Summer '17 Sandbox: Connected App Enforce IP restrictions but relax refresh tokens automatically defaulted from Relax IP restrictions policies
Mobile , Data Loader , Outlook
Last updated 2018-03-23 ·Reference W-3959211 ·Reported By 2 users
Summary
During the initial releases of Summer '17 to sandboxes, Support has became aware of a flaw in a new Authentication policy update around Enforce IP Restrictions. Customers have noticed that when this policy update was pushed, many of their existing Connected Apps switched policies to reflect ' Enforce IP restrictions but relax refresh tokens '.
NOTE: This currently only affects sandbox instances and some customers using Salesforce1 or other Connected Apps have noticed the policy change which would affect login behavior.
The fix, which is planned to be live when R1 goes live in production instances as part of Summer '17 (safe harbor), will ONLY update Connected Apps policies which need to ENFORCE IP restrictions.
We certainly apologize for this oversight. In the meantime, Admins are certainly able to edit the Connected App policy back to the intended selection:
- Relax IP restrictions with second factor
or
- Relax IP restrictions
Repro
After recent Connected Apps policy update, customers may have noticed unexpected failed logins for Connected Apps such as Salesforce1 due to IP restrictions being automatically enabled.
Workaround
Admins are able to manually edit the Connected App policy back to the intended selection:
- Relax IP restrictions with second factor
or
- Relax IP restrictions
Reported By (2)
Is it Fixed?
Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.