What is Salesforce MFA and when does it start?
Effective February 1, 2022, Salesforce will require customers to use MFA to access its products. All internal users accessing the system through the user interface will be required to use MFA to validate the login.
MFA or Multi-Factor Authentication is one of the simplest and most effective tools to improve the security of logins against security threats such as phishing attacks, keyloggers, credential theft…
It provides an extra layer of security to the login procedure, requiring an additional test or factor to ensure that the user really is who they say they are.
In addition to using the username and password (something you know), we need to provide something you have, for example a cell phone or a security key. In this way, the combination of “something you know” and “something you have” makes access to the system much more secure.
Salesforce MFA Verification Methods
We have multiple verification methods compatible with MFA in Salesforce. Each administrator will be able to configure the ones he/she considers appropriate for his/her organization.
- Salesforce Authenticator
This is a Salesforce Mobile App that allows you to verify the login from your cell phone.
The operation is simple: Every time the user enters his Salesforce username and password, he will receive a notification in the Salesforce Authenticator application. The user can then confirm that it was him or refuse access.
It also has the advantage of being able to configure “secure locations” such as the office or home. This way, if we are in one of these locations, access to Salesforce will be automatic.
- External authentication applications
There are third-party applications such as Google Authenticator or Microsoft Authenticator that also allow you to confirm Salesforce logins in a similar way to Salesforce Authenticator.
- Security keys
It is possible to use a security key (USB) to manage the MFA. These keys are physical security devices that can be purchased in multiple markets. Each user must have their own key and insert it into the computer to verify login.
- Integrated authenticators
Finally, it is also possible to use our own biometric authenticators available on our devices (such as the fingerprint reader, Windows Hello, Touch ID or Face ID) to secure our login.
Is Salesforce MFA mandatory?
As we said at the beginning, on February 1 we must activate MFA to strengthen the security of our organizations. At the moment it will not be a fully mandatory measure, but failure to activate it would mean that we would not be complying with Salesforce’s contractual conditions.
If you don’t know if your implementation meets the Salesforce MFA requirements, you can complete this questionnaire that reviews key aspects of your organization’s security.
In addition, you can find all the information about MFA in the FAQ that Salesforce has prepared about it. And if you have any questions about how to activate MFA in your system, do not hesitate to contact us.