Which Multi-Factor Authentication Solution Should You Choose for Salesforce?

February 1, 2022, marked the date when Salesforce will require all customers to enable multi-factor authentication to access their accounts. Salesforce becomes the first SaaS provider to mandate the use of MFA for accessing their services. “Customers who don’t enable MFA by February 1, 2022, will be out of compliance with their contractual obligations. We recommend speaking with your legal team to understand the implications of not enabling MFA by the requirement date,” reads the company’s FAQ.

Which MFA option should you use?

Salesforce MFA FAQ is straight forward when it comes to which methods you can and cannot use. In accordance with the company “email messages, text messages, and phone calls” do not satisfy the MFA requirement because “these methods are inherently vulnerable to interception, spoofing, and other attacks.”

To satisfy the MFA requirement, Salesforce says that customers must use verification methods that are more resistant to cyber-attacks, such as:

• Authenticator mobile app
• Time-based one-time passcode (TOTP) authenticator apps installed on smartphones
• Security keys that support WebAuthn or U2F
• Built-in authenticators, such as Windows Hello

Which option should you choose? Mobile MFA seems to be the go-to option, but is it? Are you certain that one MFA solution will satisfy all your user requirements?

Diverse users have varying authentication requirements

The question above is more important than ever before because the work landscape has greatly changed over the past two years. Although remote work was forced as a response to the pandemic, many organizations seem to opt for a hybrid working scheme even post pandemic – employees will have the flexibility to select whether to work in the traditional office or work from a remote “office” of their choice, anywhere in the world.

This level of flexibility has created a new access management landscape as well. Organizations now have to support multiple employee profiles which are not defined only by roles and responsibilities. The diversity in profiles mandates the need to support multiple authentication journeys. This is a factor that needs to be considered when selecting a solution to satisfy the Salesforce MFA requirement. Each employee may follow various authentication journeys during their working day to access their Salesforce account.

For example, Karen who is a sales representative, may access her account while commuting by train through her smartphone. Later, when she is at her office, she may access her Salesforce account using the corporate laptop and network. In addition, she may also need to review her latest status from her home, using her private tablet and Wi-Fi.?

Another example that justifies the need for supporting various authentication methods is John, who is a service engineer providing on-site support and maintenance. John might be working one day at an area with poor mobile reception, while the next day he may be in his office accessing his Salesforce account using his business laptop.

The examples above demonstrate why organizations wishing to comply with the Salesforce MFA requirement should avoid opting for a monolithic approach to MFA. It is therefore important that businesses should support a range of user authentication journeys. To do so, they need to adopt a ‘Discover, Protect, Control’ approach:

• Discover employees’ distinct authentication needs
• Protect data while balancing user experience?
• Control access security to scale with business needs

Thales helps you support multiple user authentication journeys

Thales are best positioned to offer a diverse range of multi-factor and adaptive authentication solutions to access Salesforce tailored to your organization and its requirements. Thales SafeNet Trusted Access supports numerous authentication methods and allows you to leverage authentication schemes already deployed in your organization. The broadest range of authentication methods and form factors supported combined with context-based authentication enhances user convenience and allows you to manage risk by elevating trust only when needed.

To better understand why you need to support multiple user authentication journeys to secure your Salesforce accounts against all possible risk factors, you can download this whitepaper. In addition, Thales has created a fun game to understand how different authentication methods are more suitable for different use cases. You can access the game here and see how many points you score by applying the correct authentication solutions.