Multi-Factor Authentication (MFA) is a powerful method of authentication that enhances security by requiring users to provide multiple factors to prove their identities when logging into a system. One of these factors is something the user knows, such as a username and password. The other factors are verification methods that they possess, like an authentication app on a mobile device or a security key. MFA significantly strengthens the security of user accounts and protects companies’ data against cyberattacks.
Why is MFA important?
Without Multi-Factor Authentication, anyone with the username and password can access the system. However, with MFA, even if bad actors obtain your login credentials, they cannot access the system without your approval through the second verification method, such as an authenticator app. MFA adds an extra layer of security, making it much harder for unauthorized individuals to compromise your Salesforce environment.
Bạn đang xem: Salesforce Multi-Factor Authentication (MFA)
Understanding MFA and 2FA
You may already be familiar with Two-Factor Authentication (2FA) but not with MFA. As the name suggests, MFA requires multiple verification methods, so 2FA is a type of MFA.
Requirement to Enable Multi-Factor Authentication
Starting from February 1, 2022, Salesforce requires all users to use MFA when logging into Salesforce. Internal users accessing Salesforce through the user interface must use MFA for every login. If your Single Sign-On (SSO) system already uses MFA, there is no need to enable Salesforce’s MFA for those users. It is possible to enable Multi-Factor Authentication for specific profiles or individual users.
If you are unsure whether your implementation meets MFA requirements, you can use the MFA Requirement Checker, which guides you through a series of questions to determine if you comply.
Not enabling MFA by February 1, 2022, will result in non-compliance with contractual obligations. If you do not enable MFA for internal users, Salesforce will automatically enable it for users logging in directly to Salesforce products. Eventually, the option to disable MFA will be removed. Meeting this requirement by February 1st is crucial.
MFA Requirements for User Types
Internal users, who have standard user licenses and access the Salesforce org’s user interface, must use MFA when logging in. On the other hand, external users, who can only access Experience sites, e-commerce sites, employee communities, or help portals, do not need to use MFA to log in.
MFA Requirements for Login Types and Authentication Methods
All direct logins to the User Interface, including Salesforce interfaces, mobile apps, and client apps like Data Loader, require the use of Multi-Factor Authentication. However, API and Integration logins are exempt from MFA requirements. This rule applies only to users logging into Salesforce through the UI, whether directly or via SSO.
Enabling MFA for Users
Xem thêm : Top Anime Games for Xbox One
To enable Multi-Factor Authentication for users, you need to navigate to Session Settings in setup and add Multi-Factor Authentication as High Assurance in Session Security Levels.
There are two ways to enable MFA for users:
- Profile Level: Enable MFA for specific profiles.
- Permission Set: Create a permission set and assign it to users.
In both options, make sure to mark the checkbox under System Permissions.
Verification Methods for MFA
Verification Methods That Don’t Satisfy the MFA Requirement
Sending one-time passwords via text messages, emails, or phone calls does not satisfy the Multi-Factor Authentication requirement. Similarly, security questions, trusted devices, trusted networks, or VPNs do not meet the requirements.
Verification Methods That Satisfy the MFA Requirement
If you are using Single Sign-On (SSO), you can use your identity provider’s MFA solution. If you are not using SSO, you can choose from the following supported methods:
- Salesforce Authenticator mobile app (iOS and Android)
- Time-based one-time passcode authenticator (TOTP) apps like Google Authenticator™ or Microsoft Authenticator™
- Physical security keys that support WebAuthn or U2F, such as Yubico’s YubiKey™ or Google’s Titan™ Security Key
- Built-in authenticators like Touch ID®, Face ID®, or Windows Hello™
As MFA requires multiple verification methods, you can register several methods. Salesforce uses the following order if multiple verification methods are set up:
- Salesforce Authenticator
- Built-in Authenticators
- Security Keys
- TOTP Authenticator Apps
For more detailed information about Salesforce Multi-Factor Authentication, you can refer to the Salesforce Multi-Factor Authentication FAQ article.
The Salesforce Authenticator app is a popular and highly recommended MFA solution. You can learn more about this app and see the steps to configure it for your users here.
Xem thêm : How to Turn Off a Samsung Galaxy Without the PIN
To learn more about the MFA enforcement roadmap, you can read this post.
Frequently Asked Questions
Q: What is Multi-Factor Authentication (MFA)?
A: Multi-Factor Authentication is a robust method of authentication that requires users to provide multiple factors to prove their identities when logging into a system.
Q: Why is MFA important?
A: MFA adds an extra layer of security by making it much harder for unauthorized individuals to access your Salesforce environment, even if they have your login credentials.
Q: Are there any exceptions to the MFA requirement?
A: External users, who can only access specific Salesforce sites, do not need to use MFA. Additionally, API and Integration logins are exempt from MFA requirements.
Conclusion
Implementing Multi-Factor Authentication (MFA) is crucial for ensuring the security of your Salesforce environment. By requiring users to provide multiple verification methods, MFA significantly reduces the risk of unauthorized access and protects sensitive data. Make sure to enable MFA for your internal users by February 1, 2022, to comply with Salesforce’s requirements and avoid any potential security breaches. For more information and detailed instructions on enabling MFA, refer to the Salesforce Multi-Factor Authentication FAQ and the Salesforce Authenticator app documentation. Stay one step ahead of cybercriminals by implementing MFA and safeguarding your Salesforce environment.
Nguồn: https://eireview.org
Danh mục: Technology