If your organization uses Email-to-Case, this post is for you! Almost one year ago, Salesforce…
A day in the life of a Salesforce Administrator is full of problem-solving, exciting innovations, and solving complex business requirements. But what about the work that might not be top of mind since it’s really not “fun” but is still really important?
For example, I am sure you have been getting the continued notifications from Salesforce about the new requirement to use Multi-Factor Authentication (MFA). It explains if you are not already using MFA, this will be required by February 2022… less than 180 days away, if you can believe it!
We know how daunting it can be to figure out what you need to do exactly to enable MFA, as there are different options depending on how your organization uses Salesforce. So the goal here is to review the key considerations and your options together in this post!
We begin at the top with a quick overview of what MFA and SSO are exactly and go from there…
What is MFA?
MFA (multi-factor authorization) helps protect user accounts from increasingly frequent threats by adding an additional layer of security to your login process. MFA goes beyond two-factor authentication (2FA) by requiring two or more pieces of authentication (factors) for Users to prove their identity and gain access to the system. For more information, check out Salesforce’s detailed help article.
Are You Using SSO? (Single Sign-On)
SSO is an authentication method that allows a user to log in to multiple systems and applications with a single ID and password.
Does your organization use SSO or do you want to use SSO? If so, it is important to understand if your SSO can (or will) authenticate via an external identity provider (IdP) or if Salesforce will be used as the IdP. Next, that IdP must require MFA validation to be in compliance with Salesforce.
Traditional Log-In Access
For any Users that will be logging directly into Salesforce’s login page with a conventional username/password instead of using SSO, which MFA tool will you be asking them to use? There are many options including a physical key or an application such as Salesforce Authenticator, Okta Verify, Microsoft Authenticator, etc.
Many organizations are currently using a login for integration user access, marketing automation platforms, or RPA solutions, so a plan needs to be in place for these scenarios.
Gears’ Recommended Approach
As I mentioned in the intro, every organization uses Salesforce differently and has unique requirements for their business, security needs, etc. That being said, we do have a recommended approach as the foundation of any solution and we would adjust as necessary based on specific needs.
- We recommend that SSO is configured for your Salesforce instance using your external IdP for authentication
- All non-admin Users should be required to log in via SSO and prevented from logging in directly to Salesforce with a traditional username/password combination
- System Administrators will be allowed to log in directly to Salesforce with a username/password combination but will be required to pass MFA validation
- With the upcoming MFA requirement, we recommend that MFA is handled via your IdP (or a preferred 3rd party authenticator) provider prior to authentication to Salesforce
If you’re already ahead of the game with setting up SSO and using an external IdP – good for you! Here’s a quick cheat sheet to follow our recommended approach for your own org.
If you’re not set up with SSO yet, if you want help getting ready for MFA, or if you’d like to talk through your specific use case, we’d love to help! Fill out the form below and a member of our Customer Success team will be in touch soon to set up a time to chat.