It's more important than ever to implement strong security measures that protect your business and customers. As threats that compromise user credentials grow more common, usernames and passwords are no longer sufficient safeguards against unauthorized account access. 

 

Multi-factor authentication (or MFA) adds an extra layer of protection against common threats like phishing attacks, credential stuffing, and account takeovers. Implementing MFA is one of the most effective ways your company can increase the security of your Salesforce data. That’s why, beginning February 1, 2022, Salesforce will begin requiring customers to enable MFA in order to access Salesforce products.

How MFA Works

MFA requires a user to validate their identity with two or more forms of evidence or factors when they log in. One factor is something the user knows, such as their username and password combination. Other factors are verification methods that the user has in their possession. While there’s a risk that a password may be compromised, it’s highly unlikely that a bad actor can also gain access to a strong verification method like a security key or authentication app.

MFA Options for Salesforce Customers

Salesforce offers simple, innovative MFA solutions that provide a balance between strong security and user convenience. We support several types of strong verification methods to satisfy all of your business and user requirements.

  • Salesforce Authenticator Mobile App: A fast, frictionless solution that makes MFA verification easy via simple push notifications that integrate into your Salesforce login process. Use this app in your MFA implementation to increase security while driving a better user experience.
  • Third-Party Authenticator Apps: Authenticate with apps that generate temporary codes based on the OATH time-based one-time password (TOTP) algorithm. There are many apps available, including Google Authenticator, Microsoft Authenticator, and Authy.
  • Security Keys: These small physical devices are easy to use because there’s nothing to install and no codes to enter. Security keys are a great solution if mobile devices aren’t an option for your users. Salesforce supports USB, Lightning, and NFC keys that support the WebAuthn or U2F standards, including Yubico’s YubiKey and Google’s Titan Security Key.
Learn More >

Learn More About MFA

How MFA Works

See how MFA works and why it’s a critical piece of your defense-in-depth strategy.
Watch Video >

Admin Guide

Learn the recommended process for implementing and rolling out MFA to your users.
View Guide >

MFA FAQ

Get answers to common questions about MFA for Salesforce, including the MFA requirement.
View FAQ >

MFA for Your Salesforce Products

Video
Launch MFA for Platform

Learn how to enable MFA and how users can register and use Salesforce Authenticator for MFA logins

Watch the Launch MFA Video >
Trailhead
User Authentication

Use Trailhead to learn about securing your org with MFA, SSO, and My Domain

Earn the User Authentication Badge >
One-Pager
MFA for B2C Commerce

Get started with a high-level overview of the steps to enable MFA for B2C Commerce

View the MFA Page for B2C Commerce >
Trailhead
B2C Commerce Roles and Permissions

Use Trailhead to set up users and assign roles and permissions in Business Manager

Earn the B2C Commerce Permissions Badge >
Knowledge Article
MFA for Datorama

Learn how to implement MFA for Datorama users (requires Datorama login)

View the Marketing Cloud Datorama Article >
FAQs
MFA for Datorama FAQ

Get answers to common questions about MFA for Datorama (requires Datorama login)

View the Datorama MFA FAQs >
Video
Launch MFA for Marketing Cloud

Learn how to enable MFA for Marketing Cloud and how users can register and use Salesforce Authenticator for MFA logins

Watch the Marketing Cloud MFA Video >
Salesforce Help
MFA for Marketing Cloud Help

Learn how to set up MFA for Marketing Cloud tenants

View Marketing Cloud MFA Help >
Salesforce Help
MFA for MuleSoft Help

Learn how to implement MFA for Anypoint Platform users

View MuleSoft MFA Help >
Knowledge Article
Enable MFA for your Quip Site

Learn how to implement MFA for Quip Starter, Quip Enterprise, and Quip for Customer 360

View the Quip MFA Help Article >

Report a Security Concern

As a leading software-as-a-service and platform-as-a-service provider, Salesforce is committed to setting the standard in safeguarding our environment and customers’ data. Partner with us by reporting any security concerns.

Report a Concern