The following are methods for SessionManagement. All methods are static. Use these methods to customize your user identity verification flows, manage the use of time-based one-time password (TOTP) apps like Google Authenticator, or create custom login flows. Other methods validate a user’s incoming IP address against trusted IP range settings for an organization or profile.
public static System.PageReference finishLoginFlow()
Type: System.PageReference
public static System.PageReference finishLoginFlow(String startUrl)
Type: System.PageReference
public static String generateVerificationUrl(Auth.VerificationPolicy policy, String description, String destinationUrl)
public static Map<String, String> getCurrentSession()
When a session is reused, Salesforce updates the LoginHistoryId with the value from the most recent login.
The following example shows the name-value pairs in a map returned by getCurrentSession(). Note that UsersId includes an “s” in the name to match the name of the corresponding field in the AuthSession object.
{ SessionId=0Ak###############, UserType=Standard, ParentId=0Ak###############, NumSecondsValid=7200, LoginType=SAML Idp Initiated SSO, LoginDomain=null, LoginHistoryId=0Ya###############, Username=user@domain.com, CreatedDate=Wed Jul 30 19:09:29 GMT 2014, SessionType=Visualforce, LastModifiedDate=Wed Jul 30 19:09:16 GMT 2014, LogoutUrl=https://google.com, SessionSecurityLevel=STANDARD, UsersId=005###############, SourceIp=1.1.1.1 }
public static Map<String, String> getQrCode()
The secret is a base32-encoded string of a 20-byte shared key.
The following is an example of how to request the QR code.
public String getGetQRCode() { return getQRCode(); } public String getQRCode() { Map<String, String> codeResult = Auth.SessionManagement.getQrCode(); String result = 'URL: '+codeResult.get('qrCodeUrl') + ' SECRET: ' + codeResult.get('secret'); return result; }
The following is an example of a returned map.
{qrCodeUrl=https://www.salesforce.com/secur/qrCode?w=200&h=200&t=tf&u=user%0000000000.com&s=AAAAA7B5BBBB5AAAAAAA66BBBB,
secret=AAAAA7B5AAAAAA5BBBBBBBBB66AAA}
public static Auth.SessionLevel getRequiredSessionLevelForProfile(String profileId)
The 15-character profile ID.
Type: Auth.SessionLevel
The session security level required at login for the profile with the ID profileId. You can customize the assignment of each level in Session Settings. For example, you can set the High Assurance level to apply only to users who authenticated with two-factor authentication or through a specific identity provider.
public static Boolean inOrgNetworkRange(String ipAddress)
Type: Boolean
Trusted IP Range Exists? | User is in the Trusted IP Range? | Return Value |
---|---|---|
Yes | Yes | true |
Yes | No | false |
No | N/A | false |
public static Boolean isIpAllowedForProfile(String profileId, String ipAddress)
Type: Boolean
Trusted IP Range Exists? | User is in the Trusted IP Range? | Return Value |
---|---|---|
Yes | Yes | true |
Yes | No | false |
No | N/A | true |
public static Void setSessionLevel(Auth.SessionLevel level)
Type: Void
The following is an example class for setting the session level.
public class RaiseSessionLevel{ public void setLevelHigh() { Auth.SessionManagement.setSessionLevel(Auth.SessionLevel.HIGH_ASSURANCE); } public void setLevelStandard() { Auth.SessionManagement.setSessionLevel(Auth.SessionLevel.STANDARD); } }
public static Boolean validateTotpTokenForKey(String sharedKey, String totpCode)
Type: Boolean
public static Boolean validateTotpTokenForKey(String totpSharedKey, String totpCode, String description)
Type: Boolean
public static Boolean validateTotpTokenForUser(String totpCode)
Type: Boolean
public static Boolean validateTotpTokenForUser(String totpCode, String description)
Type: Boolean