own security posture. That’s changing. Whether you’re an admin, developer, architect, or partner, the June through August enforcement windows are closer than they appear. Audit your orgs, test your configurations in sandbox, and make sure your users are set up with the right verification methods before enforcement kicks in. The friction is real, but so is the risk it’s designed to address. See the official Salesforce documentation here.

    Explore related content:

    Setup with Agentforce: What Salesforce Admins Need to Know

    The Salesforce DKIM Sandbox Problem, and How to Fix It

    Clean Data, Smart Flows: Automating Data Cleanup in Salesforce Nonprofit Cloud

    Salesforce Is Tightening Security Across Every Org

    #DomainVerification #MFA #Salesforce #SalesforceTutorial #Secutiry #Tutorial
    #tutorial #secutiry #salesforcetutorial #salesforce #mfa #domainverification
  6. Andy Engin Utkan @[email protected] ·

    How Salesforce Will Secure Your Org Against Hackers

    Security and convenience are almost always inversely correlated. Making something more secure inherently makes it harder to access, which creates real friction for everyday users. This tension is nothing new. Hackers have always sought unauthorized access to systems, but historically, the barriers were high: computers were expensive and internet access was scarce. This is no longer true.

    This battle front has always favored attackers. Security teams must successfully defend against every single intrusion attempt, while hackers only need to succeed once. A single breach can cause significant damage.

    What’s changed is the scale and speed of attacks. AI has dramatically lowered the barrier to entry, enabling hackers to probe far more systems, far more frequently than ever before.

    Recently, several Salesforce customers experienced significant system breaches involving their Salesforce instances, most notably those tied to the ShinyHunters cybercriminal group. What made these incidents particularly damaging was that the compromised accounts belonged to users with elevated access, including admins and developers. Salesforce denied responsibility and took limited action, largely confining its response to informing and educating the ecosystem about the risks of phishing and vishing attacks.

    It seems like that is about to change. Big time.

    Salesforce decided to enforce multiple security controls starting June-August 2026 to prevent credential theft, data exfiltration, and account takeovers. IP range restrictions originally planned are no longer being mandated, but MFA for all employee users, phishing-resistant MFA for admins, auto-containment for high-risk connections, and step-up authentication for reports will be enforced.

    This means your life is about to get more difficult, especially if you have elevated access typically used by admins, developers and architects.

    The New Security Direction by Salesforce

    • MFA exemption permission restricted: The “Waive Multifactor Authentication for Exempt Users” permission will be removed except for justified cases (automation/testing users) requiring support approval. 
    • New permission set required: “Modify Transaction Security Policy” permission set introduced. Users need both the new “Modify Transaction Security Policy” permission AND the existing “Customize Application” permission to manage TSPs. Users with only the Customize Application permission will be downgraded to read-only access for TSPs.
    • IP range restriction enforcement removed: The requirement to use IP ranges on profiles and the “enforce login ranges on every request” setting will not be mandated, though strongly recommended for customers who can implement them.
    • Staggered rollout approach: Enforcement timelines extended and staggered by instance to minimize customer disruption.

    Security Controls Being Enforced

    Auto-Containment Measures

    High-risk IP blocking was expanded April 24th to include all connected app and API traffic from anonymizing VPNs, proxies, and high-risk IP addresses; users are contained automatically with admin notifications. Extended login anomaly containment applies to all internal user login behavior (excluding external/community users) and focuses on detecting suspicious login patterns. There is no allow-list override, meaning even allow-listed IP addresses will be contained if classified as high-risk at connection time. There are also AWS integration issues under active investigation, with some AWS IP addresses being incorrectly flagged and the issue currently being resolved.

    MFA Requirements

    All Employee Users

    MFA is required for all employee license users, excluding Experience Cloud and external users. Enforcement is handled via locked settings, so admins cannot disable it. API-only logins are exempt, as the requirement applies exclusively to UI logins. For SSO, providers must pass AMR/ACR signals indicating strong or phishing-resistant MFA.

    Timeline: Sandboxes June 22-29; Production July 20-August 17 

    Admins and Privileged Users

    Phishing-resistant MFA is required for users with elevated privileges, specifically those on the default Sys Admin profile or holding Modify All Data, View All Data, Customize Application, or Author Apex permissions. This standard is stricter than standard MFA, and mobile authenticator apps do not meet the threshold. Only security keys and built-in authenticators or passkeys qualify.

    Timeline: Sandboxes June 22-29; Production July 1-27 

    Email Domain Verification

    DKIM or authorized email domain verification is required for all email sending domains (this was previously announced). Enforcement is being rolled out on a staggered timeline; check the timeline knowledge article for the latest dates. A tool is also available to verify compliance status.

    Step-Up Authentication for Reports

    Time-Based Session Policy:

    • Additional authentication required when users spend considerable time on reports.
    • Admins can configure the “Require step-up authentication within cool-down period” session-level policy to an exact cadence between 2 and 120 minutes (with 120 minutes being the default); logging in with MFA does not reset timer.
    • Verification methods: Users can use any supported MFA method, including Passkeys, Security Keys, Salesforce Authenticator, and third-party TOTP apps. The email and SMS One-Time Password (OTP) options are specifically fallback challenges for Single Sign-On (SSO) users who do not have a Salesforce MFA method registered.
    • Report access blocked if authentication fails (UI only, not API).
    • Timeline: Available May 27 (sandbox/production); Enforced June 3 (sandbox), June 10-July 4 (production). 

    Anomalous Behavior Detection

    • ML-based detection triggers authentication when unusual report viewing/downloading behavior detected.
    • Users must configure at least one verification method (authenticator app, phone, email) or report access blocked. 
    • Timeline: Enforced June 22 (sandbox), July 13 (production). 

    Transaction Security Policy Enhancements (Shield/Event Monitoring customers only): 

    • Step-up authentication required when downloading >10,000 records from reports.
    • Required for any create/update/delete/enable/disable operations on transaction security policies.
    • Timeline: Available June 1 (sandbox), June 15 (production); Enforced June 22 (sandbox), July 13 (production). 

    Additional Considerations

    Mobile SDK Lockout Risk for Admins: Warning for admins using the Salesforce Mobile App or custom Mobile SDK apps. Mobile SDK version 13.2.0 and earlier does not support phishing-resistant MFA. Admins using these older versions will be blocked from logging in unless their org pre-configures advanced authentication in My Domain, or until they utilize the new “Login for Admins” browser-based flow arriving in Mobile SDK 13.2.1

    Impact on “Waive MFA” Permission: Please note the exact behavior of the “Waive Multi-Factor Authentication for Exempt Users” permission. After enforcement, this permission will no longer automatically waive the MFA requirement; users with this permission will actually be prompted to enroll in MFA in the UI. To restore this exemption for valid testing/automation tools, admins must proactively contact Salesforce Support for approval.

    Passwordless Login Recommendation: Please note the best-practice recommendation of enabling “Allow passwordless login with passkeys”. This allows users (especially privileged admins) to meet the strict phishing-resistant MFA requirement by simply logging in with their username and a biometric passkey or security key, bypassing the need for a password and streamlining their experience.

    Trial Org Grace Period: Note that Trial Orgs converted to a paid subscription will no longer receive a 30-day grace period to comply with the MFA requirement.

    MFA Edge Cases and Exceptions

    Experience Cloud and Community users are completely exempt from this specific MFA login mandate. API-only users with the API-only permission assigned are exempt from MFA, as the requirement applies exclusively to UI logins. For Windows SSO, check the AMR field in login history for OIDC, or use the SAML Validator tool for SAML; ignore the strong/weak classification and only verify that the signal is present. Free scratch orgs are not in scope, as MFA enforcement applies only to paid sandbox orgs. When it comes to device activation, MFA takes precedence, and completing MFA exempts users from device activation prompts. Finally, custom IDPs must follow SAML/OIDC industry standards for passing AMR/ACR signals; contact your account team or support for provider-specific nuances.

    Customer Communication Plan

    Knowledge articles were published, you will find the links in this post. System administrators and security contacts received email notifications on the 6th of May, 2026. Product managers will be hosting webinars on Wednesday, May 13th, with both early and late US time slots available. For the early webinar time, click here. For the later time, click here.

    Action Items

    • Partners: Review client orgs for current VPN usage and MFA exemption permission assignments; prepare clients for June-August enforcement timelines. 
    • Admins: Test MFA configurations in sandboxes starting June 22; ensure users have at least one verification method configured (email/SMS/authenticator). 
    • SSO administrators: Verify AMR/ACR signals are being passed correctly using login history (OIDC) or SAML Validator tool (SAML). 
    • Shield customers: Review transaction security policies and prepare for step-up authentication on report downloads >10,000 records and policy modifications. 
    • All customers: Set up DKIM keys or authorized email domains; use in-app verification tool to check compliance. 

    Don’t Wait for Enforcement to Find Your Gaps

    Salesforce’s upcoming security enforcement represents a meaningful shift in how the platform approaches user protection. For years, the responsibility fell almost entirely on customers to configure and maintain their own security posture. That’s changing. Whether you’re an admin, developer, architect, or partner, the June through August enforcement windows are closer than they appear. Audit your orgs, test your configurations in sandbox, and make sure your users are set up with the right verification methods before enforcement kicks in. The friction is real, but so is the risk it’s designed to address. See the official Salesforce documentation here.

    Explore related content:

    Setup with Agentforce: What Salesforce Admins Need to Know

    The Salesforce DKIM Sandbox Problem, and How to Fix It

    Clean Data, Smart Flows: Automating Data Cleanup in Salesforce Nonprofit Cloud

    Salesforce Is Tightening Security Across Every Org

    #DomainVerification #MFA #Salesforce #SalesforceTutorial #Secutiry #Tutorial
    #domainverification #mfa #salesforce #salesforcetutorial #secutiry #tutorial
  7. SydneyJim @[email protected] ·

    I do not wish to see sexualised imagery, explicit content, or displays of #genitals presented in a sexual manner. My focus is #naturism, which is inherently #NonSexual & grounded in #respect for #natural, appropriate #nudity. Any content that contradicts this standard is not welcome. If such material is posted, or if you follow me expecting that kind of content, you will be blocked without notice. Please respect this boundary.

    #genitals #naturism #nonsexual #respect #natural #nudity
  8. SydneyJim @[email protected] ·

    I do not wish to see sexualised imagery, explicit content, or displays of #genitals presented in a sexual manner. My focus is #naturism, which is inherently #NonSexual & grounded in #respect for #natural, appropriate #nudity. Any content that contradicts this standard is not welcome. If such material is posted, or if you follow me expecting that kind of content, you will be blocked without notice. Please respect this boundary.

    #genitals #naturism #nonsexual #respect #natural #nudity
  9. SydneyJim @[email protected] ·

    I do not wish to see sexualised imagery, explicit content, or displays of #genitals presented in a sexual manner. My focus is #naturism, which is inherently #NonSexual & grounded in #respect for #natural, appropriate #nudity. Any content that contradicts this standard is not welcome. If such material is posted, or if you follow me expecting that kind of content, you will be blocked without notice. Please respect this boundary.

    #genitals #naturism #nonsexual #respect #natural #nudity
  10. SydneyJim @[email protected] ·

    I do not wish to see sexualised imagery, explicit content, or displays of #genitals presented in a sexual manner. My focus is #naturism, which is inherently #NonSexual & grounded in #respect for #natural, appropriate #nudity. Any content that contradicts this standard is not welcome. If such material is posted, or if you follow me expecting that kind of content, you will be blocked without notice. Please respect this boundary.

    #nudity #natural #respect #nonsexual #naturism #genitals
  11. Adam Lee @[email protected] ·

    The Probability Broach: Who cares about the Bill of Rights?

    A rare admission that maybe government isn't all inherently bad.

    freethoughtblogs.com/daylight/

    #probabilitybroach
    #libertarianism

    #probabilitybroach #libertarianism
  12. Weary Wulf @[email protected] ·

    [P] I call the classification of dissimilarity to Me (personal self or vague group-belonging concwpt of self) pathological becuse it impoverishes understanding, which is inherently and indefatigably wretched. This categorisation results in the desire to harm the dissimilar as it conflates dissimilarity with negative traits. What a neurotypical would do with a dragon is slay them. I would ask them to tell me anything at all!

    #lsychology #actuallyautistic #neurotypicals #dragons

    -1

    #lsychology #actuallyautistic #neurotypicals #dragons
  13. David @[email protected] ·

    RE: ecoevo.social/@benlockwood/116

    Dr. Lockwood has a sound point.

    Mastery-based #education has been shown to be more effective: Instead of holding fixed the duration to learn and varying the #learning outcomes (an inherently and irremediably classist and ableist colonial norm), vary the duration to learn and hold fixed the outcome of topic mastery.

    Learning only happens on the output side, but grade-based learning doesn’t promote learning: It promotes playing the system to maximize grades. Eliminate grades, and replace the competition and social sorting with cooperation and constructive education, and you get more learned students.

    Only trouble is, the ruling class controlling educational policy consider the social sorting a feature, not a bug: It is selective for their own children against others, thus reducing competition in the higher-paying and more power-proximate labour market. The resulting inequity is the system working as intended.

    Consider: who gets to provide their children unlimited access to predictably quiet and peaceful spaces, private tutoring, and anything else they need to maximize grades?

    Conveniently for most of them, due to the intergenerational transmission of socioeconomic status this social sorting reinforces, graded education also upholds white supremacy. Also conveniently for the most powerful of them, it bolsters #patriarchy and #eugenics as well.

    It should thus come as no surprise that the ruling class are promoting #AI — particularly, “generative” “AI” (read: plagiaristic content synthesis). By offering a shortcut to output without the cognitive effort to come up with said output themselves, it sabotages learning.

    Since children of poor and working-class families are most strapped for learning-conducive space and time, they’re most pressured to use #genAI. It is therefore their education most sabotaged in early grades, and them most likely to face expulsion from #PSE for #plagiarism if their AI-generated homework gets them admission.

    #pedagogy #classism #ableism #racism #sexism #eugenics

    #education #learning #patriarchy #eugenics #ai #genai
  14. WikiPicBot @[email protected] ·

    𝗪𝗜𝗞𝗜𝗣𝗘𝗗𝗜𝗔'𝗦 𝗙𝗘𝗔𝗧𝗨𝗥𝗘𝗗 𝗔𝗥𝗧𝗜𝗖𝗟𝗘

    ✧ Nihilism ✧

    Nihilism is a family of philosophical views. Existential nihilism asserts that life is inherently meaningless and lacks a higher purpose, suggesting that all individual and societal achievements are ultimately pointless. Moral nihilism denies the objective existence of morality, arguing that moral evaluation...

    #familyofphilosophical #nihilism #philosophicalviews #existentialnihilismasserts #family #wikipedia
    en.wikipedia.org/wiki/Nihilism

    #familyofphilosophical #nihilism #philosophicalviews #existentialnihilismasserts #family #wikipedia
  15. WikiPicBot @[email protected] ·

    𝗪𝗜𝗞𝗜𝗣𝗘𝗗𝗜𝗔'𝗦 𝗙𝗘𝗔𝗧𝗨𝗥𝗘𝗗 𝗔𝗥𝗧𝗜𝗖𝗟𝗘

    ✧ Nihilism ✧

    Nihilism is a family of philosophical views. Existential nihilism asserts that life is inherently meaningless and lacks a higher purpose, suggesting that all individual and societal achievements are ultimately pointless. Moral nihilism denies the objective existence of morality, arguing that moral evaluation...

    #familyofphilosophical #nihilism #philosophicalviews #existentialnihilismasserts #family #wikipedia
    en.wikipedia.org/wiki/Nihilism

    #familyofphilosophical #nihilism #philosophicalviews #existentialnihilismasserts #family #wikipedia
  16. WikiPicBot @[email protected] ·

    𝗪𝗜𝗞𝗜𝗣𝗘𝗗𝗜𝗔'𝗦 𝗙𝗘𝗔𝗧𝗨𝗥𝗘𝗗 𝗔𝗥𝗧𝗜𝗖𝗟𝗘

    ✧ Nihilism ✧

    Nihilism is a family of philosophical views. Existential nihilism asserts that life is inherently meaningless and lacks a higher purpose, suggesting that all individual and societal achievements are ultimately pointless. Moral nihilism denies the objective existence of morality, arguing that moral evaluation...

    #familyofphilosophical #nihilism #philosophicalviews #existentialnihilismasserts #family #wikipedia
    en.wikipedia.org/wiki/Nihilism

    #familyofphilosophical #nihilism #philosophicalviews #existentialnihilismasserts #family #wikipedia
  17. WikiPicBot @[email protected] ·

    𝗪𝗜𝗞𝗜𝗣𝗘𝗗𝗜𝗔'𝗦 𝗙𝗘𝗔𝗧𝗨𝗥𝗘𝗗 𝗔𝗥𝗧𝗜𝗖𝗟𝗘

    ✧ Nihilism ✧

    Nihilism is a family of philosophical views. Existential nihilism asserts that life is inherently meaningless and lacks a higher purpose, suggesting that all individual and societal achievements are ultimately pointless. Moral nihilism denies the objective existence of morality, arguing that moral evaluation...

    #familyofphilosophical #nihilism #philosophicalviews #existentialnihilismasserts #family #wikipedia
    en.wikipedia.org/wiki/Nihilism

    #wikipedia #family #existentialnihilismasserts #philosophicalviews #nihilism #familyofphilosophical
  18. WikiPicBot @[email protected] ·

    𝗪𝗜𝗞𝗜𝗣𝗘𝗗𝗜𝗔'𝗦 𝗙𝗘𝗔𝗧𝗨𝗥𝗘𝗗 𝗔𝗥𝗧𝗜𝗖𝗟𝗘

    ✧ Nihilism ✧

    Nihilism is a family of philosophical views. Existential nihilism asserts that life is inherently meaningless and lacks a higher purpose, suggesting that all individual and societal achievements are ultimately pointless. Moral nihilism denies the objective existence of morality, arguing that moral evaluation...

    #familyofphilosophical #nihilism #philosophicalviews #existentialnihilismasserts #family #wikipedia
    en.wikipedia.org/wiki/Nihilism

    #familyofphilosophical #nihilism #philosophicalviews #existentialnihilismasserts #family #wikipedia
  19. Travis F W @travisfw ·

    @smallcircles The enabled AI.
    It made a lot of text available over the internet.

    are not inherently bad. might be irresponsible, but it is not inherently bad, either.

    What *IS* inherently bad is the libertarian-funded dominance-oriented surveillance-capitalist economic model, and the dominance worship that success under that scheme is regarded with.

    #www #llms #vibecoding
  20. Kaja :AuPan: @[email protected] ·
    CW: Why I don't think that most men are monsters, SA, feminism, intersectionality

    As an autistic woman, who experienced SA herself and as an intersectional feminist, I reject the trope that most men are monsters, that men are inherently bad and women inherently good. This approach is the opposite of helpful, it’s highly problematic for all genders and leads to the terf, fascist, religious extremism pipeline.

    It’s not the gender, that corrupts people, it’s power.

    For that reason, Feminism and Anarchism are strongly intertwined. Because we are not talking about physical power here. If you can train a huge dog, that could kill you with a bite, not to touch his food until you allow him to do so, we as a society can teach men not to rape a woman during her sleep.

    The problem is, that we don’t do that. Living in patriarchy means, that a poor black girl has to take more responsibility and is held more accountable than a rich white man.

    Patriarchy limits men’s possibilities for personal growth, it makes most of them become weak cowards, who exploit women and are easy to control. That is why oppressors created this system in the first place. This is what intersectional feminists mean, when they say, that men suffer under patriarchy too.

    It also means, that not all women are safe for other women. As a marginalized, autistic woman, I might feel safer with an autistic man, than with an allistic woman. Not only because internalized misogyny is a thing, but because patriarchy is a hierarchical system, that gives some women power over others, it makes them compliant.

    For me personally it means that despite all the bullshit men did to me, women were the ones, who deeply traumatized me over and over again. It means, that I will choose the people I trust not based on their gender, but based on their ability for critical thinking, personal growth and the power structures inside and outside of my relationship with them.

    #feminism #intersectionality #ActuallyAutistic

    #feminism #intersectionality #actuallyautistic
  21. Kaja :AuPan: @[email protected] ·
    CW: Why I don't think that most men are monsters, SA, feminism, intersectionality

    As an autistic woman, who experienced SA herself and as an intersectional feminist, I reject the trope that most men are monsters, that men are inherently bad and women inherently good. This approach is the opposite of helpful, it’s highly problematic for all genders and leads to the terf, fascist, religious extremism pipeline.

    It’s not the gender, that corrupts people, it’s power.

    For that reason, Feminism and Anarchism are strongly intertwined. Because we are not talking about physical power here. If you can train a huge dog, that could kill you with a bite, not to touch his food until you allow him to do so, we as a society can teach men not to rape a woman during her sleep.

    The problem is, that we don’t do that. Living in patriarchy means, that a poor black girl has to take more responsibility and is held more accountable than a rich white man.

    Patriarchy limits men’s possibilities for personal growth, it makes most of them become weak cowards, who exploit women and are easy to control. That is why oppressors created this system in the first place. This is what intersectional feminists mean, when they say, that men suffer under patriarchy too.

    It also means, that not all women are safe for other women. As a marginalized, autistic woman, I might feel safer with an autistic man, than with an allistic woman. Not only because internalized misogyny is a thing, but because patriarchy is a hierarchical system, that gives some women power over others, it makes them compliant.

    For me personally it means that despite all the bullshit men did to me, women were the ones, who deeply traumatized me over and over again. It means, that I will choose the people I trust not based on their gender, but based on their ability for critical thinking, personal growth and the power structures inside and outside of my relationship with them.

    #feminism #intersectionality #ActuallyAutistic

    #feminism #intersectionality #actuallyautistic
  22. Kaja :AuPan: @[email protected] ·
    CW: Why I don't think that most men are monsters, SA, feminism, intersectionality

    As an autistic woman, who experienced SA herself and as an intersectional feminist, I reject the trope that most men are monsters, that men are inherently bad and women inherently good. This approach is the opposite of helpful, it’s highly problematic for all genders and leads to the terf, fascist, religious extremism pipeline.

    It’s not the gender, that corrupts people, it’s power.

    For that reason, Feminism and Anarchism are strongly intertwined. Because we are not talking about physical power here. If you can train a huge dog, that could kill you with a bite, not to touch his food until you allow him to do so, we as a society can teach men not to rape a woman during her sleep.

    The problem is, that we don’t do that. Living in patriarchy means, that a poor black girl has to take more responsibility and is held more accountable than a rich white man.

    Patriarchy limits men’s possibilities for personal growth, it makes most of them become weak cowards, who exploit women and are easy to control. That is why oppressors created this system in the first place. This is what intersectional feminists mean, when they say, that men suffer under patriarchy too.

    It also means, that not all women are safe for other women. As a marginalized, autistic woman, I might feel safer with an autistic man, than with an allistic woman. Not only because internalized misogyny is a thing, but because patriarchy is a hierarchical system, that gives some women power over others, it makes them compliant.

    For me personally it means that despite all the bullshit men did to me, women were the ones, who deeply traumatized me over and over again. It means, that I will choose the people I trust not based on their gender, but based on their ability for critical thinking, personal growth and the power structures inside and outside of my relationship with them.

    #feminism #intersectionality #ActuallyAutistic

    #feminism #intersectionality #actuallyautistic
  23. Kaja :AuPan: @[email protected] ·
    CW: Why I don't think that most men are monsters, SA, feminism, intersectionality

    As an autistic woman, who experienced SA herself and as an intersectional feminist, I reject the trope that most men are monsters, that men are inherently bad and women inherently good. This approach is the opposite of helpful, it’s highly problematic for all genders and leads to the terf, fascist, religious extremism pipeline.

    It’s not the gender, that corrupts people, it’s power.

    For that reason, Feminism and Anarchism are strongly intertwined. Because we are not talking about physical power here. If you can train a huge dog, that could kill you with a bite, not to touch his food until you allow him to do so, we as a society can teach men not to rape a woman during her sleep.

    The problem is, that we don’t do that. Living in patriarchy means, that a poor black girl has to take more responsibility and is held more accountable than a rich white man.

    Patriarchy limits men’s possibilities for personal growth, it makes most of them become weak cowards, who exploit women and are easy to control. That is why oppressors created this system in the first place. This is what intersectional feminists mean, when they say, that men suffer under patriarchy too.

    It also means, that not all women are safe for other women. As a marginalized, autistic woman, I might feel safer with an autistic man, than with an allistic woman. Not only because internalized misogyny is a thing, but because patriarchy is a hierarchical system, that gives some women power over others, it makes them compliant.

    For me personally it means that despite all the bullshit men did to me, women were the ones, who deeply traumatized me over and over again. It means, that I will choose the people I trust not based on their gender, but based on their ability for critical thinking, personal growth and the power structures inside and outside of my relationship with them.

    #feminism #intersectionality #ActuallyAutistic

    #actuallyautistic #intersectionality #feminism
  24. Jonathan Emmesedi @[email protected] ·

    From an April 9th Texas Tech University System memorandum providing course conent guidelines:

    >> To ensure academic objectivity, faculty are prohibited from teaching as absolute truth that:
    ...
    ● Meritocracy or a strong work ethic are inherently racist, sexist, or constructs of oppression. <<

    A flagrant breach of academic freedom.

    #USPolitics #HigherEducation #TexasTech #Texas #AcademicFreedom #Meritocracy

    #uspolitics #highereducation #texastech #texas #academicfreedom #meritocracy
  25. Jonathan Emmesedi @[email protected] ·

    From an April 9th Texas Tech University System memorandum providing course conent guidelines:

    >> To ensure academic objectivity, faculty are prohibited from teaching as absolute truth that:
    ...
    ● Meritocracy or a strong work ethic are inherently racist, sexist, or constructs of oppression. <<

    A flagrant breach of academic freedom.

    #USPolitics #HigherEducation #TexasTech #Texas #AcademicFreedom #Meritocracy

    #uspolitics #highereducation #texastech #texas #academicfreedom #meritocracy
  26. Jonathan Emmesedi @[email protected] ·

    From an April 9th Texas Tech University System memorandum providing course conent guidelines:

    >> To ensure academic objectivity, faculty are prohibited from teaching as absolute truth that:
    ...
    ● Meritocracy or a strong work ethic are inherently racist, sexist, or constructs of oppression. <<

    A flagrant breach of academic freedom.

    #USPolitics #HigherEducation #TexasTech #Texas #AcademicFreedom #Meritocracy

    #uspolitics #highereducation #texastech #texas #academicfreedom #meritocracy
  27. Jonathan Emmesedi @[email protected] ·

    From an April 9th Texas Tech University System memorandum providing course conent guidelines:

    >> To ensure academic objectivity, faculty are prohibited from teaching as absolute truth that:
    ...
    ● Meritocracy or a strong work ethic are inherently racist, sexist, or constructs of oppression. <<

    A flagrant breach of academic freedom.

    #USPolitics #HigherEducation #TexasTech #Texas #AcademicFreedom #Meritocracy

    #meritocracy #academicfreedom #texas #texastech #highereducation #uspolitics
  28. Jonathan Emmesedi @[email protected] ·

    From an April 9th Texas Tech University System memorandum providing course conent guidelines:

    >> To ensure academic objectivity, faculty are prohibited from teaching as absolute truth that:
    ...
    ● Meritocracy or a strong work ethic are inherently racist, sexist, or constructs of oppression. <<

    A flagrant breach of academic freedom.

    #USPolitics #HigherEducation #TexasTech #Texas #AcademicFreedom #Meritocracy

    #uspolitics #highereducation #texastech #texas #academicfreedom #meritocracy
  29. Aral Balkan @[email protected] ·

    “AA: There is also a way to argue, on the flipside, that the project of Israel is essentially a project of assimilation into the Western world order—that there’s nothing inherently Jewish about what Israel is doing, and that it actually represents assimilation into a colonial framework. But then, of course, there’s a way to read this that’s very direct: This is what Jews are doing in the world. Secular Jews, religious Jews, cultural Jews, all kinds of Jews.

    EL: You’re absolutely right. That was the strategy we on the Jewish left used for a long time, to say Judaism was colonized and the Zionists are Jewish antisemites, in that they reject what the antisemites reject—the diasporic, exilic, “parasite” Jew—and want instead to become real Europeans. But when so many people who call themselves Jewish are doing things that we have a problem with and calling it “Jewish,” we cannot just dismiss it, or claim that it’s not real Judaism. If you look at statistics, at least in Israel, the support for Netanyahu and the Gaza war, including the most racist genocidal statements, is correlated to how religious people are—the more religious, the more supportive. There were times when you could expect the Haredi communities not to go to the army, not to celebrate Yom Ha’atzmaut, Independence Day, not even to speak Hebrew. And that’s changed.”

    jewishcurrents.org/when-jewish

    #jewishness #zionism #israel #genocide #philosophy #EladLapidot #conversation #JewishCurrents

    #jewishness #zionism #israel #genocide #philosophy #eladlapidot
  30. Aral Balkan @[email protected] ·

    “AA: There is also a way to argue, on the flipside, that the project of Israel is essentially a project of assimilation into the Western world order—that there’s nothing inherently Jewish about what Israel is doing, and that it actually represents assimilation into a colonial framework. But then, of course, there’s a way to read this that’s very direct: This is what Jews are doing in the world. Secular Jews, religious Jews, cultural Jews, all kinds of Jews.

    EL: You’re absolutely right. That was the strategy we on the Jewish left used for a long time, to say Judaism was colonized and the Zionists are Jewish antisemites, in that they reject what the antisemites reject—the diasporic, exilic, “parasite” Jew—and want instead to become real Europeans. But when so many people who call themselves Jewish are doing things that we have a problem with and calling it “Jewish,” we cannot just dismiss it, or claim that it’s not real Judaism. If you look at statistics, at least in Israel, the support for Netanyahu and the Gaza war, including the most racist genocidal statements, is correlated to how religious people are—the more religious, the more supportive. There were times when you could expect the Haredi communities not to go to the army, not to celebrate Yom Ha’atzmaut, Independence Day, not even to speak Hebrew. And that’s changed.”

    jewishcurrents.org/when-jewish

    #jewishness #zionism #israel #genocide #philosophy #EladLapidot #conversation #JewishCurrents

    #jewishness #zionism #israel #genocide #philosophy #eladlapidot
Next page