As we know that the Salesforce Authenticator is an intelligent, mobile-enabled two-factor authentication app that gives an extra and safe layer of security to your Salesforce account data. To protect the customer data, Salesforce recommends setting up Multi-Factor Authentication, MFA for short, for all users logging into Salesforce through the user interface.
Two Factor Authentication
Here, Two-factor authentication is a fantastic way to keep online accounts and data secure and safe. Two-factor authentication means two things or two factors to access the data and account.
Factor 1: In the first factor, this is something we know, like our username and password combination.
Factor 2: In the second factor, this is something we have, like a mobile device with a security app installed.
This blog deals with the second factor, which is (The mobile device with a security app) and its essential features such as,
Types of Verification Methods in Salesforce Products Support for MFA
There are many types of verification methods available to access your Salesforce accounts; as we know, Salesforce has come up with three different kinds of Multi-factor Authentication. Here are the three ways you can use to clear the MFA to log in to your accounts.
- Salesforce Authenticator Mobile App: If you are using the Salesforce Authenticator App for MFA, it will show you a notification whenever someone tries to log in to your account along with their location. So, with this method, you can choose to approve or deny login attempts just with a tap. Salesforce Authenticator App is free for iOS and Android users.
- Third-Party Authenticator Apps: This is also a method for MFA that would allow you to verify your identity with unique temporary codes called Time-Based One-Time Passwords. If you want to choose/apply this way for MFA, you have many options like Google Authenticator, Microsoft Authenticator, or Authy.
- Security Keys: Basically, This is a small physical device that is easy to use. It is the leading way of authentication if you don’t have a middle device or cannot bring cell phones to your network premises. The best thing is that it requires nothing to install and no codes to enter.
Note:- “From February 1, 2022, Salesforce requires MFA for all users who log in to the Salesforce UI. You can get more information about this requirement, see “Announcement of the Future Requirement to Enable Multi-Factor Authentication (MFA) and “Salesforce Multi-Factor Authentication FAQ.”
Set-up of Multi-Factor Authentication in your org
Salesforce has also provided a Multi-Factor Authentication Assistant. Salesforce has provided a checklist for each step from where anyone can follow to set up MFA.
Firstly, go to the Setup, search “Session setting,” and select it. And make sure that in Session Security Levels, “Multi-Factor Authentication” should be High Assurance.
Type “Permission Sets” in the Quick Find box and click on it. Then create a new permission set for MFA (maybe you can create a permission set with the name “MFA Authorization for User“) to easily recognize this permission set.
In the permission set of your org, which you have created for MFA when you will scroll down, there is an option for “System Permissions,” select and enable the “Multi-Factor Authentication for User Interface Logins” and click the “Save” button.
Now we need to assign this permission set to any users. Then, you can transfer it to your user for testing purposes.
Setup the Salesforce Authenticator App:-
- Firstly download and install Salesforce Authenticator for iOS from the App Store or Salesforce Authenticator for Android from Google Play on your Mobile
- Now, Tap the app icon to open the Salesforce Authenticator on your mobile.
- Now, login into the org with your username and password to set up Multi-Factor Authentication. When you try to log in, you will find a page to connect that with Mobile Authenticator.
- Now, on your mobile, when you open the Authenticator app and select “Add an account,” then there will be a “Two-Word Phrase” to connect with the org. Use that two-word phrase to communicate with your org
After using “Two-Word Phrase,” you will be connected to Salesforce Authentication. Now, when you log in to your Salesforce org, there will be an approval request in your mobile to verify that org when you approve from your mobile, you will be able to open your Salesforce org.
Post Installation Steps:-
Finally, you are ready with Salesforce MFA. In Setup, when you search for “Identity Verification History,” from there, you will get details of everyone who is using the Salesforce MFA.
Suppose if a user accidentally lost his device, they won’t be able to access Salesforce without that. Then the solution/suggestion is, as an Admin, you need to go to their salesforce user detail screen and click “Disconnect” next to App Registration: Salesforce Authenticator. Then, for any reason/purpose, if you want to remove MFA, remove the user’s permission set permanently.
Are you looking for a registered Salesforce partner for a customized Salesforce solution? Please feel free to contact CloudVandana to get started.
Atul Gupta is CloudVandana’s founder, an 8X Salesforce Certified, working with globally situated businesses in creating Custom Salesforce Solutions.
A strong, dynamic, and accomplished leader, as Director at Atul Gupta, guides all the aspects of CloudVandana Salesforce Implementation Team, Analytics, and Information Technology functions.