Salesforce is strengthening its secure-by-default architecture by enforcing a mandatory, time-based step-up authentication framework. This security control is intended to provide additional protection against unauthorized data exfiltration.
The specific feature is called Step-Up Authentication for Reports. It requires users to complete an additional identity-verification challenge when exporting or printing reports if a configurable amount of time has passed since their last successful step-up challenge.
What Is Affected?
This change may affect Nintex DocGen for Salesforce customers who use Salesforce Reports as part of their document-generation processes.
Without the necessary updates or a temporary extension, report-based DocGen processes may be interrupted when Salesforce begins enforcing the step-up authentication requirement.
This change may also affect other processes or integrations that use Salesforce Reports, report exports, or report-printing actions within your Salesforce org.
The Nintex Documents team is actively working to ensure continued support for customers using Salesforce Reports with DocGen. We plan to release an updated version of the Nintex Salesforce Managed Package in the near future and will share additional information when it becomes available.
Salesforce Enforcement Timeline
Salesforce began enforcing this requirement in sandbox environments on June 17, 2026, with the rollout occurring over approximately seven days.
Enforcement in production environments began on July 1, 2026, with a phased rollout over approximately 30 days.
This is not a new Salesforce feature. Rather, Salesforce is beginning to enforce an existing security control.
Salesforce has published guidance to help customers prepare for the upcoming change:
Prepare for the Upcoming Step-Up Authentication Requirements on Report Actions
Recommendations for Nintex DocGen Customers
1. Review Salesforce’s preparation guidance
Customers who use Salesforce Reports should review the Salesforce preparation guide linked above.
Because this change may affect more than Nintex DocGen, customers should also assess how Salesforce Reports, report exports, and report-printing actions are used throughout their Salesforce org.
2. Request an enforcement extension
To give customers additional time to prepare and help prevent disruption to their business processes, Salesforce is approving temporary extensions that exempt eligible orgs from enforcement through October 1, 2026.
Nintex DocGen customers who use Salesforce Reports should open a case with Salesforce Support as soon as possible.
When submitting the case:
- Include the affected Salesforce Org ID.
- Explain that the org uses Salesforce Reports with Nintex DocGen.
- Request an extension for Step-Up Authentication for Reports through October 1, 2026.
3. Update the Session Security Level Policy
After Salesforce confirms that the extension has been applied:
- Log in to the affected Salesforce org.
- Go to Salesforce Setup.
- Search for and select Identity Verification from the sidebar.
- Locate Session Security Level Policies.
- Set Reports and Dashboards to None.
If this option is unavailable or disabled, contact Salesforce Support and confirm that the extension was applied to the correct Salesforce Org ID.
Questions?
Reach out to our Support team for assistance.
