Salesforce Multi-Factor Authentication (MFA)

Salesforce Authenticator Mobile App

 

The Salesforce Authenticator app can be used side by side with either the Microsoft/Google authenticator apps. The Salesforce app allows for features the other two can’t do. Namely if you enable Lightning Login, the app can act both as password and MFA at the same time. Also, using trusted locations, you can log in and prevent repeated MFA prompting the next time you log in. We encourage you to try out the various options.

• Intro Video

Personal Account Tools

• MFA First Step
• Adding Microsoft (similar for Google, but I do recommend trying the Salesforce Authenticator app)
• Manage MFA for your personal account

You may access the settings noted above by going to Profile > Settings > Advanced User Details and look for "App Registration: Salesforce Authenticator" and/or "App Registration: One-Time Password Authenticator" (the latter for Microsoft/Google).

Admin Tools/Options

• Manage Connections for other user’s accounts
• Generate Temporary Verification Codes for users (when they don’t have their phone).

Access via Set Up > Users > Users > Login as selected User, then follow the steps above under Personal Account Tools.

Information About MFA

• Resource Guide/Slides (PDF)
• How Multi-Factor Authentication Works to Protect Account Access (Video)

Trusted Location

By selecting "Trusted Location" the Salesforce Authenticator app will learn safe locations and will prompt you less. For example, while in your office or at home. You then only have to quickly unlock your phone to verify, or in the case of Lightning Login, click approve once to enter your password.

Lightning Login

When using MFA initially, you may be prompted to enroll in Lightning Login. Lightning Login allows the Salesforce Authenticator app to act as you password instead of you needing to remember or type in your password when logging in.

If you enroll, you will only need to enter your email to login on the Salesforce website. Then you will be prompted twice via the Authenticator app. Once for the password, then again for MFA. If you have enable location in Salesforce and indicated trusted locations, the Salesforce Authenticator app will only prompt you once for password as the MFA won’t be regularly needed at a trusted location.

If you do not want to enroll, DO NOT CLICK the blue button. Instead, click "Never Show Me This Message Again". 

If you do enroll, you just have to type in your email and you can select "Remember Me" and your email will be present next time you log in.

To enroll or cancel Lightning Login, on a desktop browser, log into Salesforce, then go to Profile > Settings > Advanced User Details > Lightning Login.