What is Multi-Factor Authentication? Why is this important for your salesforce org?
In today's world, it is important to care about security since sensitive information such as addresses, credit/debit card details and other information are entered online and pose a serious security threat. In order to overcome these threats, data security is a common practice to protect digital information from unauthorized access, corruption or theft. Salesforce is no exception to the security threats and hence implement a range of security features in order to protect users from credential stuffing and account takeovers.
Multi Factor Authentication (MFA) is an important security feature available in Salesforce which adds an extra protection layer against threats like phishing attacks, DDOS attacks, increasing security for your business and your customers.
You can use the free multi-factor authentication (MFA) service included in Salesforce for
Single Sign On (SSO) configurations if you are using Salesforce as your identity provider.
Other identity providers such as could also be used to provide multi-factor authentication.
In this article, we discuss what is Multi-factor Authentication and the advantages and disadvantages of using this authentication..
What is Multi-factor Authentication?
Why is MFA important for your Salesforce org?
2. Authenticator Mobile App - A fast, frictionless solution such as authenticator mobile apps makes MFA verification easy and via push
notifications that can be integrated into your salesforce login process. Using a mobile app such as a
Salesforce mobile app or third party mobile apps (Google Authenticator, Microsoft Authenticator, Authy) would generate temporary codes based on when the user first registered and provide a better user
experience while providing increased security.
3. Security Keys - Security keys are provided by small physical devices which generate unique codes and are easy to use.
They require no software to be installed. Security key devices are a great option to use if the users do not
have access to email or mobile apps. Salesforce supports USB Lightning and NFC keys that support the
WebAuth or U2F standards including Yubico's Yubikey and Google's Titan Security Key.
4. Built-in Authenticator - Built-in authenticators use built in device authentication services such as
fingerprint scanner or facial recognition scan, or iris or a PIN or password. This service allows users to
access Salesforce after their identity is verified via the device authentication service such as Window Hello, Touch ID, Face ID, etc.
Let's discuss advantages and disadvantages for using multi-factor authentication:
Advantages of Multi-factor Authentication:
Let's take a look at some of the advantages of Multi-factor authentication for organizations:
Protection from Cyber Attacks - Multi-factor authentication (MFA) is known for supporting strong additional defense in creating a complex process for unauthorized persons to access data or network. Implementing a strong MFA solution secures information and IT resources saving time and costs. Brute force attacks such as identity theft, account spoofing and phishing could prevent increasing trust and security for users to access data or network.
Legal Compliance - Data regulation is required in small, medium and large organizations to meet IT Compliance standards. However, data regulation is becoming a very rigorous and time taking problem where significant compliance issues need to be addressed by data administrators and security professionals. MFA can be used to comply with some of the Legal and IT compliance requirements with additional supervision for some industries and jurisdictions.
Regulatory Compliance - Multi-factor authentication is essential to provide strong authentication conditions of PSD2 for Strong Customer Authentication (SCA) regulations. MFA can provide organizations to comply with their industry regulations to gain customer confidence and growth.
Protection from Cyber Attacks - Multi-factor authentication (MFA) is known for supporting strong additional defense in creating a complex process for unauthorized persons to access data or network. Implementing a strong MFA solution secures information and IT resources saving time and costs. Brute force attacks such as identity theft, account spoofing and phishing could prevent increasing trust and security for users to access data or network.
Legal Compliance - Data regulation is required in small, medium and large organizations to meet IT Compliance standards. However, data regulation is becoming a very rigorous and time taking problem where significant compliance issues need to be addressed by data administrators and security professionals. MFA can be used to comply with some of the Legal and IT compliance requirements with additional supervision for some industries and jurisdictions.
Regulatory Compliance - Multi-factor authentication is essential to provide strong authentication conditions of PSD2 for Strong Customer Authentication (SCA) regulations. MFA can provide organizations to comply with their industry regulations to gain customer confidence and growth.
Disadvantages of Multi-factor Authentication:
Multi-factor is a strong security feature which reduces the likelihood of virtual attacks attempting to gain unauthorized access to sensitive information and is very beneficial for securing users who use weaker passwords. However, there are some disadvantages of adopting this authentication for organizations as shown below:
Locks out users out of the application or account - If a user is unable to access verification methods, he/she will be locked out of the account and will gain access to data in Salesforce. The data administrator should always plan an alternate method or steady backup for the user to gain access in another way.
Takes longer to verify a user - MFA usually takes longer to verify a user since it requires two or more types of authentication process which takes longer than a single authentication process. Sometimes the installation of these additional authentication methods are tedious and time consuming too.
MFA is not free - MFA cannot be installed without the support of external vendors who provide mobile apps or security keys, etc. Hence, there is additional cost involved for organizations to implement multi-factor authentication.
Cumbersome task - Some users can discover that using multiple sources for authorisation can be a tedious process. They can be reluctant in activating additional authentication methods on their accounts. Users can bypass the multi-factor authentication by not activating the MFA each time they log in.
Third party reliance - MFA requires integration with several services including SMS for sending verification codes. Users have no control over these third party services, however, they would need to access their structure to gain access to data in Salesforce.
Effective from 1st February 2023, Salesforce customers are contractually obligated to use Multi-factor Authentication to access Salesforce products. To help customers, salesforce will automatically enable MFA for users who log in directly to Salesforce. Data Administrators would still have the option to disable MFA if the users are not ready yet. However, auto enablement and enforcement of MFA will come into effect where admins would no longer be able to control and disable MFA going forward.
Lets takes a look at how to enable MFA in Salesforce org:
Navigate -> Setup -> Session Settings -> add the Multi-factor Authentication to the right column -> click Save.
Go to Setup -> Permission Sets -> click New -> enter the Permission Set name -> click Save button.
Find System Permissions in the System section -> click Edit -> enable the “Multi-Factor Authentication for User Interface Logins” checkbox -> click Save.
Assign the permission set to relevant users.
Once the Salesforce MFA is set up, the organizations can be assured that better security practices are in place to protect users data, compliance requirements are met and to gain customer trust and confidence to scale business.
Locks out users out of the application or account - If a user is unable to access verification methods, he/she will be locked out of the account and will gain access to data in Salesforce. The data administrator should always plan an alternate method or steady backup for the user to gain access in another way.
Takes longer to verify a user - MFA usually takes longer to verify a user since it requires two or more types of authentication process which takes longer than a single authentication process. Sometimes the installation of these additional authentication methods are tedious and time consuming too.
MFA is not free - MFA cannot be installed without the support of external vendors who provide mobile apps or security keys, etc. Hence, there is additional cost involved for organizations to implement multi-factor authentication.
Cumbersome task - Some users can discover that using multiple sources for authorisation can be a tedious process. They can be reluctant in activating additional authentication methods on their accounts. Users can bypass the multi-factor authentication by not activating the MFA each time they log in.
Third party reliance - MFA requires integration with several services including SMS for sending verification codes. Users have no control over these third party services, however, they would need to access their structure to gain access to data in Salesforce.
Navigate -> Setup -> Session Settings -> add the Multi-factor Authentication to the right column -> click Save.
Go to Setup -> Permission Sets -> click New -> enter the Permission Set name -> click Save button.
Find System Permissions in the System section -> click Edit -> enable the “Multi-Factor Authentication for User Interface Logins” checkbox -> click Save.
Assign the permission set to relevant users.
Comments
Post a Comment