Salesforce Multi-Factor Authentication (MFA) FAQs

What is multi-factor authentication (MFA)? 
It's important to implement strong security measures to protect our business, our data, and our customers.

One of the simplest, most effective ways to help prevent unauthorized account access and protect our Salesforce data is through employing multi-factor authentication, or MFA for short. Usernames and passwords alone don’t provide sufficient safeguards against unauthorized account access. MFA adds an extra layer of protection against threats like phishing attacks, credential stuffing, and account takeovers.

MFA enhances the security of the Salesforce login process by requiring users to verify their identity with two or more pieces of evidence (or “factors”) to prove they are who they say they are.  

This additional layer of security will require users to provide two forms of authentication before accessing the system, ensuring that only authorized individuals can log in.

Is multi-factor authentication (MFA) a Riskonnect product solution?  
MFA is not uniquely a Riskonnect product solution but it’s a secure authentication method to gain access to an application. Salesforce MFA is a feature that is enabled by Salesforce to ensure users can authenticate themselves more than just a username and password.

When will MFA be enabled for my user account? 
MFA will be turned on in your orgs in Salesforce Spring '23 (January-February 2023) through Spring '24 (January-February 2024) releases.

How do we know that MFA is turned on and what do we do?  
Users logging into their orgs will be asked to set up an MFA method of their choosing. Users will receive an MFA challenge each time they log in directly with their username/password. The default verification method is the Salesforce Authenticator mobile device application. Other options are third-party authenticator apps, security keys, and built-in authenticators.

When Salesforce turns on MFA for a trading partner org is there a rollback plan?  
We have a rollback plan if there is a customer request to do so. Riskonnect can be notified with the Salesforce Org ID and we can turn the feature off temporarily.

If log in using SSO, does MFA impact me?  
Salesforce will not act on your behalf to enable MFA for your SSO identity provider. Nor does Salesforce have plans to block access to Salesforce products or trigger MFA challenges if your SSO service does not require MFA. According to Salesforce, this policy could change in the future.

When Salesforce enables MFA, is there a temporary option for users to opt-out?  
In general, there is a 30-day grace period that the user can initiate by declining on their first login. After that period, MFA is enabled by Salesforce.

What are the available authenticator apps?  
Salesforce Authenticator and third-party time-based one-time password (TOTP) Authenticator apps such as Google Authenticator, Microsoft Authenticator, or Authy.

How can I download an authenticator app?  
Click here for more detail on using the Salesforce Authenticator App: Download the Salesforce Authenticator Application. You do not have to use the Salesforce Authenticator App and can use any Third-Party Authenticator Application that meets the Salesforce requirements listed here: Third-Party Authenticator Apps.

If I don't have access to Google Play, how can I download an authenticator app?  
For users with no access to the Google Play Store, please use a Third-Party Authenticator Application that meets the Salesforce requirements listed here: Third-Party Authenticator Apps.

Are there instructions on how to set up an authentication app?  
Click here for a video walkthrough on setting up the Salesforce Authenticator Application: How to Use Salesforce Authenticator for MFA Logins.

I have installed the authentication app, but I need assistance with setting it up.  Who do I contact for support?   
Please contact the Riskonnect Support team:  

Will Salesforce permanently enforce MFA and if so, when?  
The projected Salesforce MFA enforcement date can be found here: Multi-Factor Authentication (MFA) Enforcement Roadmap.

 If I have any additional questions who do I contact? 
Please contact the Riskonnect Support team: