According to Salesforce, MFA is going to take effect on February 1, 2022. It will be required for all single-sign-on SSO logins and logins through the user interface, and you can turn it on directly in your Salesforce products or use your SSO provider’s MFA service.
You can find a list of products supported here.
Salesforce has a nice MFA assistant available in the setup and step-by-step instructions on your mobile device when you activate MFA.
Create a permission set for MFA (with an API name if possible, and if you like your developers) and search in the permission set settings in search box field multifactor and choose Authentication for User Interface Logins permission from the lookup preview window of the search box.
There are multiple MFA related permissions, but the one we are looking for is the User Interface Logins one.
Like a regular permission set assignment, assign it to the users who will require MFA to login through UI.
After you enable MFA, users will get a screen prompt when they try to log in after the first time. You can select a verification method and with Salesforce Authenticator you can set up trusted locations to automatically approve your login requests (if you have location services enabled).
For Salesforce Authenticator, you can enter the two-word phrase that the app generates to add it as a verification method. To add an account, open the Salesforce Authenticator app in your mobile device. Add an Account to generate the two-word phrase keywords.
When a user logs in, they get a push notification on their mobile device. The user taps the notification to open Salesforce Authenticator and sees the following information:
You cannot use SMS (Text), phone call and email as alternative verification methods for MFA. As alternatives, you can also use Third-Party authenticator apps and devices (Google Authenticator etc.) and security keys (Google’s Titan Security Key etc.)
Salesforce doesn't require MFA for the following on-premises products:
Cybersecurity is becoming significant every day and there are many threats that can affect users. It’s critical to protect your business and customers according to the industry standards. MFA creates an extra layer of protection against threats like phishing attacks, credential stuffing and account takeovers. MFA is one of the easiest and effective ways to secure your accounts for free.
The reason why it’s called two factor is there is one layer which is the login credentials and the other factor is the verification methods that user has whether it’s by an app or a physical security key.
One tip for admins that might come in handy is that you can also create reports and dashboards to monitor MFA usage across your org.
You can also use Lightning Login to satisfy the MFA requirement. This feature offers password-free access to Salesforce accounts. Lightning Login meets the MFA standard by requiring two authentication factors: Salesforce Authenticator (something a user has) and a PIN or biometric scan on their mobile device (something the user is).
You can also enable MFA using a security level, either standard or high assurance, assigned to a login method in your Salesforce session settings.
You configured Facebook and LinkedIn as authentication providers in your site. Many of your site members use social sign-on to log in using the username and password from their Facebook or LinkedIn accounts. You want to increase security by requiring customers to use MFA when they log in with their Facebook account. You want users who log in with their LinkedIn account to be automatically granted high assurance access and bypass MFA.
In the Customer Community User profile, set the session security level required at login to High Assurance. In your session settings, edit the session security levels.
Because you’re requiring MFA with Facebook accounts, make sure that Facebook is in the Standard column. Add Multi-Factor Authentication to the High Assurance column. When users log in with their Facebook account, they’re required to provide a verification method in addition to their username and password. Add LinkedIn to the High Assurance column. When users log in with their LinkedIn account, they’re granted High Assurance access without needing to provide a verification method.
From what I have found, the scratch orgs are not supported, although enabling MFA on DevHubs could be necessary.
There might be additional configuration requirements if you are already using MFA from your SSO provider. There should be additional considerations for API users and some issues reported with using MFA with Salesforce plugin for outlook Be sure to check out the trailblazer community for more updates on this.
Download the Easy steps to Multi-Factor Authentication: what you need to know user guide now.
Usernames and passwords alone don’t provide sufficient safeguards against unauthorized account access like phishing attacks, credential stuffing and account takeovers.
MFA = One factor is something users know. For Salesforce logins, that's a username and password combination. Other factors are verification methods that a user has in their possession, such as a mobile device with an authenticator app installed or a physical security key.
A user enters their username and password, as usual. Then the user is prompted to provide one of the verification.
You’ve just spent loads of money customising Salesforce to meet your specific business needs, and now your Account Executive is presenting you with the idea of “Managed Services”. What is Salesforce Managed Services, and why do you need it if your project was built and delivered properly?
Performing a Salesforce Technical Health Analysis is an important best practice to ensure you are getting the most out of your CRM investment. Bringing your system up to speed with your evolving requirements and Salesforce’s latest features is fundamental for business success.
Some things will happen whether you prepare for them or not, so what’s the big deal if we just ignore our Release Update prep, and what is there to do, anyway?
Relying on a CRM is a fundamental business decision and intrinsic to strengthening customer relationships. Salesforce is the digital platform that portfolio companies need for objective decision-making. It gives them the advantage of always being one step ahead, even volatile markets.Learn the powerful reasons our UK-based Managing Director, Kirk Heuser, has learned about why private equity firms seek a trusted CRM, like Salesforce.
Luke Toland, a Salesforce Consultant at EMPAUA, teaches you how to Connect your Salesforce org to an external API using zero lines of code. Use declarative tools and OpenAPI specifications to describe the external API functionality, and External Services creates invocable actions within Salesforce Flow that interact with the external API source.