The following are methods for SessionManagement. All methods are static. Use these methods to customize your two-factor authentication implementation and manage the use of time-based one-time password (TOTP) apps like Google Authenticator with a Salesforce organization. Or, use them to validate a user’s incoming IP address against trusted IP range settings for an organization or profile.
public static String generateVerificationUrl(Auth.VerificationPolicy policy, String description, String destinationUrl)
public static Map<String, String> getCurrentSession()
The following example shows the name-value pairs in a map returned by getCurrentSession(). Note that UsersId includes an “s” in the name to match the name of the corresponding field in the AuthSession object.
{ SessionId=0Ak###############, UserType=Standard, ParentId=0Ak###############, NumSecondsValid=7200, LoginType=SAML Idp Initiated SSO, LoginDomain=null, LoginHistoryId=0Ya###############, Username=user@domain.com, CreatedDate=Wed Jul 30 19:09:29 GMT 2014, SessionType=Visualforce, LastModifiedDate=Wed Jul 30 19:09:16 GMT 2014, LogoutUrl=https://google.com, SessionSecurityLevel=STANDARD, UsersId=005###############, SourceIp=1.1.1.1 }
public static Auth.SessionLevel getRequiredSessionLevelForProfile(String profileId)
The 15-character profile ID.
Type: Auth.SessionLevel
The session security level required at login for the profile with the ID profileId. You can customize the assignment of each level in Session Settings. For example, you can set the High Assurance level to apply only to users who authenticated with two-factor authentication or through a specific identity provider.
public static Map<String, String> getQrCode()
The secret is a base32-encoded string of a 20-byte shared key.
The following is an example of how to request the QR code.
public String getGetQRCode() { return getQRCode(); } public String getQRCode() { Map<String, String> codeResult = Auth.SessionManagement.getQrCode(); String result = 'URL: '+codeResult.get('qrCodeUrl') + ' SECRET: ' + codeResult.get('secret'); return result; }
The following is an example of a returned map.
{qrCodeUrl=https://www.salesforce.com/secur/qrCode?w=200&h=200&t=tf&u=user%0000000000.com&s=AAAAA7B5BBBB5AAAAAAA66BBBB,
secret=AAAAA7B5AAAAAA5BBBBBBBBB66AAA}
public static Boolean inOrgNetworkRange(String ipAddress)
Type: Boolean
Trusted IP Range Exists? | User is in the Trusted IP Range? | Return Value |
---|---|---|
Yes | Yes | true |
Yes | No | false |
No | N/A | false |
public static Boolean isIpAllowedForProfile(String profileId, String ipAddress)
Type: Boolean
Trusted IP Range Exists? | User is in the Trusted IP Range? | Return Value |
---|---|---|
Yes | Yes | true |
Yes | No | false |
No | N/A | true |
public static Void setSessionLevel(Auth.SessionLevel level)
Type: Void
The following is an example class for setting the session level.
public class RaiseSessionLevel{ public void setLevelHigh() { Auth.SessionManagement.setSessionLevel(Auth.SessionLevel.HIGH_ASSURANCE); } public void setLevelStandard() { Auth.SessionManagement.setSessionLevel(Auth.SessionLevel.STANDARD); } }
public static Boolean validateTotpTokenForKey(String sharedKey, String totpCode)
Type: Boolean
public static Boolean validateTotpTokenForKey(String totpSharedKey, String totpCode, String description)
Type: Boolean
public static Boolean validateTotpTokenForUser(String totpCode)
Type: Boolean
public static Boolean validateTotpTokenForUser(String totpCode, String description)
Type: Boolean