How MFA Works
MFA requires a user to validate their identity with two or more forms of evidence — or factors — when they log in. One factor is something the user knows, such as their username and password combination. Other factors are verification methods that the user has in their possession. While there’s a risk that a password may be compromised, it’s highly unlikely that a bad actor can also gain access to a strong verification method like a security key or authentication app.
Salesforce MFA for Direct Logins
Salesforce offers simple, innovative MFA solutions that provide a balance between strong security and user convenience. Salesforce products support several types of strong verification methods to satisfy your business and user requirements.
- Salesforce Authenticator Mobile App: A fast, frictionless solution that makes MFA verification easy via simple push notifications that integrate into your Salesforce login process. Use this app in your MFA implementation to increase security while driving a better user experience.
- Third-Party Authenticator Apps: Authenticate with apps that generate temporary codes based on the OATH time-based one-time password (TOTP) algorithm. There are many apps available, including Google AuthenticatorTM, Microsoft AuthenticatorTM, and AuthyTM.
- Security Keys: These small physical devices are easy to use because there’s nothing to install and no codes to enter. Security keys are a great solution if mobile devices aren’t an option for your users. Salesforce supports USB, Lightning, and NFC keys that support the WebAuthn or U2F standards, including Yubico’s YubiKeyTM and Google’s TitanTM Security Key.
- Built-In Authenticators: Easy MFA verification using a desktop or mobile device’s built-in authenticator service, such as Windows HelloTM, Touch ID(R), or Face ID(R). (Currently available for Heroku, Marketing Cloud-Social, and MuleSoft Anypoint Platform only.)
Learn More About MFA
How MFA Works
Your One-Stop Shop for Salesforce MFA
Introducing the Multi-Factor Authentication Assistant for products built on the Salesforce Platform. It’s your hub for all the recommended steps, tools, and resources to roll out MFA to your users. From evaluating requirements to launching MFA and driving adoption, the Assistant has you covered.
MFA for Your Salesforce Products
Products on the Salesforce Platform
B2C Commerce Cloud
Marketing Cloud-Email, Mobile, & Journeys
MuleSoft Anypoint Platform
Report a Security Concern
As a leading software-as-a-service and platform-as-a-service provider, Salesforce is committed to setting the standard in safeguarding our environment and customers’ data. Partner with us by reporting any security concerns.