Articles

Home // Articles // Multifactor Authentication in Salesforce
Salesforce MFA

Multifactor Authentication in Salesforce

Ryan Golembiewski
April 30, 2021
Professional Services

Salesforce recently notified all customers that Multi-Factor Authentication for internal logins will be mandatory in all orgs starting on Feb 1st, 2022. 

What is Multifactor Authentication?

MFA is an effective way to increase protection for user accounts against common threats like phishing attacks, credential stuffing, and account takeovers by using two or more identifying pieces of information (factors) in order to access their environment..

The first factor will be your login credentials and the second will be a secondary log in using an Authenticator App (Salesforce Authenticator, Microsoft Authenticator, etc) or a physical security key. 

MFA helps to add an additional layer of security for all Salesforce orgs by reducing the risk of phishing attacks, credential stuffing, and account takeovers. 

How does MFA work?

Upon entering their login credentials, users will receive a push notification on their mobile device where they have installed the Authenticator App.

This push notification will include five pieces of information: 

  • The action that needs to be approved
  • Which user is requesting the action
  • Which service is requesting the action
  • What device the user is using
  • The location from which the request is coming

Salesforce MFA

Rolling Out MFA for your org

It is important to identify which verification methods work best for your team and which users will be the first to use MFA. Salesforce recommends that System Admins and other privileged users be the first on the team to utilize MFA as their accounts will be the most problematic if they were to be compromised.

Once you have identified which users should receive first access to MFA, you will need to set a plan to test and roll out the feature across your org. Let your first round of users test and refine the process before you roll it out to your other users and be prepared to accommodate a few rounds of iterations and reconfiguration after testing.

It is best to break your users down into groups so that the rollout can include the entire team over a period of time and no individual recommendation gets lost in the shuffle.

Once the configuration is complete and rolled out to all users you can monitor user adoption rates by using some Salesforce built-in-tools (depending on your license) or by conducting meetings with your staff.

A slow rollout will help to ensure that all of your users are using MFA without problem before the Feb, 1st, 2022 deadline.

Ryan Golembiewski

With over 12 years of experience working with Salesforce.com Clients, Ryan has led many successful projects, migrations & delivery teams. Prior to that, he was Selling to Healthcare systems and knows the value of Salesforce from the user perspective.