Skip to main content

Salesforce - How to enable Multi-Factor Authentication (MFA)

Image
By Sunil

Multi-Factor Authentication (MFA) in Salesforce:

Today, to login to the Salesforce, the user has to enter user name and password. Sometime, in addition to the user name and password, a verification code may also be needed if the user has enabled the verification method. Verification code can be received in phone SMS or on registered email.

But above authentication measures like user name, password and verification code are not safe and can be breached.

Therefore, Salesforce has added one more security layer to authenticate the entry of the user in the salesforce. This new authentication layer is called MFA (Multi-Factor Authentication).

MFA can be achieved by using any of the below methods

1.       By using the Salesforce Authenticator app in the smart phone

2.       By using the U2F security key (physical device)

3.       By using the Third Party One Time password generator app.

In this article we will help you enable the MFA using the Salesforce Authenticator app in the smart phone.

Multi-Factor Authentication (MFA) Enforcement Roadmap:

As of today (15th Oct 2022) the MFA is not yet enforced for Products built on the Salesforce Platform like Sales Cloud, Service Cloud, Analytics Cloud, B2B Commerce Cloud, Experience Cloud, Industries products, Marketing Cloud–Audience Studio (formerly DMP), Marketing Cloud–Pardot, Platform, Salesforce Essentials, Salesforce Field Service, Partner solutions. 

Projected MFA Auto-Enablement Date is Between January and June 2023.  Admins will still have the option to disable MFA if their users aren't ready yet.

Projected MFA Enforcement Date is September 2023. After MFA is enforced, user has no choice than to set up MFA authentication. Else they will not be able to login to the Salesforce. 

To avoid this situation let’s set up MFA for the user so that after enforcement the user can still login and avoid loss of productivity. 

Steps to apply Multi-Factor Authentication (MFA) to the Salesforce User:

  • Create a new permission set and provide appropriate label. License field is optional. Click “Save” button.

  • Permission set get created. On the Permission set, under “System”, click the “System Permissions” link and click “Edit” button.

  • Search “Multi-Factor Authentication for User Interface Logins” and select the checkbox. Save the changes.

  • Now we have the required Permission set created. In the next step we want to apply this permission set to the user who need MFA to be applied. Find the required User and assign this Permission Set to the User.

  • Under the User record find the “App Registration: Salesforce Authenticator” option and click “[Connect]” link. 


  • You may see the below screen to verify your identity. Enter the verification code and click “Verify” button.

  • Below screen will appear and it will ask you to enter the two-word phrase.

  • To get the two-word phrase, first you would need to install “Salesforce Authenticator” app in your smart phone. After you install the “Salesforce Authenticator” app in your smart phone, it shows “Add Account” button. Click this button and it will generate a two-word phrase. Keep the “Salesforce Authenticator” app open all the time till we finish the MFA set up.
  • Come back to the Salesforce screen and enter this two-word phrase and click “Connect”. It may again ask you to enter verification code as below. Enter the code and click “Verify” button.

  • Meanwhile your phone may show a screen to verify the connection. Click “Connect” in your phone screen. Your account is now added in the “Salesforce Authenticator” app.
  • Log out of the Salesforce and Login again. It is possible that the Salesforce may again ask you two-Word phrase. In this case again click the "Add Account" button in “Salesforce Authenticator” app and generate the two-word phrase. Enter the phrase in the salesforce screen and submit the screen.
  • In the Salesforce Authenticator” app click connect.
  • User get entry into the salesforce.

  • Now onward, every time, you login to the salesforce, you should keep your “Salesforce Authenticator” app open and it will ask you to approve the login. In this way your smart phone is used to approve the login entry of the user.

Labels:

Comments

Post a Comment

Popular posts from this blog

Salesforce - Drop Box Sign (Hello Sign) Integration

By Sunil
Salesforce Integration with Drop Box (HelloSign) Hello friends, Drop Box Sign (formerly known as Hello Sign) is an e-Signature solution application which lets you send, sign, and store important documents in one seamless workflow. In this article I am going to demonstrate how you can reuse this solution within Salesforce by integrating the Hello Sign.  The use case: A salesforce user want to send the contract document to the client from the Account record and expects client to e-signature it. After client signs the document the signed copy should automatically get attached to the Account record that triggered the signature process.   Solution Design: Install the required managed package of HelloSign. Then connect your HelloSign Account with Salesforce. Add HelloSign provided button on Account Page layout. Assign the necessary permission provided by HelloSign to the salesforce User to provide access to the HelloSign solution. Define your template of the contract document. ...
Post a Comment
Read more