Welcome to fusionSpan

Resources - The fusionSpan Blog

How To Enable MFA For Your Salesforce Org
By Amine Zerrouki and Manav Kher | November 2, 2021

Beginning February 1, 2022, Salesforce will require customers to enable Multi-Factor Authentication (MFA) in order to access Salesforce products. In our opinion, this is a good move by Salesforce. We always recommend our clients to enable MFA on any and all of their IT systems that will support it.

For those interested in the thought behind Salesforce’s move, “Everything Admins Need to Know About the MFA Requirement” is a good read on the topic.

Therefore, starting next February, you and your staff will need to use some sort of MFA to log in to Salesforce. Luckily, there are several ways to comply with this new requirement. Read on to see a few of the fusionSpan team’s favorite options for meeting this requirement.

What is MFA?

Multi-Factor Authentication (MFA) is an authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism.

MFA is used to protect against hackers by ensuring that digital users are who they say they are. Here is a good blog on the topic.

Authenticator App

Authy LogoThere are multiple authenticator Apps – by Salesforce Authenticator, Google and our favorite Authy. All of them are free and available for both iOS and Android. We like Authy, because it allows you to link multiple apps to a single account, which is helpful when switching devices, while Google/Salesforce have on purpose made switching devices a bit cumbersome.

Using an authenticator App is the most straightforward and convenient way to satisfy the MFA requirement. The drawback is that you will often be asking your staff to download an App on their personal mobile device.

Use An External Identity Provider Okta Logo

If you are an Office 365, Google Workspace or Okta customer, then these services already allow using their service as the identity provider (idP), which means that your users can login into Salesforce using their Office365, Google or Okta login credentials.

This is the approach we favor, it allows your users to: O365 Logo

  • One set of credentials
  • Allows them to login to Salesforce without having to login a second time, as most of your users are likely signed in to O365/Google.
  • You can provision/de-provision users automatically when users are added/removed from O365/Google. Here is a quick guide on how this works with Office 365 and Google
  • Best of all, if you use O365/Google then you satisfy MFA requirements already and don’t need an Authenticator App.

Use A Password Manager 1Password logo

If you want to keep login credentials in Salesforce, instead of using an Authenticator App, your users can also use password manager like 1Password (amongst others). 1Password is a very easy to use password manager that will remember all your passwords and allows for 1-click login to websites. 1Password can also be used for as an authenticator for sites with two-factor authentication.

Since MFA will be mandatory starting in February, it’s important to start planning that migration now. You have to also consider doing this in a Sandbox environment first, getting your users familiar with a new process, and drafting up new documentation so that there is no disruption to your business.

Get in touch with the fusionSpan team for best-in-class solutions regarding your Salesforce Org today!

New call-to-action

Website | + posts

Amine is a tech enthusiast - he holds degrees in Information Systems and chemistry, and admires seamless system integrations & optimized usage of resources. Amine joined the team in January of 2019, and currently serves as the IT Operations Manager for fusionSpan. Supporting multiple teams and clients, he thrives on offering great service and finding simple common-sense solutions to complex problems. Amine was raised with soccer in his blood, as his favorite teams are Real Madrid and Liverpool FC. He also loves coffee and enjoys trying new foods.

+ posts

The official gear-head of fusionSpan. Manav has over 14 years of enterprise software development experience. Previously he spent 7 years in various lead development and architect roles at the National Cancer Institute (NCI). Notably, he contributed to the architecture and development of some of the core components of the caBIG infrastructure, for which he received the NCI caBIG Outstanding Achievement Award.