The following are methods for SessionManagement. All methods are static. Use these methods to customize your two-factor authentication implementation and manage the use of time-based one-time password (TOTP) apps like Google Authenticator with a Salesforce organization. Or, use them to validate a user’s incoming IP address against trusted IP range settings for an organization or profile.
public static Map<String, String> getCurrentSession()
The following example shows the name-value pairs in a map returned by getCurrentSession(). Note that UsersId includes an “s” in the name to match the name of the corresponding field in the AuthSession object.
{ SessionId=0Ak###############, UserType=Standard, ParentId=0Ak###############, NumSecondsValid=7200, LoginType=SAML Idp Initiated SSO, LoginDomain=null, LoginHistoryId=0Ya###############, Username=user@domain.com, CreatedDate=Wed Jul 30 19:09:29 GMT 2014, SessionType=Visualforce, LastModifiedDate=Wed Jul 30 19:09:16 GMT 2014, LogoutUrl=https://google.com, SessionSecurityLevel=STANDARD, UsersId=005###############, SourceIp=1.1.1.1 }
public static Map<String, String> getQrCode()
The secret is a base32-encoded string of a 20-byte shared key.
The following is an example of how to request the QR code.
public String getGetQRCode() { return getQRCode(); } public String getQRCode() { Map<String, String> codeResult = Auth.SessionManagement.getQrCode(); String result = 'URL: '+codeResult.get('qrCodeUrl') + ' SECRET: ' + codeResult.get('secret'); return result; }
The following is an example of a returned map.
{qrCodeUrl=https://www.salesforce.com/secur/qrCode?w=200&h=200&t=tf&u=user%0000000000.com&s=AAAAA7B5BBBB5AAAAAAA66BBBB,
secret=AAAAA7B5AAAAAA5BBBBBBBBB66AAA}
public static Boolean inOrgNetworkRange(String ipAddress)
Type: Boolean
Trusted IP Range Exists? | User is in the Trusted IP Range? | Return Value |
---|---|---|
Yes | Yes | true |
Yes | No | false |
No | N/A | false |
public static Boolean isIpAllowedForProfile(String profileId, String ipAddress)
Type: Boolean
Trusted IP Range Exists? | User is in the Trusted IP Range? | Return Value |
---|---|---|
Yes | Yes | true |
Yes | No | false |
No | N/A | true |
public static Void setSessionLevel(Auth.SessionLevel level)
Type: Void
The following is an example class for setting the session level.
public class RaiseSessionLevel{ public void setLevelHigh() { Auth.SessionManagement.setSessionLevel(Auth.SessionLevel.HIGH_ASSURANCE); } public void setLevelStandard() { Auth.SessionManagement.setSessionLevel(Auth.SessionLevel.STANDARD); } }
public static Boolean validateTotpTokenForKey(String sharedKey, String totpCode)
Type: Boolean
public static Boolean validateTotpTokenForUser(String totpCode)
Type: Boolean