Multi-Factor Authentication in Salesforce

In today’s reality, it is very important to care about security as we have a lot of online activities and accounts on different sites where we store important information like addresses, phone numbers, debit/credit card details, etc.

We try to protect our data by coming up with complex passwords and changing them often. Salesforce isn’t an exception and strives to protect users from credential stuffing or account takeovers. And this is where multi-factor authentication comes into play.

What is Multi-factor authentication?

Multi-factor authentication (MFA) is a powerful secure authentication method that has two steps (or factors) to prove users’ identities when they attempt to log in. The first factor is information known to users, like username and password. The second is a verification method that the user has in their possession, like an authenticator app or a security key. So multi-factor authorisation makes it a lot harder for fraudsters to get access to your Salesforce data.

The Future of User Management in Salesforce: Switching From a Profile-Based Access Approach to Permission Sets

Salesforce has recently announced a significant change to the data access and user permission management, bringing a new era of user management in Salesforce. The company has reported the end-of-life (EOL) of permissions on profiles, which will take effect in the Spring ’26 release.

Types of Multi-factor authentication in Salesforce

Salesforce has several very convenient and innovative solutions for MFA: 

Salesforce Authenticator mobile app

When someone tries to log in to your account, you get a notification on the phone with the details of the activity, such as location, device, user, and service.

If everything looks good and you have no worries – tap the Approve button. If you don’t recognise this activity – tap the Deny button and the login attempt will be blocked.

Third-party time-based one-time passcode (TOTP) authenticator apps.

These apps generate random, temporary verification codes based on the appropriate algorithm. The user gets this code on the phone or email and then they need to type it into a specific field while logging in.

Universal Second Factor (U2F) security key.

Instead of entering one-time passwords or using the Salesforce Authenticator app, users can insert their U2F security key into the appropriate port on their computer (usually their USB port)  to complete verification.

Data Access and User Permission Management in Experience Cloud Sites

As organizations continue to adopt Salesforce's Experience Cloud, it becomes increasingly important to understand the various tools and techniques available for managing user permissions and data access within the platform. In this article, we will explore the concepts of permission sets and profiles, and provide you with best practices for securing your site and managing data access.

How to enable MFA in Salesforce

• Navigate to Setup -> Session Settings -> add the Multi-factor Authentication to the right column -> click Save.

• Go to Setup -> Permission Sets -> click New -> enter the Permission Set name -> click Save.
• Find System Permissions in the System section -> click Edit -> enable the “Multi-Factor Authentication for User Interface Logins” checkbox -> click Save.

• Assign the Permission set to the appropriate users.

Check the infographic below for visual step-by-step instructions on how to enable MFA in Salesforce.

Once you have Salesforce MFA, your users’ data will be protected and even if the login credentials are stolen, fraudsters still won’t be able to log in because of the additional protection level.

Follow us on social media for more useful information about Salesforce and Experience Cloud.

Subscribe to our Newsletter

Receive regular updates on our latest blog posts, news, and exclusive content!

Subscribe