As of Feb 1, 2022, multi-factor authentication (MFA) will be required to access all Salesforce products. This extra layer of security is intended to protect both Salesforce user data and org data in the face of rising cyber attacks. Not to worry! Salesforce made sure plenty of resources were created to make this update manageable. The Elevation Solutions team is also here to help.
There are a few housekeeping items to tackle before adding MFA as a login requirement:
- Clean up Salesforce user lists.
- Determine if there is a need for multiple permission sets.
- Let Administrators, super users and other key stakeholders know this change is in motion.
- Organize a timeline for testing, the creation of resources, announcements, feedback and training.
We recommend communicating this change to end users at least 30 days prior to making the security update. Three weeks should allow time for questions, training, and feedback.
Below we explain how to turn on MFA for Salesforce users in four simple steps. These steps are found in the Secure Your User’s Identity Trailhead. However, know that MFA setup can be tailored for an organization based on their preferred authentication method. If you’d like to access our resource list, skip to the bottom!
Turning on MFA
- Create a permission set that requires users to provide a second form of authentication upon login
- Setup > Permission Sets
- Create a new permission set for MFA
- Provide label (the Trailhead training suggests Multi-Factor Authentication Required) > Save
- In your new permission set, search for Multi-Factor Authentication for User Interface Logins permission
- Select Edit > scroll and find Multi-Factor Authentication for User Interface Logins > select > move back to the top of the page and Save
- Now, assign the permission set to users
- Select Management Assignments > Add Assignments > select the users who will need to log in using MFA > select Assign > Done
Once MFA is turned on, users will be prompted to connect Salesforce Authenticator to their account. Users can select their preferred verification method by selecting Choose Another Verification Method at the bottom of the login prompt.
The requirement was announced in February 2021 and that information can be found here. In the same post you’ll also find Salesforce MFA FAQs and a MFA Quick Guide for Administrators. Here is a link to Trailhead’s training on MFA and how to set it up. In the Trailhead there is a video that demonstrates how to turn on MFA and set up Salesforce Authenticator as a second factor for MDA logins.