1. Simpplr
  2. Getting Started with Simpplr
  3. Configuration

Salesforce SSO Device Activation for Simpplr Classic

Avatar
Hari Mahendra
Follow

Overview

Salesforce is rolling out a security enhancement called Device Activation for certain Single Sign-On (SSO) logins. This change may affect Simpplr customers who are still using Salesforce Classic. 

Device Activation adds an extra verification step when a user signs in from a new or unrecognized device, browser, or location. This is part of Salesforce’s ongoing efforts to improve account security.

This article explains:

  • Who is impacted
  • What users may experience
  • What actions customers should take to avoid disruption

Who is impacted?

You may be impacted if all of the following apply:

  • You are using Simpplr Classic on Salesforce
  • Your Salesforce org uses Single Sign-On (SSO) 
  • You are using any of these IDP:
    • OpenID Connect (OIDC) 
    • Google (OIDC)
    • Apple (OIDC)
    • Salesforce (OIDC)
    • Slack (OIDC)
    • Mulesoft (OIDC)
  • Users do not already have strong authentication (such as MFA) consistently enforced

If all of the above are true for you, these changes come into effect on Jan 20, 2026

If you are using any other Identity Providers (e.g.: SAML, Microsoft, LinkedIn, Facebook, Github, Instagram, Janrain, Twitter), the date is yet to be announced.

Note:

This report includes both migrated and non-migrated Simpplr Classic customers.

What users may experience

After this change:

  • Users logging in from a new device, browser, or location may be asked to verify their identity
  • Verification usually involves:
    • Entering a one-time code sent to their email, or
    • Approving the login via an authenticator app
  • Once a device is verified, users typically won’t be prompted again for that device

This does not block access permanently, but it may introduce an extra step during login.

Why Salesforce is making this change

This update improves protection against:

  • Account takeovers
  • Phishing attacks
  • Unauthorized access from unfamiliar devices

It aligns Salesforce Classic with modern security standards already applied in other Salesforce environments.

Recommended actions for customers

To minimize user impact and ensure a smooth experience, we recommend the following:

1. Enable or enforce Multi-Factor Authentication (MFA)

  • MFA significantly reduces device activation prompts
  • It provides a consistent, secure login experience across devices

2. Review trusted IP ranges

  • Ensure your Salesforce org’s trusted IP ranges are accurate and up to date
  • Well-defined IP ranges reduce unnecessary verification prompts

3. Confirm user email accuracy

  • Device activation often relies on email verification
  • Make sure all Salesforce user email addresses are valid and accessible

4. Communicate with end users

  • Inform users that they may see a new verification step when logging in
  • Reassure them this is expected and improves security

Frequently Asked Questions

Will users lose access to Simpplr?

No. Users will still be able to log in, but may be asked to verify new devices.

Do users need to activate devices every time?

No. Once a device is verified, it is typically trusted for future logins.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more