Multi-Factor Authentication (MFA) is a powerful and secure authentication method to force the users provide multiple security factors in order to prove their identities when they login to the system. Starting with the Spring '23 release, Salesforce will require all the users to use MFA in order to login to Salesforce. All the internal users that are logging in to Salesforce through the user interface must use MFA for every login. There are a few verification methods that satisfy MFA requirements. Salesforce Authenticator is the most popular and most recommended MFA solution.
Read this post to learn more about Multi-Factor Authentication (MFA).
Salesforce Authenticator is a mobile app that can be used for the second verification method to meet the MFA requirements. It is a very strong and secure verification method that you can install both on IOS and Android devices. Moreover, it is completely free and easy to use.
After the user enters their username and password, the user receives a push notification to their mobile device. After tapping the notification, the user can approve or reject the request from the Salesforce Authenticator mobile app.
How To Configure Salesforce Authenticator
2- If you force the users to use Multi-Factor Authentication (through their profile or assigned permission set), they must connect their account as they log in to Salesforce. If they are not required to use MFA, it is still possible to connect Salesforce Authenticator through the personal settings.
Read this post to learn how to enable Multi-Factor Authentication and require users to use MFA.
From the personal settings, click on Advanced User Details. Find App Registration: Salesforce Authenticator, and click Connect.
3- Open the Salesforce Authenticator app on your mobile device and tap Add an Account. The app will generate a unique two word phrase.
4- In your Salesforce browser window, enter the two word phrase and tap Connect.
5- Previous step will send a push notification to your mobile device. Click Connect to confirm the connection between your Salesforce User Account and Salesforce Authenticator.
Whenever you try to login to Salesforce through the UI, you will get a push notification to approve the login. In the approval page, you can see the login details like device and location. Hit the Approve button to confirm the login.
How To Disconnect Salesforce Authenticator
There can be cases that the user doesn't have access to their mobile device. It can be stolen, broken, or the battery can die. In those cases, you will need to disconnect Salesforce Authenticator from the user and configure it again.
In order to disconnect, navigate to the user account, find App Registration: Salesforce Authenticator, and click Disconnect.
After disconnecting, you can connect again by clicking the Connect link and following the steps again.
If Salesforce Authenticator was the only MFA verification method for the user, user must register another method on the next log in to Salesforce.
Using a Different Device
Connected Accounts can be active on only one device at the same time. If you try to connect multiple devices to the same user account, only one of them gets the approval notification. It means that if there are a few people using the same user in Salesforce, only the connected device will get a push notification. Therefore, it is not possible to configure multiple devices to one account. That is the point actually, MFA increases the security and only the real owner of the user account can login to the system.
If you are receiving an approval from a location that you trust, it is possible to switch on "Always verify from here". So the next time you try to login from that location, your request will be approved automatically.
Salesforce Authenticator app needs an internet connection in order to receive the request and send back the answer (approve or deny). However, if you don't have a connection, it is still possible to use the app for the authentication.
Click on the arrow next to the Salesforce account in the mobile app. You will find a time based verification code. Click on "Having Trouble?" on desktop, choose "Use a code from an authenticator app", and enter the verification code that the app generated.