Every password used in an organization is a security hole. The largest ransomware attacks and corporate data breaches have been caused by compromised passwords for non-critical systems that allowed access to critical systems. Requiring that you provide both something you know (your password) and something you have (your phone) makes it harder for your passwords to be compromised.
That’s the definition of multi-factor authentication, or “MFA.” MFA describes a security feature that requires a user to present two or more “factors,” or pieces of information, to prove their identity when logging in to the system. For example, this might look like logging in to Salesforce with your regular username and password, and then using an app on your phone to confirm your login attempt.
This video from Salesforce helps to explain these concepts further: https://www.youtube.com/watch?v=SzfsxtMqygI
Starting February 1, 2022, Salesforce will begin requiring customers to activate MFA protection on their accounts. We are encouraging our clients to take action now and set up the Salesforce Authenticator app to authorize login attempts.
(If access to mobile phones is an unreasonable requirement for your Salesforce users, there are alternatives to using the mobile application; this is the default option we’re recommending for all of our clients, though.)
Here’s how to get started:
1. Download the Salesforce Authenticator App here:
2. Create a permission set called Multi-Factor Authentication and assign the permissions set to yourself
3. Follow the screen prompts to use the Salesforce Authenticator App to log in.
4. Discuss with your fellow staff members, develop a rollout schedule, and assign users the Permission Set you created based on the schedule.
Salesforce has provided a wealth of other information and documentation about this process — here’s a collection of links if you want to dig in and learn more.
What does Authentication mean?
Authentication refers to giving someone identity to access the system.
Users can authenticate through multiple ways. Some of the common ways are:
Once you are logged in to the system, you need the Authorization to access the resources.
What is a Multi-Factor Authentication?
Multi-Factor Authentication is a concept of adding an additional layer of security while you are logging into the system. Multi-Factor authentication decreases the risk of getting into your system by Brute-Forcing using wordlist for password dictionary, Hash Decryption, Phishing Attacks, etc.
One of the commonly used MFA tools is Google Authenticator.
Salesforce has also come up with its authenticator app: Salesforce Authenticator.
Key Features of different Authenticator Apps:
The Salesforce Authenticator mobile app makes MFA easy by integrating it into your login process. It’s simple for users to install and connect to their Salesforce accounts.
When a user logs in, they get a push notification on their mobile device. The user taps the notification to open Salesforce Authenticator and sees the following information:
User Types that support MFA:
An internal user is anyone who has a standard user license and can access your Salesforce org’s UI, including admins, developers, privileged users, standard users, and users authorized to act on your company’s behalf, such as partners and third-party agencies.
User Types that don’t support MFA:
An external user is anyone who has a Community, Employee Community, or External Identity license and can only access your company’s Experience Cloud sites, e-commerce sites or storefronts, help portals, or employee communities.
Ways to Login into the System.
What is SSO?
Single Sign-On is an authentication method of login into multiple systems using a link or just by a simple click of a button in your App.
Key-Terms used when you come across SSO:
Step 1: Login into your Salesforce account
Step 2: On the setup page, search “Permission Set.”
Step 3: Click the “New” button to create a new permission set for the user
Step 4: After saving, scroll down and click “System Permissions” under the system section in the created permission set. Then click the “Edit” button.
Step 5: Scroll down or search “Multi-Factor Authentication for User Interface Logins” and enable the check box. To save the update, click the “Save” button.
Step 6: Click the “Manage Assignments” button and then click the “Add Assignments” button to add users.
Step 7: Select the user to enable two-factor authentication, then click the “Assign” button.
Step 8: Click the “Done” button and activate the created permission set.
Step 9: Log out of your Salesforce account.
Step 10: Download and install the “Salesforce Authenticator” application from your mobile device’s app market.
Step 11: Open the “Salesforce Authenticator” app and click “Add an Account.”
Step 12: On your mobile device, the app displays a two-word phrase authenticator. Keep this word on your mobile device.
Step 13: Log in to the Salesforce account that created the permission set.
Step 14: After clicking on the login button, the “Connect Salesforce Authenticator” page will be opened.
Enter the two-word phrase from the Salesforce Authenticator application and then click the “Connect” button.
Step 15: Now, check your Salesforce Authenticator app; it will prompt you to connect with the authenticator.
Click on the “Connect” button.
Step 16: Your mobile device now displays your username and service name.
Check the details after clicking the “Connect” button on your mobile device.
Step 17: If successfully connected, you’ll be automatically redirected to your Salesforce account’s main page.
You can log out of this session to test your multi-factor authentication.
Step 18: Again, enter your login credentials and then click the “Login” button.
Step 19: Check your Salesforce Authenticator app; it will prompt you to approve this log in or not.
Click the “Approve” button to approve this login session.
Step 20: Your login is approved; you’ll be automatically redirected to your Salesforce account’s main page.
Looking for help rolling out multi-factor authentication (MFA) to your Salesforce users? Meet the Multi-Factor Authentication Assistant, your central hub for all the recommended activities, tools, and resources for a successful project.
The Multi-Factor Authentication Assistant is available from Setup in Lightning Experience.
The Multi-Factor Authentication Assistant guides you through each phase and stage on the path to MFA.
In each phase, you get support with step-by-step instructions and resources. Activities are grouped into a series of stages that keep you organized and help you track your progress. To see the recommended activities in a stage, click the icon.
The Assistant helps you keep track of the work you’ve finished and where you’ve left off by allowing you to check off steps that you’ve completed (1). The Assistant shows when you’ve completed all steps in a stage (2).
The Multi-Factor Authentication Assistant is designed to move you quickly and efficiently through the process. But you can tackle activities in whatever order makes sense for your org. And you can skip any steps that aren’t relevant or don’t add value to your project. If you take an iterative approach to rolling out MFA, you can repeat activities until you’ve enabled all users.
Requirement to Enable MFA
Scope of the MFA Requirement
MFA for Direct Logins to Salesforce Products
MFA for SSO Logins to Salesforce Products
Verification Methods for MFA
MFA User Experience
Roll Out MFA
Blog Content References: https://help.salesforce.com/s/articleView?id=000352937&type=1