Enabling Multi-Factor Authentication (MFA) in Salesforce helps enhance the security of your Salesforce environment by requiring users to provide additional verification beyond their username and password. MFA is a critical component of ensuring data security, meeting industry compliance, and user accountability. Below are the steps to enable MFA, as well as utilizing a Swantide permission set.
Enable MFA
Enabling MFA is an easy process to ensure all users are required to provide an additional verification method in addition to their username and password when logging in to Salesforce orgs. Below are the steps:
Navigate to Setup
In the Quick Find bar, search for Identity
Select Identity Verification
Click the checkbox next to 'Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org'
Swantide Permission Set
For ease of use, Swantide provides customers with a pre-built permission set that requires users to use MFA when logging into Salesforce. The permission set includes settings that requires users to use MFA when signing into Salesforce. The permission set can be found by:
Navigate to Setup
In the Quick Find bar, search for Permission Sets
Click on Permission Sets
Click Multifactor Authentication
By default, no users are assigned to this permission set. To add the Standard User Group, follow the below steps:
Navigate to Setup
In the Quick Find bar, search for Permission Sets
Click on Permission Set Groups
Click on Swantide_Standard_User
Click on Permission Sets in Group
Click Add Permission Set
Click the checkbox next to Multifactor Authentication
Click Add
Click Done
Initial Setup
When MFA is rolled out, all end users will be required to authenticate into Salesforce by providing another identification method outside of your password. The easiest way to accomplish this is by downloading the Salesforce Authenticator app. Once the Authenticator app is downloaded, click Add Account at the very bottom of the App Screen. This will prompt the user to copy the Two Word Phrase and enter it in the browser which invoked the MFA requirement. Once entered, the mobile app will ask to connect Salesforce to the Salesforce Authenticator App. Below is a sample screenshot of what a user will see the first time they log in after requiring MFA.
Steps to Download Salesforce Authenticator:
Reregistering Your Salesforce Authenticator:
If you got a New Phone or no longer have access to your Authenticator Code to log into Salesforce, your Salesforce Admin can follow one of these two steps to get you back into Salesforce.
Option 1: They can "Disconnect" the Salesforce Authenticator App from your User Profile in which the next time you log in, you will be presented to re-initialize your Authentication method with the Authenticator App.
Option 2: They can generate a "Temporary Verification Code" for you.
To get to the User Profile, navigate to Setup > search "User" in the Quick Find. In the User List View, navigate to the User in Scope.