Salesforce Update - Multi-Factor Authentication

Thursday, April 8, 2021

Multi-Factor Authentication (MFA), a subset to two-step verification, increases security for user accounts and protects against common cyber threats such as phishing attacks and account takeovers. MFA also distinguishes users who are accessing connected apps or viewing reports.


With the digital landscape constantly evolving, the threat of attacks on digital platforms is increasing. MFA adds an extra level of security to protect data and safeguard confidential reports, by requesting users to verify their identity through a second verification type, in the form of a physical process. For example, users are provided codes from authenticator apps or can use a security key to verify identity. Passwords and Usernames alone do not provide enough security against potential cyber-attacks; however, with MFA,it is much harder for a scammer to gain admittance to databases without access to the physical verification process.  


Salesforce is offering advanced MFA solutions to protect databases against potential attacks. As a world-leading cloud platform, Salesforce insists on protecting data, finding the perfect balance between strong security and user convenience. The platform also provides users with valuable recourses once MFA is implemented, including insights for monitoring usage and one-time verification codes for users who may have forgotten or lost their chosen verification method.

As an added level of security, MFA will request users to provide two levels of verification, before logging in to the Salesforce platform:

1. The first level being account information, such as username and password

2. The second being an added level of physical verification that a user has in their possession- For example, a security key or authenticator app on a mobile device.

As the expectations of Salesforce are often diverse for different users, the platform offers different types of physical verification methods for businesses to choose from. Admin can choose any or all these methods. These include:

Salesforce Authenticator App

The Salesforce Authenticator App is a convenient way for the admin to implement a second verification process. Integrated with the login process,users can download the mobile app and approve access through a push notification. Also, log-in processes through the app are automated, if the user is working from a trusted location.

Third-Party TOTP Authenticator App

Examples of Third-Party Authenticator Apps include Google Authenticator and Microsoft Authenticator. Salesforce can use Third-Party Authenticator Apps to give users Time-based One Time Passwords (TOTP) to grant access to the Salesforce platform. Users will enter the code given during the log-in process, and codes are only valid for 30 seconds.

UTF or Web Authn Security Key

Physical security keys can also be given to users without a mobile device, or for locations that limit mobile usage. Users will connect the security key to the laptop and press the ‘key’ button to confirm identity. For Salesforce and Security Keys to connect, Users will need to use an external supported browser, such as Chrome, to gain access.


Protect your data and safeguard against potential attacks by implementing MFA for your Salesforce database.

As Salesforce Partners, ION can offer guidance and support throughout Salesforce updates.  If you are unsure of how to implement MFA or which Second Verification Type is right for you, Contact ION Today.

Latest News

Talk to us about Financial Transformation

Please complete the form below and a member of our team will get back to you shortly.
Thank you! Your submission has been received!
Oops! We are really sorry but something went wrong while submitting the form.