ADM-201 Setting Up and Managing Users

Setting Up and Managing Users Detailed Explanation

User management is a critical task for Salesforce administrators, as it ensures users have the appropriate access and permissions to perform their jobs effectively while maintaining the security and integrity of the system.

3.1 User Setup

Why is User Setup Important?

Before a user can log in to Salesforce and start working, their account needs to be created, configured, and assigned the appropriate licenses and roles.

Key Steps to Create Users

Step 1: Navigate to User Setup

1. Go to Setup.
2. In the Quick Find box, search for Users.
3. Select Users under the Users section.

Step 2: Create a New User

• Click the New User button to start the process.

Fields to Complete:

1. Username:
   • Must be unique across all Salesforce organizations.
   • Follows an email format but doesn’t have to be a working email (e.g., [email protected]).
2. Email:
   • Enter the user's valid email address for communication and notifications.
3. Alias:
   • A short identifier for the user, typically their initials (e.g., "JD").
4. Role:
   • Assign a role to determine data visibility. For example:
     • A Sales Rep can only view and edit their own opportunities.
     • A Sales Manager can view and edit opportunities for the entire team.
5. License:
   • Choose a Salesforce license based on the user’s job needs. Common options include:
     • Salesforce: Full access to standard Salesforce functionality.
     • Salesforce Platform: Limited to custom apps and objects.
6. Profile:
   • Assign a profile to define what objects and features the user can access (e.g., System Administrator, Standard User).

Step 3: Save the User Record

• Once you’ve completed the fields, click Save. The user will receive an activation email to set their password.

Practical Example

• User Name: John Doe
• Email: [email protected]
• Role: Sales Manager
• License: Salesforce
• Profile: Standard User

John will receive an email to activate his account and set up his password. Once activated, he can log in and access the Sales Cloud features.

3.2 User Maintenance

Why is User Maintenance Important?

As users’ roles change or they leave the organization, their accounts must be managed to ensure security and continuity of data ownership.

Key Maintenance Tasks

1. Reset Passwords

• When to Use:
  • If a user forgets their password or is locked out after multiple failed login attempts.
• How to Reset a Password:
  1. Navigate to the Users page in Setup.
  2. Find the user in the list and click Reset Password.
  3. The user will receive an email with a link to reset their password.

2. Freezing Users

• When to Use:
  • Temporarily disable a user’s login without reassigning their records or affecting their data.
• How to Freeze a User:
  1. Go to the user’s record in Setup > Users.
  2. Click Freeze next to their name.
  • This prevents them from logging in but keeps their records intact.

3. Deactivating Users

• When to Use:
  • When a user permanently leaves the organization.
• How to Deactivate a User:
  1. Navigate to the user’s record in Setup > Users.
  2. Uncheck the Active checkbox.
  3. Reassign their records to another active user before saving.
  • Important Note: A user’s license is freed up upon deactivation and can be reassigned.

Practical Scenarios

1. Password Reset: Jane forgets her password. The admin resets it, and she receives an email to create a new one.
2. Freezing a User: John is on extended leave, so the admin freezes his account temporarily.
3. Deactivating a User: Maria leaves the company. The admin deactivates her account and transfers her records to her team lead.

3.3 Permission Management

Why is Permission Management Important?

Permissions ensure users have the appropriate level of access to Salesforce data and features, minimizing errors and protecting sensitive information.

Profiles

What are Profiles?

• Profiles control a user’s access to objects, fields, and specific system features.
• Every user must be assigned a profile.

Key Elements of Profiles

1. Object Permissions:
   • Define access to objects like Accounts, Contacts, or Opportunities.
   • Example:
     • Sales Managers: Full Create, Read, Update, and Delete (CRUD) access.
     • Sales Reps: Only Read and Edit permissions.
2. Field-Level Security:
   • Control visibility of specific fields on an object.
   • Example:
     • Hide the "Salary" field from users without HR access.
3. System Permissions:
   • Grant or restrict access to system functions like managing reports or creating dashboards.

Example Profile Use Case

• Profile: Sales User
  • Can view and edit their own opportunities.
  • Cannot access HR-related objects or fields.

Permission Sets

What are Permission Sets?

• Permission sets provide additional permissions to users without altering their profiles.
• Useful for granting temporary or specialized access.

Key Features of Permission Sets

1. Flexibility:
   • A user can have one profile but multiple permission sets.
2. Granularity:
   • Add permissions for specific tasks or objects.

Example Permission Set Use Case

• A Sales Rep needs temporary access to edit Cases for a customer support project.
  • Instead of creating a new profile, the admin assigns a permission set with Case edit permissions.

How Profiles and Permission Sets Work Together

• Profiles define baseline permissions for a group of users.
• Permission Sets provide additional or temporary access on top of the profile.

Step-by-Step Summary

1. Create Users:
   • Use the New User form to define their username, email, role, license, and profile.
2. Maintain Users:
   • Reset passwords, freeze accounts temporarily, or deactivate users as needed.
3. Manage Permissions:
   • Use Profiles for broad access control and Permission Sets for specific additional permissions.

Practical Tips for Beginners

• Best Practice for Roles and Profiles: Use roles for data visibility and profiles for feature access.
• Test Permissions: Always test a user’s permissions in a sandbox environment to ensure they only have the required access.
• Document Changes: Keep a record of changes to user accounts or permissions for audit purposes.

Setting Up and Managing Users (Additional Content)

1. Role Hierarchy (Controlling Data Access Through Roles)

Why is it important?

• Roles determine which records a user can access, while Profiles define what actions a user can perform (e.g., Read, Edit, Delete).
• The Role Hierarchy is used for data sharing, allowing users higher in the hierarchy to access records owned by users below them.
• Role Hierarchy does not grant additional permissions—it only affects record visibility.

Example of a Role Hierarchy

Role	Data Access
CEO	Can see all company data
Sales Director	Can see data for the entire Sales Department
Sales Manager	Can see data for their assigned Sales Team
Sales Representative	Can only see the data they own

How to Configure the Role Hierarchy

1. Navigate to Setup → Search for Roles.
2. Click Set Up Roles to define the hierarchy structure.
3. Assign users to appropriate roles based on their position in the organization.
4. Remember:

• Users higher in the hierarchy automatically gain access to the records of users below them.
• Users at the same level or in different branches of the hierarchy cannot see each other’s records unless explicitly shared.

Example Scenario

• A Sales Representative creates a new Opportunity.
  • Their Sales Manager can see the Opportunity, as they are higher in the Role Hierarchy.
  • Another Sales Representative in a different team cannot see the Opportunity.

2. Delegated Administration (Allowing Limited Admin Rights to Non-Admins)

Why is it important?

• A System Administrator may not be able to manage all users, so Delegated Administrators can be assigned to manage specific users, groups, and objects.
• This allows companies to distribute administrative responsibilities without granting full admin access.

What Can a Delegated Administrator Do?

Manage specific users (create, update, reset passwords).
Assign specific roles and profiles to users.
Manage some standard and custom objects (but cannot modify security settings).
Cannot access Setup or change system-wide security settings.

How to Configure Delegated Administration

1. Navigate to Setup → Search for Delegated Administration.
2. Click New Delegated Group.
3. Assign:

• Users who act as Delegated Admins.
• User groups they can manage.
• Objects they can modify.

4. Save the configuration.

Example Scenario

• The IT Support Team is assigned as a Delegated Administrator.
  • They can reset passwords for users but cannot modify security settings.
  • They can manage standard and custom objects, such as updating user profiles.
  • They cannot access critical admin functionalities such as creating new profiles.

3. Login History (Tracking User Logins for Security Monitoring)

Why is it important?

• Login History helps administrators track user login activity and detect potential security threats, such as:
  • Multiple failed login attempts.
  • Unusual login locations or IP addresses.
  • Unauthorized access attempts.

How to View Login History

1. Navigate to Setup → Search for Login History.
2. Filter records by:

• Username (to track specific users).
• IP Address (to check for unusual locations).
• Login Status (Success/Failure).
• Login Method (MFA, Single Sign-On, Standard Password).

3. Identify suspicious activity and take necessary actions:

• Freeze the user account if suspicious logins are detected.
• Force a password reset for compromised accounts.

Example Scenario

• A user fails to log in five times in a row.
  • The administrator temporarily locks the account and sends a password reset request.
  • The admin reviews the IP address and login time to check if it's an attempted security breach.

4. Two-Factor Authentication (Enhancing Security with Multi-Factor Authentication - MFA)

Why is it important?

• MFA (Multi-Factor Authentication) enhances security by requiring two forms of verification before allowing a user to log in.
• Many organizations enforce MFA to protect against unauthorized access and phishing attacks.

How to Enable Two-Factor Authentication in Salesforce

1. Navigate to Setup → Search for Session Settings.
2. Enable Multi-Factor Authentication for specific users or all users.
3. Users must verify their identity using one of the following methods:

• Salesforce Authenticator App (recommended).
• SMS Verification Codes.
• Third-party authentication apps (e.g., Google Authenticator, Microsoft Authenticator).

Example Scenario

• A Salesforce Administrator logs in to the system.
  • After entering their username and password, they receive a push notification on their mobile phone.
  • They must approve the login request before gaining access.

Final Summary

Feature	Description	Best Use Cases
Role Hierarchy	Controls data visibility by defining reporting structures	Ensures managers can access their team’s records
Delegated Administration	Allows limited admin privileges to designated users	IT Support managing user accounts without full admin access
Login History	Tracks login activity and failed login attempts	Identifies security threats and unauthorized access
Two-Factor Authentication	Adds an extra layer of security for user logins	Prevents account compromise through MFA