You’ve probably seen the notifications about Salesforce Multi-factor authentication(MFA) and you may have added it to your backlog? The opportunity to get ahead of the game is ending, very soon Salesforce will enable it on your behalf if you don’t take action.
Why are Salesforce doing this?
Trust has always been one of Salesforce’s key values and cyberattacks on business are increasing at a significant rate. Multi-Factor Authentication is a step that can offer an additional layer of protection to your data, keeping your platform and data safe.
What is changing?
Salesforce Multi-Factor Authentication is being automatically enabled on Production Orgs. The change will affect your end users and mean that the way they log in may alter.
Once Multi-Factor Authentication has been enabled users will need to verify their identity with an additional verification method:
- Authenticator App (Apple Store – Google Play)
- Time-based one-time passcode(TOTP) – Google Authenticator, Microsoft Authenticator)
- A Security key.
The traditional method of receiving a OTP via email, phone or SMS will no longer be available as it is vulnerable to interception and spoofing. As MFA requires a login via a single device it means that users will no longer be able to share logins!
Do we have to make this change?
Yes, this help document states it is a contractural requirement to use MFA when accessing Salesforce. There’s a 30-day grace period where users can login without MFA and this starts on the day your org is auto-enabled.
If the 30-day grace period isn’t long enough for you to get users ready for MFA your Salesforce admin can be temporarily deactivated:
- Goto Setup, Quick Find box, enter Identity, and select Identity Verification.
- Deselect the Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org checkbox.
- Save your changes.
This is only a temporary ‘fix’ as Salesforce will continue to role out their MFA enforcement in accordance with this document.
Tell your users!
You have a Change Management (CM) process? This would be a great time to utilise it to get the MFA message out. If you don’t have a CM process you need to let your users know! You could:
- Send an email to all your users and telling them about the changes and if using the Authenticator app include steps to set it up.
- Post in your collaboration tool of choice to let your users know with actions that they need to take
- Floor walk and explain the changes
- Host some lunch and learn sessions.
Want to know more about Salesforce Multi-factor Authentication?
Salesforce have provided a plethora of information, You can read more about it on the Salesforce Trust site. The help document How to roll out MFA gives a full breakdown of the phases you should consider.
Planning on utilising MFA via an app on a mobile phone? Ensure you have a solution for those users who may not be comfortable installing a work based app on their personal mobile!
Seeing a message on your Salesforce login screen telling you that MFA will be enabled on a certain date? Your 30 day countdown has started and you must take action! Received the Spring ’23 update over the weekend of 11-12 Feb? Your grace period will end 13th March!
We are here to help
If you need some help or assistance with your MFA rollout, we are here for you! Please call us +44(0)2071010795, contact us via our website or email us at hello@cloudgalacticos.co.uk
