All internal users who log in to Salesforce products through the user interface must use MFA for every login. Do you want to know why, and how to configure MFA? Just read on…
Increased risk of cyber attacks and hacking attempts
With the substantial increase of working from different locations in the covid pandemic and the increased risk of cyber attacks and hacking attempts, Salesforce has chosen a path towards a mandatory login protocol to improve safety.
MFA for every login
All internal users who log in to Salesforce products (including partner solutions) through the user interface must use MFA for every login. Salesforce encourages organizations to start planning for this change now, and where possible, begin implementing MFA. Salesforce motivates the choice for a mandatory MFA for all users in the following statement:
“A key part of your security strategy is safeguarding access to your Salesforce user accounts. On their own, usernames and passwords no longer provide sufficient protection against cyberattacks. That’s where MFA comes in. It’s one of the simplest, most effective ways to prevent unauthorized account access and safeguard your data and your customers’ data. We require customers to implement MFA to help mitigate the risks stemming from threats like phishing attacks, credential stuffing, and compromised devices.”
Single Sign-On and MFA
To ensure that MFA is required for all your Salesforce users, you can turn it on directly in your Salesforce products or use your Single Sign-On (SSO) provider’s MFA service. If your SSO system uses MFA, you don’t need to enable Salesforce’s MFA for users who access your Salesforce products solely through SSO.
Trust and compliance
As mentioned above, the MFA requirement goes into effect on February 1, 2022. Salesforce states that the terms of service in the Notices and Licenses Information section of the Salesforce Trust and Compliance Documentation have been updated to require the use of MFA for direct and SSO logins to a Salesforce product’s user interface.
What is Multi-factor authentication?
Multi-factor authentication (MFA) is a powerful secure authentication method that has two steps (or factors) to prove users’ identities when they attempt to log in. The first factor is information known to users, like username and password. The second is a verification method that the user has in their possession, like an authenticator app or a security key. So multi-factor authorization makes it a lot harder for fraudsters to get access to your Salesforce data.
Types of Multi-factor authentication in Salesforce
Salesforce has several very convenient and innovative solutions for MFA:
- Salesforce Authenticator mobile app
- When someone tries to log in to your account, you get a notification on the phone with the details of the activity, such as location, device, user and service. If everything looks good and you have no worries – tap the Approve button. If you don’t recognise this activity – tap the Deny button and the login attempt will be blocked.
How to enable MFA in Salesforce
If your company doesn’t use SSO then the admin has to configure the following steps below:
- Navigate to Setup -> Session Settings -> add the Multi-factor Authentication to the right column -> click Save.
- Go to Setup -> Permission Sets -> click New -> enter the Permission Set name -> click Save.
- Find System Permissions in the System section -> click Edit -> enable the “Multi-Factor Authentication for User Interface Logins” checkbox -> click Save.
- Assign the Permission set to the appropriate users.
Once you have Salesforce MFA, your users’ data will be protected and even if the login credentials are stolen, fraudsters still won’t be able to log in because of the additional protection level.