Ensuring your Salesforce org is secure and keeping up with the ever-evolving security landscape can be a challenging balancing act. To protect customer data, Salesforce recommends setting up Multi-Factor Authentication, MFA for short, for all users logging into Salesforce through the user interface.
Forward-looking statement: Salesforce will begin requiring customers to enable MFA beginning February 1, 2022 in order to access Salesforce products.
The good news is that MFA is available at no extra cost and Salesforce offers several options for verification. Let’s dive in and learn more about it.
Multi-Factor Authentication (MFA) is an authentication method that requires users to present two or more pieces of evidence-or factors-in order to log in.
Previously, Salesforce would speak of 2FA (Two-Factor Authentication), but now we’re focused on MFA (Multi-Factor Authentication). The difference being that MFA provides functionality supporting two or more factors, whereas 2FA supports two factors only.
MFA is an effective and easy way to increase protection for user accounts against common threats like phishing attacks, credential stuffing, and account takeovers. By requiring multiple factors to authenticate upon login, a Salesforce Administrator can ensure a more secure org and protect their business and data against security threats.
Factors refer to the ways that you can authenticate yourself in order to login. These factors can consist of
Trust is the #1 priority at Salesforce, which is why Salesforce is promoting a security measure such as multi-factor authentication. However, the responsibility to focus on security does not solely rest on Salesforce’s shoulders. Customers have a responsibility to adopt security, monitor activity, protect data, and stay up-to-date with security updates. Internet Creations, as your trusted Salesforce Partner, is here to assist you with the implementation of new security features and provide consultation on best practices.
Salesforce currently supports three groups of verification methods for MFA:
Email, SMS text messages, and phone calls aren’t allowed as MFA verification methods because email credentials are more easily compromised, and text messages and phone calls can be intercepted.
Important: While MFA will not be mandated in Salesforce Communities, if you do implement MFA in communities, SMS is an option for verification.
There are two types of identity verification in Salesforce, service-based and policy-based security. Whenever we log into Salesforce from a different browser or from a new computer, we must provide verification of our identity. This is called service-based identity verification, which is available out-of-the-box. Now, with MFA, you can add a new layer of security on top of it with policy-based identity verification.
Here are several things to keep in mind when rolling out MFA.
What are the System Permissions related to MFA for user interface logins?
What about MFA for API logins?
What happens if a user loses or forgets their device?
Can Salesforce Authenticator auto-approve logins?
The following steps need to be taken in order for MFA to be implemented and activated.
It is critical to have a user rollout plan. While the steps to enable MFA are fairly straightforward, it is important to still do the necessary prep work and communication to ensure a seamless rollout. As a resource, we highly recommend using the Multi-Factor Authentication Assistant in Salesforce Setup to walk through the steps to get ready, roll out, and manage MFA.
As a Salesforce Partner with a deep knowledge of the platform, we are well-equipped to help you and your organization implement Multi-Factor Authentication and ensure you are following the Salesforce security best practices.
Take advantage of the Salesforce content below to learn more about MFA.
Get More Information About MFA
See More Details About Implementing MFA
Learn About MFA Using Trailhead
Get More Information on Security
Join the MFA discussion in the MFA – Getting Started Trailblazer Community!