How to implement multi-factor authentication in Salesforce

Seamless CRM Adoption with Salesforce Strategic Consulting
February 10, 2021
Curating a Salesforce User Experience that works for your team
August 15, 2023

Here’s how to set up multi-factor authentication to secure access to your CRM.

Multi-factor authentication (MFA) makes sure that an online user is really the person trying to log into an account by requiring a minimum of two pieces of identification that comes from either something known to them, something they are, or something they possess. It’s the best way to keep your accounts and data safe from hackers, even if they’ve stolen your password. But MFA isn’t foolproof. Here are some tips for implementing multi-factor authentication in a way that works for your company.

What is multi-factor authentication?

Multi-factor authentication uses a combination of different methods to verify your identity. This security feature, which requires all internal Salesforce users to verify their identity by using a combination of authentication factors, will become a requirement by February 1, 2022. The MFA feature safeguards your account with an additional layer of protection that helps ensure only authorized users access sensitive data.

Multi-factor authentication requires a traditional username and password combination paired with an additional piece of information. Some companies use a key or token sent via email, phone call or text message. Salesforce will no longer allow SMS texts, phone calls or email options since all these methods have higher incidence of compromise and interception. Instead, multi-factor authentication through Salesforce requires an app on your phone or a physical security key. Each token matches with a user’s password, which helps protect against a third party gaining access to your account. If a user resets their password, the token resets as well, preventing compromised accounts because of lost or accidentally shared tokens.

How to implement multi-factor authentication in your business with Salesforce

Salesforce makes it simple to implement MFA in your business. Account administrators choose the verification methods that work for their employees and company. The options for MFA authentication include different mobile applications or a U2F security key.

Authenticator Apps

Salesforce works with different authenticator applications. Each one uses different methods for multi-factor authentication. 

Salesforce Authenticator

The Salesforce Authenticator application offers free and fast MFA. This app connects with existing accounts and features simple installation and connection. When a user logs into their account, he or she receives a push notification on their connected device. Each notification requires the user to verify the following information:

  • Action requiring approval
  • User responsible for the action
  • Service requesting the login
  • Device that sent the request
  • Location of the request

After verifying this information, users have the option to approve or deny the login. The application also works when devices don’t have an internet connection. When this happens, the Salesforce app provides a six-digit time-based one-time password (TOTP) that the user enters for authentication.

Third-Party Authenticator Apps

Salesforce works with third-party applications that generate TOTP codes, including Authy, Microsoft Authenticator and Google Authenticator. These applications provide temporary codes based on the current time and a secret key known only by the service and the user. Each code remains valid for 30 seconds.

Security Keys

Physical security keys are another option for multi-factor authentication; especially for businesses that don’t allow mobile devices on the premises. Each user connects their key directly to their computer and presses the button for identification verification. Salesforce works with security keys that are compatible with FIDO U2F, including the Google Titan and YubiKey. FIDO U2F uses origin binding, which ensures that logins fail if users aren’t on the actual site for authentication.

Preparing for and implementing Salesforce multi-factor authentication

Setting up multi-factor authentication requires some preparation and planning for successful integration. After choosing the verification methods that work for their businesses, account administrators should verify all users, roles and the permissions required. This leads to the identification of privileged users and the overall scale of your multifactor authentication project.

Rolling out your authentication processes requires account administrators to work with their teams and establish protocols for access recovery. Once these methods are in place, users receive their verification methods and enable MFA interface logins. In most cases, administrators help individuals register their accounts and login with the chosen verification methods. 

What are the benefits of implementing multi-factor authentication?

Setting up MFA provides an additional layer of security for account access. Requiring multiple methods of authentication for logins protects financial, social media, and other sensitive accounts from malicious attacks and unauthorized access that may occur because of phishing scams, hackers and password data breaches.

Setting up MFA with Salesforce provides secure access to your accounts, without slowing down your business. By choosing multi-factor authentication methods that work with current processes, you keep sensitive information secure using options that allow users quick access without going through multiple steps.

CRMNinjas provides consulting and managed services by certified professionals for Salesforce’s sales and service clouds. We love writing about Salesforce, and we keep you informed about how CRMs are revolutionizing the business world. If you’re ready to transform your business with Salesforce, contact us today.


Salesforce Authentication

What is a Salesforce security token?