Skip to main content

(DevOps) What is Multi Factor Authentication (MFA)? How to setup MFA in your salesforce org?

 


What is Multi-Factor Authentication? Why is this important for your salesforce org?

 

In today's world, it is important to care about security since sensitive information such as addresses, credit/debit card details and other information are entered online and pose a serious security threat. In order to overcome these threats, data security is a common practice to protect digital information from unauthorized access, corruption or theft. Salesforce is no exception to the security threats and hence implement a range of security features in order to protect users from credential stuffing and account takeovers.

Multi Factor Authentication (MFA) is an important security feature available in Salesforce which adds an extra protection layer against threats like phishing attacks, DDOS attacks, increasing security for your business and your customers. 

        You can use the free multi-factor authentication (MFA) service included in Salesforce for

        Single Sign On (SSO) configurations if you are using Salesforce as your identity provider.

        Other identity providers such as could also be used to provide multi-factor authentication.

In this article, we discuss what is Multi-factor Authentication and the advantages and disadvantages of using this authentication..


What is Multi-factor Authentication?


Why is MFA important for your Salesforce org?


1. One-time Password - One time passwords (OTP) are 4-8 digit codes that you may receive in either a mobile authenticator app,
or email or SMS. With OTPs a new code is generated every time an authentication request is submitted to
login to Salesforce. This new code is generated based on a seed value that is assigned to the user
when they first register as user into Salesforce or it could simply be a counter that is incremented by a
value or time value.

2.  Authenticator Mobile App - A fast, frictionless solution such as authenticator mobile apps makes MFA verification easy and via push

notifications that can be integrated into your salesforce login process. Using a mobile app such as a

Salesforce mobile app or third party mobile apps (Google Authenticator, Microsoft Authenticator, Authy) would generate temporary codes based on when the user first registered and provide a better user

experience while providing increased security.


3. Security Keys - Security keys are provided by small physical devices which generate unique codes and are easy to use.

They require no software to be installed. Security key devices are a great option to use if the users do not

have access to email or mobile apps. Salesforce supports USB Lightning and NFC keys that support the

WebAuth or U2F standards including Yubico's Yubikey and Google's Titan Security Key.


4. Built-in Authenticator - Built-in authenticators use built in device authentication services such as

fingerprint scanner or facial recognition scan, or iris or a PIN or password. This service allows users to

access Salesforce after their identity is verified via the device authentication service such as Window Hello, Touch ID, Face ID, etc.


Let's discuss advantages and disadvantages for using multi-factor authentication:

Advantages of Multi-factor Authentication:

Let's take a look at some of the advantages of Multi-factor authentication for organizations:


  • Protection from Cyber Attacks - Multi-factor authentication (MFA) is known for supporting strong additional defense in creating a complex process for unauthorized persons to access data or network. Implementing a strong MFA solution secures information and IT resources saving time and costs. Brute force attacks such as identity theft, account spoofing and phishing could prevent increasing trust and security for users to access data or network.


  • Legal Compliance - Data regulation is required in small, medium and large organizations to meet IT Compliance standards. However, data regulation is becoming a very rigorous and time taking problem where significant compliance issues need to be addressed by data administrators and security professionals. MFA can be used to comply with some of the Legal and IT compliance requirements with additional supervision for some industries and jurisdictions.

  • Regulatory Compliance - Multi-factor authentication is essential to provide strong authentication conditions of PSD2 for Strong Customer Authentication (SCA) regulations. MFA can provide organizations to comply with their industry regulations to gain customer confidence and growth.


Disadvantages of Multi-factor Authentication:


Multi-factor is a strong security feature which reduces the likelihood of virtual attacks attempting to gain unauthorized access to sensitive information and is very beneficial for securing users who use weaker passwords. However, there are some disadvantages of adopting this authentication for organizations as shown below:

  • Locks out users out of the application or account - If a user is unable to access verification methods, he/she will be locked out of the account and will gain access to data in Salesforce. The data administrator should always plan an alternate method or steady backup for the user to gain access in another way.

  • Takes longer to verify a user - MFA usually takes longer to verify a user since it requires two or more types of authentication process which takes longer than a single authentication process. Sometimes the installation of these additional authentication methods are tedious and time consuming too.

  • MFA is not free - MFA cannot be installed without the support of external vendors who provide mobile apps or security keys, etc. Hence, there is additional cost involved for organizations to implement multi-factor authentication.

  • Cumbersome task - Some users can discover that using multiple sources for authorisation can be a tedious process. They can be reluctant in activating additional authentication methods on their accounts. Users can bypass the multi-factor authentication by not activating the MFA each time they log in.

  • Third party reliance - MFA requires integration with several services including SMS for sending verification codes. Users have no control over these third party services, however, they would need to access their structure to gain access to data in Salesforce.

Effective from 1st February 2023, Salesforce customers are contractually obligated to use Multi-factor Authentication to access Salesforce products. To help customers, salesforce will automatically enable MFA for users who log in directly to Salesforce. Data Administrators would still have the option to disable MFA if the users are not ready yet. However, auto enablement and enforcement of MFA will come into effect where admins would no longer be able to control and disable MFA going forward.


Lets takes  a look at how to enable MFA in Salesforce org:


  1. Navigate -> Setup -> Session Settings -> add the Multi-factor Authentication to the right column -> click Save.


  1. Go to Setup -> Permission Sets -> click New -> enter the Permission Set name -> click Save button.

  2. Find System Permissions in the System section -> click Edit -> enable the “Multi-Factor Authentication for User Interface Logins” checkbox -> click Save.

  1. Assign the permission set to relevant users.

 

Once the Salesforce MFA is set up, the organizations can be assured that better security practices are in place to protect users data, compliance requirements are met and to gain customer trust and confidence to scale business.


Comments

Post a Comment

Popular posts from this blog

How do Sales Engagement Platforms drive Organisation’s revenue?

How do Sales Engagement Platforms drive Organisation’s revenue? Increasingly Sales Engagement platforms are used by organizations to enrich their sales teams with relevant information to improve their performance and increase sales productivity. These software tools help sales teams improve productivity by automating, optimising and analyzing their sales teams outreach and communication efforts. They typically provide a suite of features designed to help sales reps increase their productivity, improve their communication with prospects and customers leading to close more deals. Some common features of sales engagement platforms include: Email automation — Sales engagement platforms allow users to create and send personalized email messages to prospects and customers at scale. This helps sales reps to save time and increase their email response rates. Call automation — Some sales engagement platforms such as Gong, Chorus.io offer the ability to automate outbound phone calls, allowing sa
Post a Comment
Read more

(DevOps) How to select a relevant Application Lifecycle Management (ALM) Salesforce model for your organisation?

  How to select a relevant Application Lifecycle Management Salesforce Model for your organisation ? Salesforce provides many different development tools and process to help meet customer requirements and needs. As many companies use Salesforce and Application Lifecycle management (ALM) processes, Salesforce has introduced three different models to manage ALM process within the organisation as shown below: Change set development Org development Package development From the surface all the above three development models follow the same ALM process. However, the models differ in the way they allow changes to your org and how you manage these changes. Controlling change is a huge deal in software development, and you could choose the development model that best suits your organisation needs and requirements. Firstly, let us understand what is the meaning of ALM for an organisation. Application Lifecycle Management is an integrated system of people, tools and processes that supervise a sof
Post a Comment
Read more

(Ops) Why are organisations adopting PRM in Salesforce?

  Why are organisations adopting PRM in Salesforce? In this article, we focus on what is Partner Relationship Management and why organisations are increasingly adopting PRM solutions. We also discuss advantages and disadvantages of using Salesforce PRM to collaborate with partners. What is Partner Relationship Management (PRM)? The Partner Relationship Management solutions developed in the last 10-15 years is a type of software used by companies to facilitate execution of Channel Sales .  Channel Sales is a simple sales strategy used by companies to leverage the help of third-party vendors to sell your products and services. Channel sales strategies are usually deployed as part of your business growth effort. Channel Sales can help business grow in three key ways: To reach new customers who don't buy directly from the vendor, preferring instead to buy from resellers or ISV's (Independent software vendors). To sell products through third-party market places and managed service p
Post a Comment
Read more