Information Security is undoubtedly the most critical aspect of any online business. As cyberattacks are growing, passwords and other safeguards are incapable of providing adequate security against unauthorized account access.
The MFA (Multi-factor authentication) comes as a big boon as it offers an additional layer of protection against security threats like hacking and phishing attacks, that fortifies the security of your enterprise and its customers.
Keeping the same thing in mind, starting from 1st February 2022, Salesforce has made it mandatory for its customers to use Salesforce MFA to access Salesforce products.
MFA is an exceptional security technology that requires users to provide two or more pieces of evidence (factors) to validate their identity while accessing the intended systems. If customers don’t enable MFA, then it will be considered a violation of their contracts with Salesforce.
Salesforce has indeed strengthened the authentication method, which makes it harder for bad actors to access your Salesforce tools and environment.
For example, if a users’ password is stolen, even then the attacker can’t access the Salesforce environment, as he/she will have to hack or guess the code from the user’s authentication application, which is very much unlikely.
Table of Content
- 1 Why is Salesforce requiring MFA?
- 2 What is MFA and how does it work?
- 3 What MFA solutions Salesforce does offer?
- 4 What’s the difference between 2FA and MFA?
- 5 How to enable MFA on Salesforce products?
- 6 Benefits of Salesforce MFA for Businesses
- 7 Challenges of implementation of Salesforce MFA
- 8 Invest and Setup your Salesforce MFA Security Roadmap
- 9 Conclusion
- 10 Let the Ideas Roll!
Why is Salesforce requiring MFA?
For any business, it is extremely important to earn the trust of customers to taste success. Salesforce needs to maintain the confidentiality, availability, and integrity of customers’ data to maintain its reputation.
As the global threat scene is evolving, it is critical for Salesforce to prevent security threats and attacks, which might cripple its business and exploit its consumers.
Hence, as a key component of Salesforce’s security strategy, it has asked its customers to implement MFA to prevent any sort of cyber security.
What is MFA and how does it work?
MFA is a perfect method of enhancing the security of user accounts against several threats like credential stuffing, account takeovers, and phishing attacks. It fortifies the security of your login process by requiring end-users to enter two factors.
One factor could be something that the user knows, such as their login ID and password combination. Whereas the Second factor could be physical security keys, location, biometric data, or the possession of a mobile device.
A most common example of MFA is withdrawing money from a bank ATM, where the ATM card is something that you possess, and the ATM PIN is something you know. If you produce both factors together, you can withdraw money from an ATM.
What MFA solutions Salesforce does offer?
Salesforce offers a simple yet innovative MFA solution, that enables end-users to maintain a perfect balance between user convenience and strong security. Salesforce supports multiple verification methods to meet your enterprise and user requirements.
Salesforce Authenticator Mobile Application
It is a frictionless and fast solution that makes MFA verification seamless via simple push notifications, which integrate into your Salesforce login method. You can use this mobile application in your MFA implementation to enhance security while offering a wonderful user experience.
3rd Party Authenticator Applications
These applications generate temporary codes for authentication based on the OATH TOTP (time-based one-time password) algorithm. We have multiple 3rd party authenticators applications such as Google AuthenticatorTM, Okta, AuthyTM, and Microsoft AuthenticatorTM.
These physical devices are very easy to use as you don’t need to install them and enter any specific code. Security keys are indeed a robust solution if the end-user is not using mobile devices to access the systems.
Salesforce supports NFC, USB, and Lightning keys that support the U2F standards or WebAuthn, including Google’s TitanTM or Yubico’s YubiKeyTM Security Key.
This MFA verification service uses the mobile or desktop device’s built-in authenticator service, such as Touch ID(R), Face ID(R), or Windows HelloTM.
Let’s look at the considerations and benefits for each type of verification method offered by Salesforce products.
|Details||Salesforce Authenticator||3rd Party Authenticator Applications||Security Keys||Built-In Authenticators|
|Introduction||A simple and smart mobile application that enables users to connect with their Salesforce accounts.||Applications generate temporary and unique, verification codes based on the OATH TOTP algorithm.||These are physical devices that use public-key cryptography for user authentication.||These devices validate the identity with the help of iris, fingerprint, and facial scan.|
|Form Factor||Mobile applications for Android and iOS||Applications available in the market that support multiple operating systems||USB, NFC, and Lightning devices that support the U2F and WebAuthn standards||Available through a device’s built-in authenticator service such as Touch ID, Windows Hello, Face ID, etc.|
|User Experience||Sends push notifications* to users’ smartphones for easy and fast access.
It validates the request details in real-time.
Users can deny fraudulent access requests with a tap.
It automates the authentication from trusted sources and locations
It can generate the TOTP codes even if there is no connectivity.
|Wide range of applications to select from.
Connectivity is not required.
|Easy and Fast to use.
Identifies and denies fraudulent access requests.
Connectivity is not required.
Batteries are not required.
|Easy and Fast to use.
No applications are required.
Robust public-key cryptography that is unique to every user’s account.
|Considerations||It requires a smartphone device.||It requires a smartphone device.
Typing errors is very much possible while entering codes manually.
Invalid codes are possible if the smartphone clock is not in sync with Salesforce.
|It requires browser support.
Users could leave the key plugged in or unattended all the time.
Various operational and logistical overhead for purchasing, distributing, and stocking devices to users.
|The device, Browser, and Operating System must support the FIDO2 WebAuthn standard.
Built-in authenticator service must setup and enabled
Associated with a single device.
A supported scanner is needed to perform biometric identification.
|Cost||Free||Free and paid versions||Starts at around $20||The cost could be around $25 for biometric peripherals if required|
What’s the difference between 2FA and MFA?
You must be familiar with the concept of 2FA (two-factor authentication), it is another method to provide adequate protection against unauthorized access attempts by requiring an end-user to provide multiple authentication factors to validate their identity.
The sole difference between 2FA and MFA is the number of factors that are required to log in.
MFA needs the user to provide two or more factors to access the system. It provides options to select multiple combinations of authentication methods. Whereas the 2FA is a subset of MFA that requires only two factors to login.
From February 1, 2022, the following identity verification methods will no longer meet the Salesforce MFA requirements:
- Text Messages (SMS)
- Email Messages
- Phone Calls
If your organization is using 2FA, then most likely you must be using one of the above methods. However, now you must implement MFA to enhance the overall user authentication process.
How to enable MFA on Salesforce products?
You can enable MFA directly on your Salesforce products or utilize your SSO vendor’s MFA service. Salesforce products are equipped with MFA functionality at no extra cost.
If you are both SSO and non-SSO users, then you can use a blend of both options. You can use your SSO vendor’s MFA service, while also enabling MFA for your Admins who don’t use SSO.
Here are the steps to enable MFA on Salesforce products :
- Go to Setup -> Session Settings -> Add the Multi-factor Authentication and then click on Save.
- Go to Setup -> Click on Permission Sets -> click New -> provide the Permission Set name -> then click on Save.
- Go to the System section, find System Permissions -> click on Edit -> enable the “Multi-Factor Authentication for User Interface Logins” checkbox -> then click on Save.
- From here you can assign the Permission set to your users.
Read Also: What is Salesforce CPQ? Pricing and Features
Benefits of Salesforce MFA for Businesses
Your organization can avail of the following benefits by implementing the MFA.
Improved Security and Privacy savings
It ensures a 50% reduction in the risk of security breaches stemming from unauthorized and unwanted access attempts. It also mitigates the risk of the loss of productivity cost to employees resulting from security breach led downtime.
Most online businesses do comply with regulatory compliance regimes, such as CCPA, SOC 2, GDPR, and many more.
These regulatory regimes required the implementation of MFA, and any violation may be fined by these regulatory bodies or may attract lawsuits from your customers or clients. If you implement an MFA, then your organization can certainly avoid such risks.
Avoided Huge Insurance costs
By implementing Salesforce MFA, your organization can keep a tab on cyber insurance premiums. Also, if your organization uses MFA, then insurers will cover them during any lawsuit, resulting in saving of additional legal costs in event of any security breach.
Ease of adoption
Salesforce MFA is easy to use, thanks to its brilliant training content, including Trailhead tutorials and videos.
Avoided brand reputation costs
Usage of Salesforce MFA prevents unquantifiable costs in the form of brand reputation damage in event of any security breach. MFA enhances an organization’s ability to protect user data and enhance trust in the brand.
Challenges of implementation of Salesforce MFA
Implementing robust security and authentication is crucial for any business or organization. However, it requires an adequate budget and other resources to do so.
Here are the common challenges small-medium sized organizations might face while implementing the Salesforce MFA:
Small and Medium businesses often use shared licenses. With the 2FA method, individuals often use shared inboxes to receive validation codes even for other users. However, this is impossible with MFA, and it pushes them to invest more in license costs.
Hardware provisioning Issues
It is necessary to have a smartphone to install a Salesforce Authenticator or any other TOTP-based application. If your organization is not providing its staff with smartphones, then you may face budget and provisioning challenges to acquire and supply phones to them.
You may find it difficult to implement MFA-compliant SSO for users who don’t want to use smartphone-based authentication. You may also face the challenge with your vendors who pass TOTP via a desktop app or browser.
Invest and Setup your Salesforce MFA Security Roadmap
You must initiate your security roadmap to implement the Salesforce Security Roadmap. You might need to allocate additional resources and budget to implement a suitable solution for your business.
However, before going any further, you must ask the below questions :
- What authentication factors you are planning to use?
- What tools can enable you to implement the above authentication factors for your organization?
If you are using Salesforce and have clear answers for the above, then you must proceed with the implementation of MFA in your organization.
It will give you an unprecedented edge ahead of your competitors, and most importantly — your clients and customers will get an assurance to trust you with their confidential and business-critical data.
Salesforce is the biggest CRM player in the world, and it has implemented the MFA to protect its environments from unwanted access and malicious attacks.
As Salesforce is playing a central role in many enterprises across the world, the impact of unauthorized access could jeopardize not only CRM but other environments of these enterprises.
As per Salesforce analysis, the customers who have implemented the MFA can reduce the risk of a security breach by 50%.
It can improve employee productivity and enhance the overall IT operations while preventing an annual cost of $42 per user in licensing costs with MFA from Salesforce itself.
If you haven’t made up your mind to implement the Salesforce MFA and need some assistance to understand its benefits, then please get in touch with our Salesforce consultants, they will certainly help you to onboard your Salesforce MFA journey.
Rakhi Bhojwani works as a Digital Marketing Analyst at Arka Softwares, is a world-leading mobile app and web development company. Her specialties include digital marketing, content marketing, and writing about her experience.