How To Configure The Salesforce Authenticator App

How To Configure The Salesforce Authenticator App

Multi-Factor Authentication (MFA) is a powerful and secure authentication method to force the users provide multiple security factors in order to prove their identities when they login to the system. Starting with the Spring '23 release, Salesforce will require all the users to use MFA in order to login to Salesforce. All the internal users that are logging in to Salesforce through the user interface must use MFA for every login. There are a few verification methods that satisfy MFA requirements. Salesforce Authenticator is the most popular and most recommended MFA solution.

Read this post to learn more about Multi-Factor Authentication (MFA).

Salesforce Authenticator

Salesforce Authenticator is a mobile app that can be used for the second verification method to meet the MFA requirements. It is a very strong and secure verification method that you can install both on IOS and Android devices. Moreover, it is completely free and easy to use.

After the user enters their username and password, the user receives a push notification to their mobile device. After tapping the notification, the user can approve or reject the request from the Salesforce Authenticator mobile app.

How To Configure Salesforce Authenticator

1- Download and install Salesforce Authenticator from App Store or Google Play.

2- If you force the users to use Multi-Factor Authentication (through their profile or assigned permission set), they must connect their account as they log in to Salesforce. If they are not required to use MFA, it is still possible to connect Salesforce Authenticator through the personal settings.

Read this post to learn how to enable Multi-Factor Authentication and require users to use MFA.

From the personal settings, click on Advanced User Details. Find App Registration: Salesforce Authenticator, and click Connect.

App Registration

3- Open the Salesforce Authenticator app on your mobile device and tap Add an Account. The app will generate a unique two word phrase.

4- In your Salesforce browser window, enter the two word phrase and tap Connect.

Connect Salesforce Authenticator

5- Previous step will send a push notification to your mobile device. Click Connect to confirm the connection between your Salesforce User Account and Salesforce Authenticator.

Whenever you try to login to Salesforce through the UI, you will get a push notification to approve the login. In the approval page, you can see the login details like device and location. Hit the Approve button to confirm the login.

Approve login from the Salesforce Authenticator app

How To Disconnect Salesforce Authenticator

There can be cases that the user doesn't have access to their mobile device. It can be stolen, broken, or the battery can die. In those cases, you will need to disconnect Salesforce Authenticator from the user and configure it again.

In order to disconnect, navigate to the user account, find App Registration: Salesforce Authenticator, and click Disconnect.

Disconnect Salesforce Authenticator

After disconnecting, you can connect again by clicking the Connect link and following the steps again.

If Salesforce Authenticator was the only MFA verification method for the user, user must register another method on the next log in to Salesforce.

Using a Different Device

Connected Accounts can be active on only one device at the same time. If you try to connect multiple devices to the same user account, only one of them gets the approval notification. It means that if there are a few people using the same user in Salesforce, only the connected device will get a push notification. Therefore, it is not possible to configure multiple devices to one account. That is the point actually, MFA increases the security and only the real owner of the user account can login to the system.

If you are receiving an approval from a location that you trust, it is possible to switch on "Always verify from here". So the next time you try to login from that location, your request will be approved automatically.

Internet Connection

Salesforce Authenticator app needs an internet connection in order to receive the request and send back the answer (approve or deny). However, if you don't have a connection, it is still possible to use the app for the authentication.

Click on the arrow next to the Salesforce account in the mobile app. You will find a time based verification code. Click on "Having Trouble?" on desktop, choose "Use a code from an authenticator app", and enter the verification code that the app generated.

Verification code from the mobile app
Using verification code from Salesforce Authenticator app

6 Comments

  1. {How to Disconnect Salesforce Authenticator.} I bought a new mobile phone. And now the authentication is not working. Paragraph: “”you will need to disconnect Salesforce Authenticator from the user and configure it again.””
    Where is the user account located? 1) in the salesforce authenticator app? 2) on the website https://login.salesforce.com/ Problem: I do not get access either there or here.
    I do not understand where to look for the settings in the image you provided. If possible, please describe in detail.

    • Are you the only admin in the org? This happened to me as well and I asked another admin to disconnect my authenticator (it is on the user level).

  2. The system doesn't really add any value and on top of this it has multiple entry issues and operating difficulties.

    • Your admin needs to disconnect the previous authenticator app, once that is done and you attempt to log in you'll be prompted to select a new authenticator app and should be able to access your instance immediately.

1 Trackback / Pingback

  1. Salesforce Multi-Factor Authentication (MFA) - Salesforce Time

Leave a Reply

Your email address will not be published.


*