- Gram Bischof
What is MFA?
MFA is a way to add security to your login process that makes it harder for phishing attacks and other hacker attacks to get into your Salesforce instance and steal data or other harmful actions carried out during a security breach.
Why is Salesforce requiring MFA?
Salesforce wants to ensure its platform (and by proxy its customers using its platform) to be secure and ensure that everyone’s customer data is as safe as possible. Therefore, it’s requiring all of its customers to follow the best practices to reduce the probability of security breaches and data being taken by unauthorized parties.
Also, Salesforce has now made this part of its contracts and Salesforce suggests that you refer to your legal department to understand any ramifications of non-compliance. Salesforce can’t enforce this through software (yet) and has left it up to each customer to implement MFA on their own.
What do I do to ensure I am using MFA and complying with this new requirement?
Follow the steps below and ensure everyone knows how to add an authorized device.
Modify Session Settings
Click the gear icon in the upper right hand corner and click setup
Type “Session Settings” into the quick find on the left hand side and click the “Session Settings” link
Ensure that “Multi-Factor Authentication” is added to the right side
Click the “Save” button
Create a permission set
Click the gear icon in the upper right hand corner
Type “Permission Sets” into the quick find on the left hand side and click the “Permissions Sets” link
Click the “New” Button
Name the new permission set “MFA”
Ensure that the license type is “Salesforce”
Go to “System Permissions” and click the “Edit” button
Check the checkbox next to “Multi-Factor Authentication for User Interface Logins”
For System Administrators also check the “Manage Multi-Factor Authentication in User Interface” checkbox
Click the “Save” button
Click the “Manage Assignments” button at the top of the page
Click the “Add Assignments” button
Select any users that represent personnel either internal or external
Click the “Assign” button
Click the “Done” button
Users assigned MFA
Download the Google Authenticator App onto your mobile device
Go to login to Salesforce through the normal UI on your computer
Once on the “Connect Salesforce Authenticator” page towards the bottom of the page click “Choose Another Verification Method”
Use your phone to scan the QR code with the Google Authenticator app
Enter in the 6 digit number and click Verify
We recommend the Google Authenticator App as it allows the most flexibility for device range and allowing multiple device registration. All the compliant apps (like the Salesforce Authenticator App) are good choices but this is the one we recommend.