Salesforce: MFA Requirements with SSO

Beginning in February, 2022, Salesforce has mandated the use of multi-factor authentication (MFA) for all users. This is a phased rollout. For Simpplr users, the mandatory change won't take effect until Q1 of 2023. 

If your organization has Single sign-on (SSO) established with your Simpplr intranet, the guidance below will help you meet the MFA requirements put into place by Salesforce. This will ensure your org's intranet and the information within are well protected. However, the upcoming Salesforce MFA requirement will not effect your current SSO solution.

Salesforce has also provided an MFA Roadmap for all customers.

Salesforce MFA Enforcement Roadmap

If you do not have an SSO enabled for your org, we recommend you enable MFA for Salesforce. The following Salesforce Help guide will walk you through the steps required to enable it:

MFA Quick Guide for Salesforce Admins

Your Simpplr rep can also enable MFA for your organization. Contact them for more details.

If your SSO system already uses MFA, there is no need to enable Salesforce's MFA, even though you're using a Salesforce product (Simpplr). We recommend verifying your SSO MFA requirements with your IT team, and that the following recommendations are put in place for your org:

Let’s start with verification methods that don’t satisfy the requirement. These methods are inherently vulnerable to interception, spoofing, and other attacks:

  • Email
  • Text messages
  • Phone calls

If your SSO relies on one of these methods, you may want to enable Salesforce's MFA.

To satisfy Salesforce's MFA requirements, you must use verification methods that are more resistant to cyberattacks (such as phishing and man-in-the- middle attacks). These types of methods help provide high assurance that users accessing Simpplr are who they say they are.

The following methods are approved by Salesforce, and meet the requirement:

  • Salesforce Authenticator mobile app (available on the App store or Google Play)
  • Time-based one-time passcode (TOTP) authenticator apps such as Yubico’s YubiKey™ or Google’s Titan™ Security Key
  • Built-in authenticators, such as Touch ID®, Face ID®, or Windows Hello™

Refer to Verification Methods for Multi-Factor Authentication in Salesforce Help to see the benefits and considerations for each method. 

 

Note:

Your Simpplr instance will need to be on at least the Gorgonio release to put MFA into effect.

 

FAQ

How is Simpplr Impacted?

As a Salesforce partner, Simpplr will be required to enforce this mandate as well. However, our customers will not be impacted (will not be required to implement MFA) until September of 2023.

How am I Impacted?

If you already implemented MFA, either directly with Salesforce or via your Single Sign On (SSO) solution, then you are not impacted. You may be required to update your Salesforce configuration to confirm you have implemented MFA but that will be it. If you have not implemented MFA then you will need to do so. Operationally this means that your end users will be required to confirm their access using at least two factors. One factor will be the user ID and password that they use today. The other factor (or factors) that will be required for sign in will be up to you but may include responding to a text message using a one time code or confirming their identity via a 3rd party application.

What are my options for MFA?

You have several options for implementing MFA. If your current Single Sign On (SSO) provider supports MFA then you could implement MFA via SSO. If you do not currently use SSO or your current SSO does not support MFA then you could either implement an SSO that does support MFA or you could implement MFA directly using Salesforce.

How will Simpplr support me?

Whether you already have a Multi-factor Authentication (MFA) solution in place and just need to update your current Salesforce configuration or you need to implement MFA using your Single Sign On (SSO) provider or you need to swap out SSO providers or you just want to implement MFA using Salesforce, Simpplr can help. Contact the Simpplr Support team. We’ll be happy to discuss what solution is right for you and help you get there.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more