What is MFA and Why is it Important?
As the security landscape involves and threats that compromise the user credentials grow more common, it is important to increase and implement strong security measures to protect your business and customers.
Username and passwords are no longer able to provide a strong safeguard against unauthorized account access.MFA adds an additional layer of security to your login process by requiring two or more pieces of evidence. MFA provides protection against security attacks like phishing, credentials stuffing, and account takeovers.
How does Multi-Factor Authentication work?
MFA adds an additional layer of security to access the account by requiring users two or more pieces of evidence/factors to prove they are who they say they are.
One evidence is something a user has such as username and password and other factors are verification methods that the user has. The verification method can be an authenticator app or security key.
By tying users to multiple and different verifications, it is harder for an attacker to gain entry in the Salesforce environment. Even if a bad actor has stolen user password then it is impossible to impersonate a factor that s user physically possess. Salesforce says “multi-factor is the most effective and simplest way to protect your user’s accounts data”.
Image Source = Google | Image By – Salesforce
What is the Salesforce MFA requirement?
Starting from February 1,2022 Salesforce will require all the customers to use Multi-Factor Authentication to access its products. To ensure that you are using the Salesforce MFA, review the terms of service in the Notices and Licenses Information section of the Salesforce Trust and Compliance Documentation. To help the customers who haven’t made the requirement by the deadline, Salesforce will enable the automatic enabling MFA. Salesforce will give a minimum of 6 months notice before enforcing MFA to the Salesforce org.
MFA Verification Methods for Salesforce
MFA adds additional authentication steps to your login process.
1. As usual a normal username and password that the user has.
2. Then the user is prompted with a verification method.
These are the following verification methods provided by Salesforce-
Image Source = Google | Image By – Salesforce
Salesforce Authenticator App
This is one of the most recommended way to login. These are the steps to be taken to set up Salesforce Authenticator App within 5 mins-
1. First install the Salesforce Authenticator app for any type of mobile device, if you don’t have one.
2. In your system, login into Salesforce.
3. Go to your personal setting under that open Advanced User Details.
4. Search App Registration: Salesforce Authenticator and click Connect.
5. Go back to the Salesforce Authenticator App, and tap on Connect Account.
6. The app generates two phrase words.
7. Enter those words into your Salesforce browser window and click Connect.
8. To complete the account connection, in the app click Connect.
Image Source = Google | Image By – Salesforce
Third-Party Authenticator Apps
Salesforce does support the use of third party authenticator apps that generate the temporary code based on time-based-one-time password (TOTP) algorithms. To use this type of authentication method, you get a code from the TOTP app and then enter that code during the login process. There are various free apps available like –
- Google Authenticator
- Microsoft Authenticator
- Authy
Built-in Authenticator
Built-in Authenticator provides a user identity using mobile device’s touch Id, face recognition, or Pin that user has configured on their mobile device. This verification method is bound to the mobile operating system.
Security Keys
It is one of the easiest and simplest ways to make logins, because there is no need to install an app and enter a password. Security keys are nothing just a physical device.
Security keys make login process simpler and faster-
- First connect the key to the system.
- Press the button on the security key to connect.
What are the steps the Administrator needs to take?
Salesforce admins can enable multi-factor authentication in org using profiles and permission set for some set of users. Follow below-mentioned steps to enable MFAon profile level-
1. Login in Salesforce org. Search Profiles and select a profile and click on it.
2. On the profile detail page, scroll down to System Permissions and click on it.
3. Scroll down and check Multi-Factor Authentication for User Interface Logins checkbox is checked or not. Check it to enable MFA.
4. Click on Save button to save the made changes.
5. Do this step 1-4 for each profile to make MFA enable for each user of the org.
The above steps can be applied on permission sets by creating a new permission set or already existing permission sets.
Leave A Comment