29 Jan How To: Turn on MFA in Salesforce
What is MFA?
MFA (Multi-Factor Authentication) is a security process that requires a user to present two or more pieces of evidence (i.e. factors) to verify their identity. This helps to prevent unauthorized access to sensitive information or systems. MFA is sometimes also referred to as 2FA or two-factor authentication.
The two most common types of factors are:
- Something the user knows (e.g. password, security questions)
- Something the user has (e.g. smart phone, security token)
- Something the user is (e.g. fingerprint, facial recognition)
Why use MFA:
- Adds an extra layer of security: Requiring multiple authentication factors makes it harder for attackers to gain access to sensitive information.
- Protects against password breaches: Passwords can be easily stolen or hacked, but MFA helps to protect against unauthorized access even if a password is compromised.
- Protects against social engineering: Attackers may try to trick a user into giving up their password, but with MFA in place, they would also need access to the secondary authentication device.
- Compliance: MFA may be required by industry regulations, such as HIPAA or PCI, for handling sensitive data.
Overall, using MFA helps to protect sensitive information and systems from unauthorized access, and provides a higher level of security for users and organizations.
How do I turn on MFA in Salesforce?
To turn on MFA (Multi-Factor Authentication) in Salesforce, follow these steps:
- Login to your Salesforce account as an admin.
- Go to the “Setup” menu in the top right corner.
- In the Quick Find box, type “User” and select “Users”.
- Find the user who needs MFA enabled and click on their name.
- Scroll down to the “Multi-Factor Authentication” section.
- Enable the toggle switch for “Multi-Factor Authentication”.
- Assign a device to the user (if not done already).
- Click “Save”.
MFA will now be enabled for that user, requiring them to use a secondary authentication device in addition to their username and password to access their Salesforce account.