The number of cyberattacks against businesses is on the rise. Therefore, it is important that we implement stronger security measures to protect our customers and their data.
Consequently, MFA for Salesforce Users will be required in order to access Salesforce products from February 2022.
So, what is Multi-Factor Authentication (MFA)?
MFA is a strong electronic authentication method. Importantly, users are required to provide two or more verification factors when they log in. As the Salesforce Admin, you can ensure a more secure org and improved Data protection, by requiring users to authenticate themselves before logging in.
What verification methods can be used for MFA?
The first factor is something the user knows. Such as their username and password. In addition, the others are verification methods a user has in their possession. Such as a security key or an authenticator app.
|Salesforce Authenticator Mobile App||Third-Party Authenticator Apps||Security Keys|
|Microsoft Authenticator||Yubico’s YubiKey|
|Google Authenticator||Google’s Titan Security Key|
Note: SMS, Phone Call and Email Verification are not supported.
How to implement MFA for Salesforce Users?
As the administrator, you will need to assign the “Multi-Factor Authentication for User Interface Logins”. This is a permission set for products built on the Salesforce Platform.
How will users be affected when MFA is switched on?
Once MFA is enabled for User Interface Logins, every user will need to have at least one verification method enabled to log in. If they do not have this set up, they will be prompted to when they next try to log in.
As such, all users will need to supply that verification method going forward. As well as their Username and Password combination when they log into any Salesforce product. This also includes when they have been logged out due to inactivity. Or when a session has expired.
Planning your Rollout
Come up with a plan to ensure the rollout of MFA is as smooth as possible for your users.
Here are things to consider:
- Roll out MFA to small groups over time to test the process. And address any issues that might arise.
- Let users know in advance of the upcoming changes. So that they are aware of how this will affect them going forward.
- Admins should have a process in place. So you can easily deal with users/admins that forget or lose their verification method.
If you have any questions on MFA, or want support with the implementation, contact us.