Editor’s note: This post was updated on July 31, 2023, with the latest information and resources.
Multi-factor authentication (MFA) is one of the easiest and most effective ways to protect user accounts against cybersecurity threats. It’s such an important safeguard that Salesforce made it a contractual requirement to use MFA when accessing Salesforce products. That requirement went into effect on February 1, 2022. And now? MFA auto-enablement for Salesforce orgs is underway! But don’t worry, this post will help you navigate what’s involved so you and your users are prepared.
This change affects how your users log in, so let’s do a quick review of what to expect. If you’ve already satisfied the MFA requirement, thank you! But keep reading because there’s one last consideration that may apply to your org.
The term may be a little ponderous, but the concept is pretty simple. Basically, it’s when Salesforce turns on MFA in a customer’s org on their behalf.
Beyond the basics, we’re going to use the Release Update mechanism–specifically, the MFA Auto-Enablement Release Update–to take this action. When the update goes into effect for an org, it turns on the Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org setting. Hopefully, the setting name is self-explanatory, but to be safe: The setting acts at the org level to enable MFA for all users who log in with their username and password.
Salesforce is applying the MFA Auto-Enablement Release Update for direct logins to all production orgs, even orgs that already satisfy the MFA requirement and those that have single sign-on (SSO) set up for Salesforce access. Why? Because the org-level MFA setting ensures that all direct logins get MFA. And it simplifies ongoing maintenance. Adding new users? Have some users who occasionally bypass SSO and log in directly? You don’t have to remember to enable MFA in these scenarios because the MFA org setting has you covered.
Better security! More peace of mind! But you’d probably like some specifics, so here you go.
If you need more time to prepare for MFA, Salesforce Admins can turn off the MFA org setting after auto-enablement. But this is temporary. Salesforce is enforcing MFA for all customers in the future and at that time the MFA org setting will be re-enabled and the option to turn it off will be removed.
There are several user types and use cases that are exempt from the MFA requirement. Most are automatically excluded from MFA when an org is auto-enabled. But there are a few exempt use cases that must be manually excluded by a Salesforce Admin before the MFA org setting is applied. To see if this step applies to your org–even if you’ve already enabled MFA for your users–take a look at Exclude Exempt Users from MFA in Salesforce Help.
We’re auto-enabling MFA over the course of several releases. Phases 1 and 2 occurred with the Spring ’23 and Summer ’23 releases. For orgs included in phase 3, the MFA Auto-Enablement Release Update was added to your org in Summer ’23 and it will take effect when the Winter ’24 release rolls out.
Is your org included in phase 3? To find out, keep an eye on the Release Updates node in Setup. If you see the MFA Auto-Enablement Release Update now, you know that Salesforce is auto-enabling your org in Winter ’24. (Keep in mind that it can take several weeks after the Summer ’23 release completes for the MFA update to appear on the Release Updates node.)
If you don’t see the MFA update, check back after the Winter ’24 release is finished rolling out. If the MFA update is listed at that time, your org will be auto-enabled in the final phase in Spring ’24.
If MFA isn’t fully implemented for your org yet, you may be inclined to wait and have Salesforce do it for you. But here are a few plusses for doing your own implementation as soon as possible.
Turning on the MFA org setting takes just a few minutes. And the MFA Rollout Pack gives you a treasure trove of templates for communications, training, and user onboarding materials to prepare your users. So why wait?!
And join the conversation anytime in the MFA – Getting Started Trailblazer Community.
Artificial intelligence (AI) is everywhere right now and everyone is talking about it. From having fun with generative imaging to staring in wonder at driverless cars, it seems that AI is popping up all over the place. Salesforce has made a ton of AI announcements with Sales GPT, Service GPT, Slack GPT, and beyond. As […]
As an #AwesomeAdmin, part of your role is managing and maintaining user access. So when multi-factor authentication (MFA) goes into effect for your org–whether you’re turning it on yourself or waiting for Salesforce to auto-enable it for you–it’s important to know how to resolve MFA-related access issues that users may encounter. Access issues typically fall […]
With multi-factor authentication (MFA) auto-enablement for Salesforce orgs on the horizon, you might be wondering how to prepare your users for this change. We’ve got you covered! Busy people aren’t always receptive to change. To hit the right notes with your Salesforce users, share why MFA is a critical security measure and help everyone quickly […]
We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?
