top of page
  • Gram Bischof

Multi-Factor Authentication

What is MFA?

MFA is a way to add security to your login process that makes it harder for phishing attacks and other hacker attacks to get into your Salesforce instance and steal data or other harmful actions carried out during a security breach.

Why is Salesforce requiring MFA?

Salesforce wants to ensure its platform (and by proxy its customers using its platform) to be secure and ensure that everyone’s customer data is as safe as possible. Therefore, it’s requiring all of its customers to follow the best practices to reduce the probability of security breaches and data being taken by unauthorized parties.

Also, Salesforce has now made this part of its contracts and Salesforce suggests that you refer to your legal department to understand any ramifications of non-compliance. Salesforce can’t enforce this through software (yet) and has left it up to each customer to implement MFA on their own.

What do I do to ensure I am using MFA and complying with this new requirement?

Follow the steps below and ensure everyone knows how to add an authorized device.

Modify Session Settings

  1. Click the gear icon in the upper right hand corner and click setup

  2. Type “Session Settings” into the quick find on the left hand side and click the “Session Settings” link

  3. Ensure that “Multi-Factor Authentication” is added to the right side

  4. Click the “Save” button

Create a permission set

  1. Click the gear icon in the upper right hand corner

  2. Type “Permission Sets” into the quick find on the left hand side and click the “Permissions Sets” link

  3. Click the “New” Button

  4. Name the new permission set “MFA”

  5. Ensure that the license type is “Salesforce”

  6. Go to “System Permissions” and click the “Edit” button

  7. Check the checkbox next to “Multi-Factor Authentication for User Interface Logins”

    1. For System Administrators also check the “Manage Multi-Factor Authentication in User Interface” checkbox

  8. Click the “Save” button

  9. Click the “Manage Assignments” button at the top of the page

  10. Click the “Add Assignments” button

  11. Select any users that represent personnel either internal or external

  12. Click the “Assign” button

  13. Click the “Done” button

Users assigned MFA

  1. Download the Google Authenticator App onto your mobile device

  2. Go to login to Salesforce through the normal UI on your computer

  3. Once on the “Connect Salesforce Authenticator” page towards the bottom of the page click “Choose Another Verification Method”

  4. Use your phone to scan the QR code with the Google Authenticator app

  5. Enter in the 6 digit number and click Verify

We recommend the Google Authenticator App as it allows the most flexibility for device range and allowing multiple device registration. All the compliant apps (like the Salesforce Authenticator App) are good choices but this is the one we recommend.


bottom of page