There’s been a lot of talk about security these past couple of years so it’s great to see Salesforce changing their requirements to keep customer data more secure than ever.
This year all Salesforce customers are required to have multi-factor authentication (MFA) configured, in order for them to access any Salesforce products. If you’re not aware of this change it could be that your Salesforce Admin has already set this up. If it’s not quite rolled out yet and that’s okay too. It won’t be long until it’s rolled out so we’ll let you know what to expect when they do.
So, what actually is MFA and why do we need it?
You may be more familiar with Two-Factor Authentication, also known as two-step verification, this is similar to MFA as users are required to use two different authentication factors to verify themselves and therefore login. Whereas MFA requires two or more verification factors to gain access to Salesforce products. These verification methods can be a mixture of combinations, we listed the available options in our MFA for Salesforce Users: What you need to know blog.
MFA is designed to create an extra layer of security. We all want our data and customer data to be as secure as possible, especially with security threats growing more and more common. Here is an example of how MFA can protect your data:
How do I set up MFA once my Salesforce Administrator has configured it?
Once you’ve had MFA configured in your Salesforce account, the first time you log in you’ll be required to set up MFA. Please note, you won’t be able to log in until this has been set up. Here’s how you do it:
1. Go to Salesforce as you would normally and enter your credentials
2. You will be asked to set up MFA and to select an authentication method. There are a few available so choose whichever is best for you. Salesforce has created its own app which sends a push notification to your mobile, meaning you won’t have to type in a code each time you log in.
3. Once you have downloaded the app, you will be asked to link your Salesforce account. To do this, click the ‘Add an Account’ button at the bottom of the authenticator app
This will bring up the option to link via a two word phrase or a QR code. Either option is easy to connect.
5. Once you’ve completed step 4 and linked your account you should be set up and all good to go.
Looking for help with Salesforce?
How will logging in to Salesforce change with MFA?
You’ll go to your Salesforce login page. Enter your credentials like you normally would, but before you’re actually logged in you will be required to confirm that it is you trying to log in. Use your authenticator method to confirm your identity. With the Salesforce authentication app you will receive the option of a push notification or to use a code. this is what the push notification will look like on your mobile device:
You will be required to complete MFA before you can log in to Salesforce, each time you log in.
How is the MFA rollout going?
Salesforce have been rolling this out since Feb this year. They have given users a 6 month notice period before they start auto-enabling the feature. But don’t worry there is still time to ensure your organisation is set up correctly. Auto-enabling is when Salesforce turns on MFA for all users who log in directly to a Salesforce product. This will prompt users to register for MFA and the next time they log in will not be able to proceed until they have done so. Auto-enablement is happening between September and October 2022, which actually isn’t too far away! Just to clarify, the auto-enablement will be happening for products built on the Salesforce platform, these include:
- Sales Cloud
- Service Cloud
- Marketing Cloud
- Pardot
- Financial Services Cloud
- Commerce Cloud
Salesforce put together this handy Multi-Factor Authentication (MFA) Enforcement Roadmap so that you can double check when each of the product’s enforcement and auto-enablement dates are. The roadmap includes links to any email notifications or release notes just in case you missed them or need to refer back to them.
If you’re concerned or want to double check that your organisation satisfies the MFA requirements, you can use the MFA Requirement Checker here. It’ll take you through a series of questions. Depending on your response, it will let you know if you’ve met the requirements or if further implementation needs to be done. It even gives you additional resources on next steps and you can always get in touch with us here at Nebula.
Here’s an example of one of the questions:
What happens if I haven’t had time to implement MFA by October 2022?
If you haven’t been able to roll out MFA to all your users by the end of October, Salesforce won’t stop you from being able to log in or continue working. However, you will be out of compliance with the contractual requirement. And well, what does that mean? It means you really do need to get MFA rolled out in your organisation as soon as you can. MFA will be officially enforced in 2023.
Just remember, Salesforce will be automatically enabling the MFA requirement to those who are not compliant. Unsure what this means? Basically, Salesforce will turn this feature on for you. If you’re not prepared it’s a good time to start looking into implementing MFA.
Here’s some further information on implementing MFA:
- MFA for Salesforce Users: What you need to know
- Multi-Factor Authentication Quick Guide for Admins
- It’s Time for Multi-Factor Authentication
- Salesforce Multi-Factor Authentication FAQ
If you’d like to understand a little bit more about why MFA is being implemented, Salesforce have defined the contractual requirements in their Salesforce Trust and Compliance Documentation.