Editor’s note: This post was updated on June 27, 2024, with the latest information and resources.
Multi-factor authentication (MFA) is one of the easiest and most effective ways to protect user accounts against cybersecurity threats. It’s such an important safeguard that Salesforce made it a contractual requirement to use MFA when accessing Salesforce products. That requirement went into effect on February 1, 2022 and MFA was auto-enabled for existing customers between the Spring ’23 and Spring ’24 releases. And now? MFA is a default part of the direct login process when new production orgs go live. If you’re new to Salesforce, this post will help you navigate what’s involved so you and your users are prepared.
When a new production org goes live, the Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org setting is automatically enabled. Hopefully, the setting name is self-explanatory, but to be safe: The setting acts at the org level to enable MFA for all users who log in with their username and password.
Salesforce applies this setting for all production orgs, even those that have single sign-on (SSO) set up for Salesforce access. Why? Because the org-level MFA setting ensures that all direct logins get MFA. And it simplifies ongoing maintenance. Adding new users? Have some users who occasionally bypass SSO and log in directly? You don’t have to remember to enable MFA in these scenarios because the MFA org setting has you covered.
Better security! More peace of mind! But you’d probably like some specifics, so here you go.
If you need more time to prepare for MFA, Salesforce Admins can temporarily turn off the MFA org setting. But keep in mind that admins will receive in-app warnings until MFA is re-enabled.
As part of your activities to onboard users to your Salesforce org, include a little MFA training. MFA adds a few extra seconds to the login process. To head off resistance, share why MFA is a critical security measure that benefits your company and your customers. Download the free MFA Rollout Pack for customizable templates that you can use for awareness and education.
There are several user types and use cases that are exempt from the MFA requirement. Most are automatically excluded from MFA when an org is auto-enabled. But there are a few exempt use cases that must be manually excluded by a Salesforce Admin. To see if this step applies to your org, take a look at Exclude Exempt Users from MFA in Salesforce Help.
And join the conversation anytime in the MFA – Getting Started Trailblazer Community.
Editor’s note: This post was updated on June 27, 2024, with the latest information and resources. As an #AwesomeAdmin, part of your role is managing and maintaining user access. With multi-factor authentication (MFA) in effect for your org, it’s important to know how to resolve MFA-related access issues that users may encounter. Access issues typically […]
Editor’s note: Effective April 8, 2024, MFA is a default part of the login process for new Salesforce production orgs. If you’re a new Salesforce customer, this blog post provides tips to help ensure your users are ready for MFA when your org goes live. This post was updated on June 27, 2024, with the […]
Winter ’25 is almost here! Learn more about user management and check out Be Release Ready to discover more resources to help you prepare for Winter ’25. We’re continuing to innovate in Setup starting with user access and user management. We have several exciting enhancements in store for Winter ’25–many thanks to your feedback and […]
