MFA ENABLEMENT IN SALESFORCE

The Context:

Multi-factor authentication (MFA) is a powerful secure authentication method that has two steps (or factors) to prove users’ identities when they attempt to log in. The first factor is information known to users, like username and password. The second is a verification method that the user has in their possession, like an authenticator application or a security key. So multi-factor authorization makes it a lot harder for fraudsters to get access to your Salesforce data.?

Approach:

Salesforce has several very convenient and innovative solutions for MFA:

Salesforce Authenticator mobile application

When someone tries to log in to your account, you get a notification on the phone with the details of the activity, such as location, device, user, and service.

If everything looks good and you have no worries – tap the Approve button. If you don’t recognize this activity – tap the Deny button and the login attempt will be blocked.

Third-party time-based one-time passcode (TOTP) authenticator apps.

These apps generate random, temporary verification codes based on the appropriate algorithm. The user gets this code on the phone or email and then they need to type it into a specific field while logging in.

Once Customer registers, when they login below screen is displayed:

Universal Second Factor (U2F) security key.

Instead of entering one-time passwords or using the Salesforce Authenticator application, users can insert their U2F security key into the appropriate port on their computer (usually their USB port) to complete verification.

How to enable MFA in Salesforce

Below are the steps to enable and assign MFA to appropriate users.

• Navigate to Setup -> Session Settings -> add the Multi-factor Authentication to the right column -> click Save.

• Go to Setup -> Permission Sets -> click New -> enter the Permission Set name -> click Save.

• Find System Permissions in the System section -> click Edit -> enable the “Multi-Factor Authentication for User Interface Logins” checkbox -> click Save.
• Assign the Permission set to the appropriate users.

Prepare Your Users for Multi-Factor Authentication

Engage Users with Communication and Promotional Campaigns

• Communicate early and often with your Salesforce users and use multiple channels so that you’re sure to reach everyone. Explain what multi-factor authentication (MFA) is, when you’re launching it, what users must do to be ready, and where they can find instructions and support. Explain why your users should care by reinforcing the idea that MFA is an important safeguard for their accounts, their data, and their customers’ well-being. By establishing these details early in your project, you can head off user resistance and avoid adoption blockers.
• Here are a few ideas for engaging your users.

1. Communication Forum: Create a central place, such as a Slack channel or Chatter group, for announcements, questions and answers, and peer collaboration. This is also a great place to share regular updates on your launch schedule.
2. Marketing Campaigns: Build awareness by running a week-long email campaign that sells users on the value of MFA and provides tips and tricks so they’re ready for your launch day.This is also a great channel for explaining how to register verification methods and log in with MFA.
3. Visual Reminders: Reinforce awareness by putting posters in hallways and break rooms. Develop a theme or catch phrase that engages and empowers users — something like “Security Starts with You!” or “Turn the Lock All the Way With MFA.” Do you have a creative side? Consider ways to make the posters pop with color or eye-catching imagery.

• Train Users on MFA Fundamentals

1. When a user logs in after MFA has been enabled, a series of prompts guide them through the steps to register and use a verification method. But don’t rely on this experience alone. Providing some formal training on MFA fundamentals is important for a successful rollout.
2. There are several training approaches you can take.

a. On-Demand Training: Create resources, such as a video, that users can access on their own time. Or, ask users to complete the User Authentication module in Trailhead.

b. In-Person Training: Set up real-time training opportunities, like webinars or lunch-and-learn sessions.

• Cover these details in your training materials:

1. What MFA is and why it’s important for your company and your customers.
2. The verification methods that you’re supporting in your implementation, and the steps users must take to register them.
3. How to log in using each of verification method that you’re supporting.
4. How long a user’s session stays active after they log in, and how to re-authenticate if their session expires.
5. Where to get help if users have problems registering a method, logging in, or if they forget or lose their verification method.

• Develop Onboarding Materials and Plan Your Launch Day

1. Develop processes and documentation to quickly resolve any problems that users encounter on your launch day.

a. Deflect calls to your support team by creating self-help materials, including troubleshooting information for the most likely problems that users might encounter on your launch day.

b. Plan to hold office hours or to set up a dedicated, onsite help desk for the day. Make sure the people who staff these resources are trained and can access your MFA troubleshooting documentation. If you do a dry run simulating your launch day, the actual event should go more smoothly.

c. Consider establishing an SOS process for execs and business users who need priority help if they run into problems.

?

References:

• https://help.salesforce.com/s/articleView?id=sf.mfa_prepare_users.htm&type=5
• https://help.salesforce.com/s/articleView?id=sf.security_enable_builtin_authenticator.htm&type=5
• https://help.salesforce.com/s/articleView?id=sf.security_register_verification_methods.htm&type=5
• Connect Your Salesforce Account to Salesforce Authenticator
• Register a Built-In Authenticator for Identity Verification
• Register a U2F Security Key for Identity Verification
• Verify Your Identity with a TOTP Authenticator App

Author: Prasant Satpathy

Visit Us:?corp.infogen-labs.com?

Social Media:?Instagram?|?Facebook?|?LinkedIn?|?YouTube?|?Twitter