Tips To Increase MFA Adoption in a Multi-Cloud Environment


You may have seen the announcement we recently made that beginning on February 1, 2022, Salesforce will start requiring all customers to implement multi-factor authentication (MFA). If so, you already know that MFA is one of the easiest, most effective ways to help prevent unauthorized account access and safeguard your Salesforce data. And in case you’re wondering, MFA is available at no extra cost for all Salesforce products.

Now that you’re caught up on the requirement, let’s talk about what that means for you as an admin — and your users. Driving user adoption for MFA may have its own set of challenges for admins with multiple Salesforce products. Since we know that a large portion of Salesforce customers have more than one product, we wanted to offer some suggestions of how to accomplish this exercise in change management. In this post, we’ll focus on the different ways to drive user adoption in a multi-cloud environment.

To enable MFA for direct logins or SSO — that is the question.

Before we dive into user adoption tactics, let’s do a quick overview of your options.

Option 1: Admins can enable MFA within each of their Salesforce products. Doing so will prompt your users to satisfy the MFA challenge each time they log in to one of your products.

Option 2: Many customers may find it easier to connect all of their Salesforce products to single-sign on (SSO), which would allow your users to log in one time, using the SSO interface. Just remember that if you choose to go the SSO route, Salesforce requires customers to also implement MFA for their identity provider.

For complete information about the requirement, visit the Salesforce Multi-Factor Authentication FAQ.

How can admins drive MFA adoption across different Salesforce products?

This may seem obvious, but arguably the most important early decision an admin can make in this process is to choose a verification method that works across all of your products. Verification methods that satisfy the MFA requirement include the Salesforce Authenticator app, standards-based TOTP apps, and security keys (see a more detailed explanation of what those are in our MFA Quick Guide). Once your users are set up with a verification method that works for any Salesforce product (not to mention other platforms you might be using), you remove any potential roadblocks associated with the user login experience.

It’s also important to think about the user experience if you enable MFA for multiple products. By creating a master rollout plan and timeline that combines all of your products, rather than rolling out each one individually, it reduces confusion for users. It’s always best to just dive in rather than postpone portions of the rollout.

Once you’ve selected your verification method(s) and your rollout plan is ready, a great way to drive MFA adoption is to run employee awareness campaigns. These campaigns should clearly communicate the timeline and include all of the change management information your users will need for all impacted products. You can even get creative and host competitions for users to see who can be among the first to use MFA!

Is it important to track user adoption?

Maximizing your visibility with robust reporting can be one of the best tools for driving user adoption. How are you supposed to know if you’re hitting adoption benchmarks if you don’t have accurate reporting?

Luckily, Salesforce offers a variety of ways to track MFA adoption in some of our products. This handy metrics blog post goes into detail about metrics for Salesforce Lightning products, and you can also reference the list below which includes options for tracking adoption in Salesforce Lightning products and Marketing Cloud.

  • Lightning Usage App: Use the Login Metrics tab in the Lightning Usage App to monitor logins in your org. See how many users are logging in with your org’s various identity services, including MFA and SSO.
  • Salesforce Optimizer: In Salesforce Optimizer, you can identify any users who are logging in without MFA, and then take actions to enable MFA for all users.
  • Identity Verification History report: Use Identity Verification History to monitor and audit up to 20,000 records of your org users’ identity verification attempts from the past 6 months.
  • MFA Dashboard (via the AppExchange): A comprehensive dashboard for monitoring, auditing, and reporting on MFA adoption and usage in your Salesforce org.
  • View MFA events in Marketing Cloud: After you enable MFA for your Marketing Cloud tenant, you can review a log of all registration and verification attempts. This log includes enablement and revocation actions and authentication attempts. You can view all events in a tenant.

We’ve given you some good ideas about how to drive MFA adoption for your multi-cloud environment. If you’re still looking for more, check out the Salesforce Admins Podcast with Mat Hamlin about MFA and SSO the next time you’re out for a stroll.

More resources

Looking for more content and resources on security? Check out our Security for Admins page to dive in.

Cloudy in the mountains with a megaphone next to text that says "How MFA Can Save Your Company Money While Reducing Risk."

How MFA Can Save Your Company Money While Reducing Risk

Remember the days when you only had one password? As fondly as we look back on those technologically simpler times, we know now that usernames and passwords are no longer sufficient to protect accounts against unauthorized access. And while everyone knows that multi-factor authentication (MFA) is one of the easiest, most effective ways to help […]

Enhanced Personal Information Management

Protect User PII Data with Enhanced Personal Information Management

In the Winter ’22 Release, we’ll roll out the ability to prevent external users, such as portal or partner users, from viewing personal information in your user records by enabling the Enhanced Personal Information Management permission. This permission replaces the less-configurable Hide Personal Information setting, which will be retired in the Winter ’23 Release. So, […]

Astro and Cloudy on a mountain next to text that says "#4 Security Center Enhancements."

Learn MOAR in Winter ’22 with Security Center Enhancements 🔒

Follow and complete a Learn MOAR Winter ’22 trailmix for admins or developers by October 31 to earn a special community badge and enter for a chance to win one of five $200 USD Salesforce Certification vouchers. Restrictions apply. Learn how to participate and review the Official Rules by visiting the Trailhead Quests page. Security […]


Have an Idea for a Story?

We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?