[SalesForce] How to set another user’s security token as an admin

I am trying to set the security token of an API user (with insufficient privileges to do just about anything in the GUI, including enter the "Personal Information" section where users typically reset their own security token). Furthermore, their security token appears to have never been set in the past (as reset password emails do not contain the security token).

SSO is not enabled for the org and IP Restrictions are not enabled for the Profile.

Given that I have admin access, how do I enable the security token for another user's profile?

Best Answer

You cannot reset the token directly, as the administrator. However, administrators have ways to make this happen. As an administrator, you could:

  • Reset the user's password, and have them log in; they'll be emailed a new token after setting their password.
  • Get the user's password, and login as them.
  • Call setPassword on the user, thus giving you the ability to log in as them and then reset their password.
  • Change the user's email to your own, reset the password, login, and you'll have a new token (a token is issued when a permanent password is set).
  • Use the login access granted by the user to reset their security token.
  • Administrators with organizations that have "Administrators can log in to any user" can also use login access to reset the token.

Note that in all cases, it will be sent to the email address on file; there's no way to show the token in the UI. In most cases, the administrator has to destroy the user's password as part of the reset process. Only by logging in as the user legitimately (either login access or with the user's password) can they avoid destroying the existing password.

Related Topic