top of page
  • Writer's pictureshannan

Salesforce Multi-Factor Authentication

Updated: Dec 30, 2022

Beginning February 1, 2022 all Salesforce customers were contractually required to use multi-factor authentication (MFA) in their Salesforce orgs. What is it? Why is it required? How do you roll it out to your users?

Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user's identity for login.

MFA is a highly effective method to increase protection for Salesforce user accounts against common threats like phishing attacks, credential stuffing, and account takeovers. It provides you with an added layer of security to your Salesforce login process by requiring users to enter two or more pieces of verification or factors to prove their identity. One factor is something the users knows like their username and password. The other is a verification method from something the user has in their possession such as an authenticator app or security key.

Salesforce has begun requiring MFA for all users to further insure the safety, security, and integrity of both the platform and your data. Salesforce puts the value of trust and success for their customers at the forefront of everything they do. Salesforce customers who have not set up MFA for all Salesforce users are out of compliance with their contractual arrangement with Salesforce. Don’t worry. Summit Technologies can help you meet Salesforce’s MFA requirements!

For the do-it-yourselfers, Salesforce has provided Everything You Need to Know About MFA Auto-Enablement and Enforcement. MFA is not currently required for Experience Cloud sites, employee communities, help portals, or e-commerce sites and storefronts. MFA does not have to be enabled for external users.

MFA options are varied and your Salesforce consulting partner can help you assess which one or more are most appropriate for your Salesforce users. MFAs can be apps on mobile devices, email or text notifications, security tokens, built-in authenticators, security keys, the Salesforce Authenticator, or many other options.

Rolling out MFA for users is a multi-step process dictated by which Salesforce products you are using and what MFA tools you will incorporate. Salesforce provides quite a bit of guidance on how to roll out MFA and how to ensure your Salesforce users are remaining compliant.


bottom of page