Salesforce: MFA Requirements with SSO

In January, 2024, Salesforce has mandated the use of multi-factor authentication (MFA) for all users. For Simpplr users, the mandatory change will take effect on January 12.  

If your organization has Single sign-on (SSO) established with your Simpplr intranet, the guidance below will help you meet the MFA requirements put into place by Salesforce. This will ensure your org's intranet and the information within are well protected. However, the upcoming Salesforce MFA requirement will not effect your current SSO solution.

Salesforce has also provided an MFA Roadmap for all customers.

Salesforce MFA Enforcement Roadmap

If you do not have an SSO enabled for your org, we recommend you enable MFA for Salesforce. The following Salesforce Help guide will walk you through the steps required to enable it:

MFA Quick Guide for Salesforce Admins

Your Simpplr rep can also enable MFA for your organization. Contact them for more details.

If your SSO system already uses MFA, there is no need to enable Salesforce's MFA, even though you're using a Salesforce product (Simpplr). We recommend verifying your SSO MFA requirements with your IT team, and that the following recommendations are put in place for your org:

Let’s start with verification methods that don’t satisfy the requirement. These methods are inherently vulnerable to interception, spoofing, and other attacks:

  • Email
  • Text messages
  • Phone calls

If your SSO relies on one of these methods, you may want to enable Salesforce's MFA.

To satisfy Salesforce's MFA requirements, you must use verification methods that are more resistant to cyberattacks (such as phishing and man-in-the- middle attacks). These types of methods help provide high assurance that users accessing Simpplr are who they say they are.

The following methods are approved by Salesforce, and meet the requirement:

  • Salesforce Authenticator mobile app (available on the App store or Google Play)
  • Time-based one-time passcode (TOTP) authenticator apps such as Yubico’s YubiKey™ or Google’s Titan™ Security Key
  • Built-in authenticators, such as Touch ID®, Face ID®, or Windows Hello™

Refer to Verification Methods for Multi-Factor Authentication in Salesforce Help to see the benefits and considerations for each method. 



Your Simpplr instance will need to be on at least the Gorgonio release to put MFA into effect.



Who is affected?

Once MFA is enabled, the impact will vary based on your login method. If you use Standard Login, defined as logging in with a Salesforce username and password via or <your domain>, your experience will differ from those using SSO

How am I Impacted?

Users logging in via SSO: There will be no noticeable changes after the activation of MFA. Salesforce advises implementing MFA directly with your SSO provider.

Users accessing Salesforce through Standard Login: Once MFA is enabled, you will be prompted to set up MFA. This can be done using Salesforce's Authenticator or an alternative of your choice.

For detailed MFA setup options for both SSO and Standard Login, please see the 'What are my options for MFA?' section.

What are my options for MFA?

SSO Users -  If your current Single Sign On (SSO) provider supports MFA then you could implement MFA via SSO.

Standard Login Users - When MFA is enforced, you'll be prompted to set it up the first time you login. Although 'Salesforce Authenticator' is the default, you can select 'Choose Another Verification Method' for alternative authenticators. Below is a screenshot showing the location of this link

Multi-Factor Authentication (MFA) Setup Steps

How is Simpplr Impacted?

As a Salesforce partner, Simpplr will be required to enforce this mandate as well. However, our customers will not be impacted (will not be required to implement MFA) until January of 2024.

How will Simpplr support me?

Whether you already have a Multi-factor Authentication (MFA) solution in place and just need to update your current Salesforce configuration or you need to implement MFA using your Single Sign On (SSO) provider or you need to swap out SSO providers or you just want to implement MFA using Salesforce, Simpplr can help. Contact the Simpplr Support team. We’ll be happy to discuss what solution is right for you and help you get there.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Articles in this section

See more