At what level is session security defined in Salesforce?

Session security in Salesforce is defined at the Org-wide Level. This means that the security settings for sessions apply comprehensively across the entire organization rather than being individualized per user or specific to certain applications. By setting session security at the organizational level, Salesforce ensures a consistent approach to security standards and policies, which helps in maintaining the integrity and safety of the entire system.

In an organization utilizing Salesforce, administrators can configure session settings such as timeout periods, session length, and IP restrictions that affect all users uniformly. This approach allows for easier management of security at scale, as any changes made to session security settings apply to all users across the organization.

The other options focus on varying scopes of security, like user-specific or application-specific settings, which would not capture the comprehensive nature of how session security is handled in Salesforce.