Salesforce has recently implemented the Health Check feature that allows you to more easily manage your Salesforce security settings. The new feature includes recommendations for whether or not to enable certain Salesforce security controls. One of these settings they recommend enabling is:
“Lock sessions to the IP address from which they originated”
Salesforce has labeled this “Medium-Risk” or “High-Risk” for most orgs. We disagree with this assessment. If you enable this, users will not be able to log into Salesforce via Cirrus Insight and potentially other third party apps. The reason is that we employ load balancing to increase performance and stability of our app. Load balancing is industry standard and completely safe. As a result of load balancing, multiple IPs are used during a user’s session. Hence, a user will be signed out immediately upon signing in and will be unable to use Cirrus Insight.
We are raising the issue with Salesforce to get this resolved and lower the recommendation. We employ rigorous data protection standards and have passed security reviews from Salesforce, Google, and multiple Fortune 500 companies. You can review our privacy and security policies at cirrusinsight.com/trust. If you have any questions about this, please contact your account representative, success manager, or firstname.lastname@example.org.