MFA for Salesforce
What is MFA?
MFA stands for Multi-Factor Authentication. It is an added layer of security to verify end users point-of-entry into a system. In this case, Salesforce.
Typically a user would log into Salesforce using their username and password. With MFA, an additional form (also known as 2FA or Two-Factor Authentication) or multiple forms of verification are required. This can be any number of things that the person knows, owns or is (we’ll explain this one in a bit).
Why is MFA Important?
More and more software companies are now requiring their customers to use MFA. This is a best practice to protect company data should user login credentials be jeopardized. In the age of cybersecurity threats, usernames and passwords can be stolen through phishing and brute force attacks. Once hackers get ahold of this information, your company and even your personal information will be in their hands. With MFA enabled, even if you lose your credentials, they still would not be able to access the system because they don’t have your other methods of verification.
Types of MFA
As mentioned, there are three main types of MFA verification methods.
Knowledge - Something that the user knows. Example: password, PIN, security question.
Possess - Something that the user owns. Example: mobile device, USB drive, key card.
Inherence - Something that is apart of the user. Example: fingerprint, facial detection, iris scan, voice recognition.
Key Dates for Salesforce MFA
As of February 1, 2022 all Salesforce products require the use of MFA. This can be done manually by system administrators.
However, starting in January 2023 with the Spring ‘23 Release until June 2023 with the Summer ‘23 Release, Salesforce will begin MFA Auto-Enablement. This means that Salesforce will automatically enable MFA for your org. All users will need to register for MFA upon logging in. The system administrators can however disable MFA manually if needed.
In September 2023, Salesforce will enforce MFA. At this time, all users are required to register for and log in using MFA. It cannot be disabled after this date.
Enabling MFA for Salesforce
Before you enable MFA for your users, you should create a roll out plan. You want to communicate the change to your users ahead of the roll out, as well as test it yourself and with a few power users.
To enable MFA, the system administrator needs to setup the permission set and assign it to users.
Search for Permission Set in the Setup menu.
Click the New button.
Type in “MFA Authorization for User Logins” in the Label field.
Assign the “Salesforce” License.
Click the Save button.
Next, find the permission set you just created and click into it.
Scroll down to the System section of the page and click on the System Permissions link.
On this screen, click the Edit button.
Scroll down the list of permissions, which are listed in alphabetical order. Locate the permission called “Multi-Factor Authentication for User Interface Logins”, check the box and click the Save button.
At the top of the page click on the Manage Assignments button to assign this permission set to specific users.
User Setup
Since MFA is unique to each individual user, it requires each user to register. There are multiple way to authenticate. We’ll look at the easy-to-use and free Salesforce Authenticator app. Users can find the app in their respective app stores. For iPhone devices, visit the App Store. For Android devices, visit the Google Play Store.
Log into Salesforce as you normally would, using your username and password.
You will be directed to a new page. Open the Salesforce Authenticator app and follow the instructions on the screen.
Click the Connect button.
Logging In
Once you have registered your Salesforce Authenticator app, logging in becomes a breeze.
Log into Salesforce as you normally would, using your username and password.
A notification from your mobile device should pop up. Tap it to open the Salesforce Authenticator app.
Tap the Approve button to log in.
That’s All!
Enabling MFA for Salesforce is easy as that! However, it requires a team effort. So before you enable it, you might want to communicate to your users, host brief training sessions, have documentation readily available, and be prepared to troubleshoot and support.
If you would like to learn more ways to secure your system, book a free consultantion here: https://calendly.com/nimbuscrmsolutions or send us an email at myron@nimbuscrmsolutions.com. Cheers!