Difference between Email and Username in SalesForce

In SalesForce, when you are creating a user, you have likely noticed that there are two fields: User Name and Email that most people always enter the same thing in both.

However, do you know why there are two different fields for what seems to be the same thing?  Well, here is the answer!

In the Email field, you can specify the email address that any system notifications should go to.  This means, anything triggered by Workflow Rules, Email Templates, etc.

In the User Name field, you can specify the "user name" that users use when logging in at http://login.salesforce.com

So, why would you ever have different addresses in each?  Well, for example, if you have a user who has left the organization and you need someone else to get their notifications, you could change that (original) user's email address field to the new employee.  Or, if you already have a SalesForce logon with a said email address, but want to have another SalesForce logon, you could use the same email address for both but a different user name for each.

The Uses of Validation Rules

A feature of SalesForce that is well developed, but not always used extensively by customers, is Validation Rules!

Validation Rules, at their simplest, allow you to enforce data quality rules.  That means that you can ensure that certain fields are filled out (when another field is filled out) or the format of the data is in the format you want.  Here are some samples of how you could use Validation Rules:

• Disable Users with certain profiles from editing a record when certain values are chosen on a record.
• Force Users to enter a value in a field when a certain field is populated.  This is different then making a field a required field in the page layout since you can choose with a validation rule, to only have the field required if a different field is chosen.
• Force Users to enter data in pre-defined formats
• Force Users to enter data of a certain length
• Force Dates entered to be in the future, or in the past specifically

There is a whole number of things you can do with Validation Rules!  You can learn more about Validation Rules from the SalesForce Help Documentation

Ways To Keep Your SalesForce Instance Secure

Many organizations/company's have a set it and forget it mentality when it comes to security in systems.  They often set the security permissions based on the functionality available in a system at the time (of implementation) and then forget it!

Well, as we all know, that isn't a good practice as new ways to "hack" are always evolving.  

So, I thought it was a good time to review some of the ways you can keep your SalesForce Instance secure.   They include:

• Password Policies (located under Setup>Security Controls>Password Policies) - within this section you can set how long a user's password works for before it should be changed.  For example you could force a password change every 30 days.  This is useful to ensure user's are constantly updating their passwords, and by proxy, ensuring that old computer's they may have used don't continue to have login access
• Session Settings (located under Setup>Security Controls>Session Settings) - within this section you can set how long a user's logon works for after logging in.  For example, should they have to re-login every 2 hours to prove they are still using SalesForce
• Network Access (located under Setup>Security Controls>Network) - within this section you can specify if only certain IP address ranges can login.  For example, you could make it so that only logins from the Office IP addresses work and not one from a user's home.

There is many other ways you can improve your security, but many of them start simply with user education.  Educating the user's why they shouldn't write down their passwords, why they should log off, and why they should be careful what links they click on in emails are some of the most basic, and important steps you can take.