Quick tip: Use a Transaction Security Policy on the LoginAs event to block or restrict the “Login As” feature for specific users (for example integration or deployment accounts). Make sure to use the 15-digit User Id in the policy condition.
This post explains how to enforce restrictions on the Login As feature using Salesforce Transaction Security (LoginAs event). This is useful when you want to prevent administrators from impersonating a specific account (like integration or deployment users) or to centrally block risky accounts from being impersonated.
What is the LoginAs transaction event?
The LoginAs event is a Transaction Security event type that fires when a user attempts to use the “Login As” functionality. You can create a Transaction Security Policy that evaluates conditions on this event and either notify, block, or take other actions.
How to block Login As for a specific user (overview)
At a high level:
- Create a Transaction Security Policy in Setup → Transaction Security.
- Choose the LoginAs event type as the trigger.
- Set a condition that checks the Target (or user) Id equals the 15-digit User Id you want to block.
- Choose the action: Block (to prevent Login As) and optionally Notify admins.
Important detail
Use the 15-digit Salesforce User Id in the condition (not the 18-digit Id or username). Example condition: Target.Id == "005xxxxxxxxxxxx".
Best practices and considerations
- Test the policy in a sandbox before enabling in production to ensure you don’t accidentally block legitimate support/admin tasks.
- Combine conditions (for example check both Target.Id and the actor’s profile or IP range) to reduce false positives.
- Keep an audit — enable notifications so a team is alerted when the policy blocks an attempt.
Why this matters: preventing the ability to use Login As on sensitive integration or deployment users reduces the risk of accidental or malicious actions performed while impersonating those accounts. It’s a simple control that strengthens your org’s security posture and auditability.
For Salesforce admins and developers, this approach gives a low-code, configurable way to enforce policy without needing custom code or manual processes.