Salesforce

Implementation of Multi-Factor Authentication (MFA) in Salesforce

Doctor Using Smartphone In Office

What Is MFA, and Why Is It Important?

As the security landscape evolves and threats compromising user credentials become more common, it’s important to implement strong security measures to protect your business and customers.

Multi-factor authentication (MFA) is one of the easiest, most effective ways to prevent unauthorized account access and safeguard your Salesforce data. MFA adds an extra layer of protection against threats like phishing attacks, credential stuffing, and account takeovers.

You must activate “two-factor authentication” and connect it to the Salesforce Authenticator application, where the user can use their login with valid credentials. The Salesforce authenticator app can generate a time-based, one-time password for every 30 seconds; it then prompts a notification to approve or deny the login.

MFA Verification Method in Salesforce

MFA adds an extra authentication step to your Salesforce log in process:

  1. The user enters their username and password, as usual.
  2. The user is then prompted to provide a verification method.

Salesforce requires users to provide a verification method that’s in their possession. Depending on your Salesforce product, you can allow any or all of these methods.

Mfa 1

Figure 1: MFA Verification Methods

MFA Verification Using Salesforce Authenticator App

The Salesforce Authenticator mobile app makes MFA easy by integrating into your login process. It’s simple for users to install and connect to their Salesforce accounts.

When a user logs in, they get a push notification on their mobile device. The user taps the notification to open Salesforce Authenticator and sees the following information:

  • The action that needs to be approved
  • Which user is requesting the action
  • Which service is requesting the action
  • What device the user is using
  • The location from which the request is coming with this information can quickly and confidently approve or deny the authorization request. They can also automate the extra authentication step when working from a trusted location.
Mfa 2

Figure 2: User Login Details

Steps for Implementing MFA Using Salesforce Authenticator App

Prerequisites

  1. Salesforce Trailhead playground or Developer Edition account
  2. Salesforce Authenticator application (supported on both Android & IOS)

Step 1: Login into your Salesforce account

Step 2: On the setup page, search “Permission Set.”

Step 3: Click the “New” button to create a new permission set for the user and enter the label name. The API name will automatically generate, then click the “Save” button.

Mfa 3

Figure 3: New Permission Set

Platforms & Technology - A Business Leaders Guide to Key Trends in Cloud
A Business Leaders Guide to Key Trends in Cloud

Cloud’s dynamic nature can make it hard to keep up with the wide-ranging capabilities that make it a key enabler to improve business processes and support a larger digital transformation.

Get the Guide

Step 4: After saving, scroll down and click “System Permissions” under the system section in the created permission set. Then click the “Edit” button.

Mfa 4

Figure 4: Edit System Permissions

Step 5: Scroll down or search “Multi-Factor Authentication for User Interface Logins” and enable the check box. To save the update, click the “Save” button.

Mfa 5

Figure 5: Check Multi-Factor Authentication for User Interface Logins

Step 6: Click the “Manage Assignments” button and then click the “Add Assignments” button to add users.

Step 7: Select the user to enable two-factor authentication, then click the “Assign” button.

Step 8: Click the “Done” button and activate the created permission set.

Step 9: Log out of your Salesforce account.

Mfa 6

Figure 6: Log Out of Account

Step 10: Download and install the “Salesforce Authenticator” application from your mobile device’s app market.

Mfa 7

Figure 7: Download Salesforce Authenticator

Step 11: Open the “Salesforce Authenticator” app and click “Add an Account.”

Mfa 8

Figure 8: Open Salesforce Authenticator

Step 12: On your mobile device, the app displays a two-word phrase authenticator. Hold that word on your mobile device.

Mfa 9

Figure 9: Two-Word Phrase in App

Step 13: Log in to the Salesforce account that created the permission set.

Mfa 10

Figure 10: Account Login

Step 14: After clicking on the login button, the “Connect Salesforce Authenticator” page will be opened. Enter the two-word phrase from the Salesforce Authenticator application and then click the “Connect” button.

Mfa 11

Figure 11: Connect Salesforce Authenticator Page

Step 15: Now, check your Salesforce Authenticator app; it will prompt you to connect with the authenticator. Click on the “Connect” button.

Mfa 12

Figure 12: Connect Account Request Page

Step 16: Your mobile device now displays your username and service name. Check the details after clicking the “Connect” button on your mobile device.

Mfa 13

Figure 13: Username and Service Name Details

Step 17: If successfully connected, you’ll be automatically redirected to your Salesforce account’s main page. You can log out of this session to test your multi-factor authentication.

Mfa 14

Figure 14: Log Out Current Account Session

Step 18: Again, enter your login credentials and then click the “Login” button.

Mfa 15

Figure 16: Log In to Your Account

Step 19: Check your Salesforce Authenticator app; it will prompt you to approve this log in or not. Click the “Approve” button to approve this login session.

Mfa 16

Figure 17: Salesforce Authenticator App with Details

Step 20: Your login is approved; you’ll be automatically redirected to your Salesforce account’s main page.

Mfa 17

Figure 18: Salesforce Account Main Page

In summary, MFA is useful to provide an increased level of security to your system, as well as effective ways to help prevent unauthorized account access.

About the Author

Amol Gawali is a technical consultant. He is a certified Salesforce Platform Developer 1 and excited to share his knowledge through blogging.

More from this Author

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to the Weekly Blog Digest:

Sign Up