Directions to Prepare for Salesforce Multi-Factor Authentication

What is Salesforce MFA?

Multi-factor authentication (MFA) is an interaction that requires a customer to verify their personality at least twice before they can log into their Salesforce account.

Laptop virus alert. Malware trojan notification on computer screen. Hacker attack and insecure internet connection vector concept. Illustration of internet virus malware

For example, have you ever taken a stab at logging into your Amazon account when you are not on your phone or on your PC? If you have, presumably you have been sent an OTP (One Time Password) to confirm that you are who you say you are. This is a comparable plan to the way Salesforce MFA works.

Right now, Salesforce customers can log in using their username and secret key, however, in early February 2022 (or shortly thereafter), they must confirm themselves using one of Salesforce’s endorsed MFA techniques that they are who they say they are. This is giving the administrator Salesforce MFA powers for their association.

MFA is only when they are using a new device or they are in an unrecognized location. Users will have the ability to auto-verify themselves from their typical location, so they will not have to use multiple logins every time they sign into Salesforce.


What are the Salesforce Multi-Factor Authentication techniques?


  • Salesforce Authenticator App
  • Built-in Authenticators
  • Security Keys

The Countdown to Salesforce Multi-Factor Authentication (MFA) Is On - GearsCRM

Salesforce Authenticator App

The easiest and most cost-effective way. The Salesforce Authenticator App is a free app that users can download onto their smartphones. 

  • Login to Salesforce and explore to your own settings by tapping on your Profile Image and choosing Settings.
  • Click Advanced User Details and scroll to App Registration: Salesforce Authenticator. Click Connect. 
  • Click Advanced User Details and look to App Registration: Salesforce Authenticator.
  • You will then receive a unique two-word phrase in the app, to then enter in the “Two-word Phrase Field” in your Salesforce browser window. 
  • Back in the app on your mobile device you will then see details about your Salesforce account where you will then be able to click Connect and complete the sync process.


Built-in Authenticators

Built-in authenticators are from the user’s mobile device such as touch ID, face recognition, or a PIN that the user has set up in their operating system. This is available for Heroku, Marketing Cloud, Datorama, and MuleSoft Anypoint Platform. Right now it is a beta service for products built on the Salesforce platform. However, this method is bound to the user’s device, if the user logs into Salesforce on multiple devices, then the built-in authenticator will need to be registered on each device.


What are the steps that Salesforce administrators need to take for rollout?

  • Distinguish whether or not Salesforce MFA has as of now been empowered. Administrators empower this through authorizations or profile settings under Setup.

  • Login as an administrator. From Setup, go to Profiles and select a profile.

  • Look down and click System Permissions.

  • Look down to the consent set, Multi-Factor Authentication for User Interface Logins, on the off chance that that container isn’t chosen, then, at that point, MFA has not been empowered for that specific profile.

  • Go into each profile and affirm whether or not MFA has effectively been empowered and afterward consider a staged or a mass rollout relying upon your group.


2. Send correspondence to your clients. Tell them when you will empower the consent set and give your clients every one of the assets early that they need to get what steps they should take.


How will this affect Pardot users?

As Pardot users experienced migrating to Salesforce Single Sign-On last year, they will also need to have Salesforce MFA enabled

This will not impact the Salesforce Pardot connector. MFA is not required for API / Integration logins and the connector uses the Salesforce API to sync data to Salesforce. If your organization is not using the B2BMA integration user, it is recommended to enable MFA for the connector user.

What happens if teams do not prepare for Salesforce MFA?

There are two ways to define this question:

  • What happens if admins do not enable Salesforce MFA?
  • What happens if admins do not communicate that they’ve enabled Salesforce MFA?

If no prep is done by the Salesforce Admin, come February 1st, they will be in breach of the End User Licence Agreement (the binding agreement you signed when becoming a customer).

Salesforce is legally implementing the MFA, updating their liability position as such, how can you anticipate that they should handle a breach of information and have not empowered the MFA for their customers.

If the administrators do not communicate that they have empowered the Salesforce MFA, you will have many perplexed customers saying, “I can’t get into Salesforce, someone kindly assist me.”
This means an extremely taxing day for Salesforce admins who at that point need to scramble to help correspondence and follow up with customers during the cycle, costing a valuable break from everyone’s average workday.




Please click this link to read more about this topic.



The three days of Dreamforce’21:

The Calendar of Dates: Americas, September 21–23 Europe, Middle East, and Africa, September 21–23 Asia Pacific, September 22–24 Check out every episode, demo, and fun surprise that awaits:   Dreamforce

 2,886 total views

Read More »