Over the past few weeks, I’ve received a number of emails from salesforce with the following text.
“We are writing to inform you that we have identified … what appears to be the re-use of OAuth tokens within your organization. This activity specifically involved an anonymizing proxy.”
“To remediate this potential security issue, we froze the user {UserId}, revoked all access tokens previously granted to that user, and forced that user to reset their password.”
This seems to happen when I use a VPN to connect to a client’s Salesforce instance. It seems to occur more frequently when I’m applying a data fix.
However in some cases, I’ve been locked out of my own personal Salesforce instances.
While I commend Salesforce for taking security seriously, this seems draconian. It’s one thing to force a user to reset their password, and it’s another to freeze the user.
In the latter case, if I’m the only system admin, then I’m locked out, and the instance becomes orphaned.
The takeaway
1. Always have at least two system administrators in your instance
2. Don’t use a VPN when connecting to Salesforce