Metrics and Insights to Help You Boost Login Security

By

As you’ve probably heard, Trust is our #1 value here at Salesforce. We take your data security seriously. That’s why we encourage admins to implement multi-factor authentication (MFA) for your org logins. Multi-factor authentication (MFA) is an effective way to increase protection for user accounts against common threats like phishing attacks, credential stuffing, and account takeovers. In a nutshell, MFA requires users to provide two or more factors upon login to confirm their identity. Typically, these factors are something the user knows, such as a username and password combination, and something the user has, such as a code from an authentication app.

A few months ago, we shared the ways that MFA adds an extra layer of security to your login process. We also introduced the MFA Assistant, your central hub for planning and rolling out MFA to your users. Now, we’re launching additional tools that track user logins in your org, so you can monitor your MFA implementation, spot any login irregularities, and boost your login security.

Get started with Login Metrics

Knowing who’s logging in to your org, and what login methods they’re using, is a basic part of org security. But with multiple users and a variety of login methods, how can you keep track of login activity? Enter Login Metrics. This new tab in the Lightning Usage App displays data on all the logins in your org for the past 7 days and the past 3 months, broken down by login method.

Start by opening the Lightning Usage App from the App Launcher.

The App Launcher menu with Lightning Usage App selected

Then, click the Login Metrics in the left panel of the Lightning Usage App.

Login Metrics tab in Lightning Usage App

The Login Metrics tab shows data for all login methods supported in Salesforce, including Password-Free, single sign-on (SSO), and Username and Password methods, with and without MFA. With Login Metrics, it’s easy to see how many users are logging in with your org’s various identity services. If you’re implementing MFA, review these metrics to see if any users are still logging in with non-MFA methods.

For example, these charts from Login Metrics display data for logins with username and password, both with and without MFA.

Charts for daily logins with username and password for last 7 days and last 3 months

Daily logins with username and password for the last 7 days and the last 3 months.

Charts for daily logins with username, password, and MFA for last 7 days and last 3 months

Daily logins with username, password, and MFA for the last 7 days and the last 3 months. If no users have logged in with a given method during the specified time, the chart displays no data.

Fine-tune your MFA implementation with Salesforce Optimizer

With Login Metrics, you know how many users are logging in with your org’s various identity services. But what if you’re rolling out MFA in your org and your metrics show that some users are still logging in with non-MFA methods? Maybe some non-MFA login methods are still enabled in your org. In Salesforce Optimizer, you can identify the users who are logging in without MFA, and then take actions to enable MFA for all users.

The Salesforce Optimizer app, introduced in Summer ’20, provides an interactive way for you to review and maintain your org’s functionality. You can launch Salesforce Optimizer from the Login Metrics tab in the Lightning Usage App.

Login Metrics tab header with links to actions; the link for Open Salesforce Optimizer is selected

Launch Salesforce Optimizer from the link on the Login Metrics tab in the Lightning Usage App.

If you’ve never run Salesforce Optimizer before, click Run Optimizer to generate data for your org. Then, click Multi-Factor Authentication Adoption to view MFA data.

List of results in Salesforce Optimizer, with Multi-Factor Authentication Adoption feature selected

Click on Multi-Factor Authentication Adoption to view the data.

The Results section of the Multi-Factor Authentication Adoption feature shows you how many users have not logged in using MFA for the past 30 days (1). The Data List shows a list of user names, each user’s profile type, and the number of days since they’ve logged in with MFA (2). Based on this data, Salesforce Optimizer recommends actions you can take to encourage MFA adoption, and gives an estimate of how much time you’ll need for those tasks (3). Lastly, a list of links offers help for your MFA implementation (4).

The Multi-Factor Authentication Adoption page in Salesforce Optimizer; the page has four sections including Results, Data List, Recommendation, and Help.

With this data, you can find users who may have been missed in your MFA implementation. You can also use this information to strengthen your org’s overall security. If you find users who haven’t logged in for a while, that could mean they no longer need access to Salesforce. And, if you see a number of users with a System Administrator profile, it might be time to reassess their permissions. Salesforce considers any user with the Modify All Data and Customize Application permissions to be an admin. For org security, it’s always best to limit those powerful permissions to the smallest number of people necessary.

With the data from Login Metrics and Multi-Factor Authentication Adoption, you’ve got the tools you need to keep track of user logins and ensure your org security meets the highest standard.

Resources

Enhanced Personal Information Management

Protect User PII Data with Enhanced Personal Information Management

In the Winter ’22 Release, we’ll roll out the ability to prevent external users, such as portal or partner users, from viewing personal information in your user records by enabling the Enhanced Personal Information Management permission. This permission replaces the less-configurable Hide Personal Information setting, which will be retired in the Winter ’23 Release. So, […]

READ MORE
Astro and Cloudy on a mountain next to text that says "#4 Security Center Enhancements."

Learn MOAR in Winter ’22 with Security Center Enhancements 🔒

Follow and complete a Learn MOAR Winter ’22 trailmix for admins or developers by October 31 to earn a special community badge and enter for a chance to win one of five $200 USD Salesforce Certification vouchers. Restrictions apply. Learn how to participate and review the Official Rules by visiting the Trailhead Quests page. Security […]

READ MORE
Astro and Cloudy on a mountain next to text that says "#2 Restriction Rules."

Learn MOAR in Winter ’22 with Restriction Rules 🚫

Follow and complete a Learn MOAR Winter ’22 trailmix for admins or developers by October 31 to earn a special community badge and enter for a chance to win one of five $200 USD Salesforce Certification vouchers. Restrictions apply. Learn how to participate and review the Official Rules by visiting the Trailhead Quests page. Introducing […]

READ MORE

Have an Idea for a Story?

We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?

SHARE YOUR IDEA