Salesforce: How to Enable Multi-factor Authentication (MFA) in Salesforce

As of the Spring 23' release, Salesforce will be mandating a multi-factor authentication method for logging into your Salesforce (and therefore Simpplr) environment. For more information on the timeline and how this change may effect your SSO configuration, click here

This article will focus on how to set up an MFA for your Salesforce/Simpplr environment and assigning the MFA to your Simpplr users.

As your org's System admin user, from your Salesforce environment that Simpplr is built on:

  1. Navigate to Setup, and in the Quick Find box, type Session Settings and select. Scroll down to the Session Security Levels section and add the Multi-Factor Authentication option to the High Assurance (right) column if not already done. Click Save.
    enable_MFA_1.gif

  2. Back in the Quick Find box, type Permission Sets and select the result. Then click New. Label the Permission Set name as whatever you'd like; we recommend calling it "Multi-Factor_Authentication_Required". Click Save.
    enable_MFA_2.gif
    enable_MFA_3.png

  3. Scroll down to System Permissions in the System section and select. Click Edit and enable the “Multi-Factor Authentication for User Interface Logins” checkbox. Scroll back up and click Save, then Save again.
    enable_MFA_4.gif

  4. Click Manage Assignments, then Add Assignment to assign the Permission set to the appropriate users, i.e., all your active Simpplr users.
    enable_MFA_5.gif

Once you have Salesforce MFA, your users’ data will be protected, and even if the login credentials are stolen, fraudsters still won’t be able to log in because of the additional protection level.

  1. Once you set up the MFA, you need to enable a strong verification method for MFA. Salesforce only supports the below verification methods.
    1. You can use Salesforce Authenticator App.
    2. You can use a third-party authenticator app such as Google Authenticator, Microsoft Authenticator or Authy.
    3. You can use a Security Key such as Yubico's YubiKey or Google's Titan Security Key.

You need to deploy the MFA methods before enabling MFA in your Salesforce Org.

Here is the Salesforce video that provides more details on MFA and how to enable it via the Salesforce authenticator app. Multi-Factor Authentication | Two-factor authentication Salesforce

 

Review the documentation below provided by Salesforce for questions related specifically to your org's situation/requirements. 

If your org already uses SSO and wants to enable Salesforce MFA: Use Your SSO Identity Provider’s MFA Service

If your org uses OKTA as the SSO: Use Your SSO Identity Provider’s MFA Service

For customers who have both SSO and manual login: Once Salesforce enables MFA, only the manual login users need to set the MFA, and you can move the SSO users as high assurance.

You can assign the Waive Multi-Factor Authentication for Exempt Users user permission via a permission set that you apply to exempt users (see instructions above). If you have custom profiles that are limited to exempt users, you can assign the user permission on the profile.

How to change the Authenticator App from one Source to another: Disconnect a User’s Verification Method

 

If you want to test MFA on your Sandbox environment, simply follow the instructions above in the Sandbox.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more