Starting February, 2023, Salesforce will require all customers to use MFA to access Salesforce products.
As the security landscape evolves and threats that compromise user credentials grow more common, it’s important to implement strong security measures to protect your business and customers. Thankfully, Salesforce can provide an extra layer of security for your login process that requires users to confirm that they are who they say they are before logging in. This is called Multi-Factor Authentication (MFA), one of the easiest, most effective ways to help prevent unauthorised account access and safeguard your Salesforce data.
MFA doesn’t auto enable for the below license types and environments
- External users, Community licenses, External Identity licenses, and Employee Community licenses (i.e. Experience Cloud sites, e-commerce sites, help portals, employee communities)
- Chatter External and Chatter Free users
- Automated Testing and RPA Account Logins to the UI
- API / Integration Logins
- Scratch orgs
- Trailhead Playgrounds
MFA requires each user to sign-in via their preferred authentication method on a single device – this means that users cannot share log-ins, and will need access to their specified authentication device.
How does MFA Work?
MFA is a strong authentication method that requires users to provide two or more factors to prove their identity before they can login. One factor is something the user knows, such as a username and password combination. Other factors are verification methods that the user has, like an authenticator app or security key.
Salesforce MFA supports many kinds of verification methods, including the Salesforce Authenticator app, time-based one-time passwords (TOTP), Google or Microsoft Authenticators, and Security Keys. Salesforce MFA does not support email verification codes, phone calls, or SMS Text messages as verification methods.
Once MFA is enabled, users login with their username and password combination, then confirm their identity with a supported verification method of their choice. Whilst login may take users a few extra seconds with MFA, the additional verification step pays invaluable dividends by protecting your business and ensuring your customers’ trust.
How do I setup MFA?
There are plenty of resources provided by Salesforce to help you rollout MFA on your Salesforce platform, including a Multi-Factor Authentication Assistant, detailed documentation, and Trailheads. The main activities that should be included in a standard MFA rollout are outlined below.
- Learn why MFA is strongly recommended for enhanced login security, what your options are, and how your company benefits.
- Evaluate your business and user requirements and align them with the MFA options for your Salesforce products to start defining your implementation strategy.
- Plan your MFA implementation, including rollout, change management, and support strategies, so that you’re ready to hit the ground running.
- Prepare users for the MFA rollout by putting your change management strategy into action.
- Implement MFA by kicking off your implementation and test plan, including establishing your MFA support processes and team.
- Launch MFA to users on your scheduled go-live date.
- Measure the effectiveness of your MFA rollout through user feedback and metrics.
- Support users with ongoing, day-to-day operations.
- Optimise your MFA implementation and your overall security procedure.
If you want to speak to us about Multi-Factor Authentication or would like some assistance with your MFA rollout, we are more than happy to help you.
Please reach out to us directly at firstname.lastname@example.org if you have any queries, or fill out the form below and we’ll respond to you as soon as we can.