MFA for Salesforce Users: How To

MFA (Multi-factor Authentication) is a security control that requires users to verify their identities by providing multiple pieces of evidence before gaining access to a device or application.

The difference between MFA and 2FA is that two-factor authentication always utilizes two factors to verify the user’s identity. Multi-factor authentication could involve two or more factors to verify the user’s identity. “Multi-factor” just means any number of factors greater than one.

Why is authentication important?
Authentication is important because it enables organizations to keep their networks secure by permitting only authenticated users (or processes) to access its protected resources, which may include computer systems, networks, databases, websites, and other network-based applications or services.

Why MFA or 2FA?

Sometimes MFA/2FA needs to be enabled for Salesforce® user accounts that need to be able to authenticate from multiple devices.

Luckily, it’s easy as long as you plan ahead and save the necessary information when first connecting.

These instructions are for a one-time password generator app, NOT Salesforce Authenticator. The two apps that were used for the screenshots in these instructions were Authy (on iOS, also available for Android) and Authenticator (a Chrome extension). Both are free and readily available, but lots of other options are available as well.

Read on for detailed instructions.

Step 1: Getting Your Key

The following instructions are for Salesforce specifically, but you should be able to follow the same basic process for other applications. The important part is to get the manual code (instead of using the QR code) and making sure you save it.

Once you click Connect, you may have to verify your identity via email or another method. Once that’s done, you should get a screen with a QR Code. Click the “I Can’t Scan the QR Code” link at the bottom of the page.

The next screen will give you your key. This is VERY important. This is your only chance to save this value. Copy it and paste it somewhere safe.

You must record the key when you first sign up for MFA. Once you close the window, there’s no way to get that value back. If this happens, you will have to disconnect/unauthorize the current authentication and generate a new key. Any devices authenticated with the previous key will no longer work and will need to be re-authenticated with the new key.

Go ahead and connect to the authenticator of your choice so you can complete the verification process. Otherwise, the code won’t be validated and you’ll have to start over.

Step 2: Connecting to an Authenticator

For Authy on iOS

Click “Add Account.”

Click “Enter key manually.” at the bottom of the screen so you can use the previously generated key.

Use the previously generated key. (Tip: Text or email the key to yourself, so you can copy and paste it in, instead of trying to enter it manually.)

Give the account a name, and you’re done!

You’re now connected. If you’ve previously connected to an authenticator using the same key on another device, this number should match the number on other devices.

For Authenticator Chrome Extension

Click the pencil...

… then + to add a new account.

Click “Manual Entry” so you can type in the previously generated key.

Enter a descriptive name for the Account and the key.

You’re now connected. If you’ve previously connected to an authenticator using the same key on another device, this number should match the number on other devices.

 

Does your company need help with authentication or to roll out an effective Salesforce implementation? Working with an experienced Salesforce Consulting partner – such as Ad Victoriam with a proven history of success – will help your company harness all of the power that Salesforce offers.

To learn how Ad Victoriam Salesforce Consultants can assure that your new Salesforce implementation will be a smooth success, connect with us here.

Subscribe in a reader