Multi-Factor Authentication in Salesforce

10 min read

In today’s reality, it is very important to care about security as we have a lot of online activities and accounts on different sites where we store important information like addresses, phone numbers, debit/credit card details, etc.

We try to protect our data by coming up with complex passwords and changing them often. Salesforce isn’t an exception and strives to protect users from credential stuffing or account takeovers. And this is where multi-factor authentication comes into play.

What is Multi-factor authentication?

Multi-factor authentication (MFA) is a powerful secure authentication method that has two steps (or factors) to prove users’ identities when they attempt to log in. The first factor is information known to users, like username and password. The second is a verification method that the user has in their possession, like an authenticator app or a security key. So multi-factor authorisation makes it a lot harder for fraudsters to get access to your Salesforce data.

Types of Multi-factor authentication in Salesforce

Salesforce has several very convenient and innovative solutions for MFA: 

Salesforce Authenticator mobile app

When someone tries to log in to your account, you get a notification on the phone with the details of the activity, such as location, device, user, and service.

If everything looks good and you have no worries – tap the Approve button. If you don’t recognise this activity – tap the Deny button and the login attempt will be blocked.

Salesforce Authenticator mobile app

Third-party time-based one-time passcode (TOTP) authenticator apps.

These apps generate random, temporary verification codes based on the appropriate algorithm. The user gets this code on the phone or email and then they need to type it into a specific field while logging in.

Third-party time-based one-time passcode (TOTP) authenticator apps.

Universal Second Factor (U2F) security key.

Instead of entering one-time passwords or using the Salesforce Authenticator app, users can insert their U2F security key into the appropriate port on their computer (usually their USB port)  to complete verification.

How to enable MFA in Salesforce

  • Navigate to Setup -> Session Settings -> add the Multi-factor Authentication to the right column -> click Save.
How to enable MFA in Salesforce
  • Go to Setup -> Permission Sets -> click New -> enter the Permission Set name -> click Save.
  • Find System Permissions in the System section -> click Edit -> enable the “Multi-Factor Authentication for User Interface Logins” checkbox -> click Save.
Multi-Factor Authentication for User Interface Logins” checkbox
  • Assign the Permission set to the appropriate users.

Check the infographic below for visual step-by-step instructions on how to enable MFA in Salesforce.

Once you have Salesforce MFA, your users’ data will be protected and even if the login credentials are stolen, fraudsters still won’t be able to log in because of the additional protection level.

Follow us on social media for more useful information about Salesforce and Experience Cloud.

Rate the article

4.8 / 5. 5