Salesforce Multi-Factor Authentication July 20, 2021 by Justin Gilmore Thinking in: CRM/AMS, Salesforce What Is It and Why Should You Comply with It? As a nonprofit, you regularly collect and store an enormous amount of digital personal information. Without your donors, members, and volunteers — plus their names, addresses, and other contact information! — you cannot accomplish your mission. You’re already committed to being a good steward of the money you raise, the land you care for, the people you serve; that must also apply to the data you store. Your data is valuable, and protecting it is vitally important. Multi-factor authentication is your best protection with Salesforce. If you’re using Salesforce, you’re already off to a great start with the built-in protections of the platform, and now Salesforce is rolling out new password policy requirements to help its users be good stewards. Every password used in an organization is a security hole. The largest ransomware attacks and corporate data breaches have been caused by compromised passwords for noncritical systems that allowed access to critical systems. (Check out this post from early 2020 for our tip on how to protect your personal accounts from being compromised.) Requiring that you provide both something you know (your password) and something you have (your phone) makes it harder for your passwords to be compromised. That’s the definition of multi-factor authentication, or “MFA.” MFA describes a security feature that requires a user to present two or more “factors,” or pieces of information, to prove their identity when logging in to the system. For example, this might look like logging in to Salesforce with your regular username and password, and then using an app on your phone to confirm your login attempt. This video from Salesforce helps to explain these concepts further: Starting February 1, 2022, Salesforce will begin requiring customers to activate MFA protections on their accounts. We are encouraging our clients to take action now, and set up the Salesforce Authenticator app to authorize login attempts. (If access to mobile phones is an unreasonable requirement for your Salesforce users, there are alternatives to using the mobile application; this is the default option we’re recommending for all of our clients, though.) Here’s how to get started: Download the Salesforce Authenticator App here:Apple App Store (iOS)Google Play App Store Create a permission set called Multi-Factor Authentication and assign the permissions set to yourself, as shown in this quick video: Updated to add (11/29/22 by Tom Vance): Org-Wide MFA Setup (set it and forget it) Requiring multi-factor authentication (MFA) for all users is a great way to ensure consistency across your whole organization. As you know, there are many steps to granting access to new users in your instance. Setting up MFA Org-Wide will save a step AND give you the peace of mind knowing you have consistent security requirements for all your users. Follow these simple steps to activate org-wide MFA today: Navigate to Setup -> Session Settings -> check the box next to “Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org” -> click Save. Navigate to Setup -> Identity Verification -> add the Multi-factor Authentication to the right column -> click Save. That’s all you have to do. Now, every new user will be automatically required to use Multi-Factor Authentication and you can move on to other important tasks. Of course, we are always here to help with Ongoing Support. If you have questions just send to your support email. Other Resources: Check that your implementation satisfies the requirements here. Check the MFA timeline here. Salesforce updated the FAQ‘s in October 2022 to address questions organizations have had. You can see those here. Share via: Facebook Twitter LinkedIn
