From social media to the working world, it is extremely likely that you are entering a username and password to log into most of your accounts. This seems secure enough, right? Unfortunately, as technology gets increasingly advanced, so are the methods that hackers are using to steal information and data. This is exactly the reasoning behind the rise of multi-factor authentication (MFA), which utilizes multiple steps rather than just a username and password. Salesforce will be requiring all orgs to transition to MFA in February 2022 with hopes of producing a setting with increased data security.
What is MFA?
Multi-factor authentication (MFA) is a multiple-step process that protects information upon login by verifying a person’s identity, which is done through two major components. The first component is a general login with information that the user can input, such as a username and password. The second is the additional step of physical verification, such as a mobile app where the user can confirm their identity through authentication. This translates to Salesforce, as the Salesforce login will still be used per usual, but the user will now be required to verify their identity through the use of MFA.
Methods of Verification
MFA requires an alternative form of verification in addition to a general login, and there are multiple ways in which a user can physically verify their identity.
Salesforce Authenticator is a free mobile app that can easily be linked to your existing Salesforce account. It relays the information of the action being requested, who is requesting, the service (Salesforce), the device, and the location. This Salesforce application ensures that your information will stay safe through the MFA process.
Third-party authenticators, such as Google Authenticator or Authy, generate a time-based one-time password (TOTP) that the user can enter while logging into Salesforce. This idea of a TOTP produces a secure login, as the given password will expire after a certain amount of time.
A security key is a physical device that the user must connect into their computer and press a button in order to verify. Although many users will prefer mobile authenticators, this option is optimal for those who may not necessarily have access to a mobile device.
Steps for Implementation
- Choose the methods of verification that best fit your business. Salesforce does not restrict users to one verification method, so you can select what meets your org’s needs.
- Manage users, roles, and permissions in Salesforce to determine how many users will be utilizing MFA. This will give you an idea of how involved the switch to MFA will be, so you can be prepared to implement MFA on a large scale.
- Plan how the MFA implementation will be carried out and how the experience can be improved for users. It is recommended to do a test run on a smaller group in order to fix any problems that may have arisen.
- Train your support team to handle issues and maintain MFA. As with all technology, it is guaranteed that the MFA system will not be perfect, and a well-trained team can swiftly fix these problems.
- Inform users of verification methods and enable MFA for user logins. You want your users to feel prepared for the MFA roll out, therefore giving them information in advance will be extremely helpful.
- Ensure that users can register for and login with MFA, ensuring that any problems or difficulties are resolved.
- Monitor feedback, track MFA usage, and perform MFA maintenance and upkeep when necessary. Feedback and usage metrics will be important in ensuring that your MFA system is successful.
Timeline to Launch MFA
The timeline below is a suggestion for when to conduct the MFA rollout and the steps that the process can be broken into. We recommend that the switch to MFA takes place over the course of 4-5 months, with the February 2022 deadline kept in mind. Once the rollout is completed, your org should be consistently maintaining the system and collecting feedback and data to make improvements in the future.
Best Practices
It may seem stressful to make these changes, especially if you have never been exposed to MFA. In order to have a successful shift to the MFA system, we recommend doing the following throughout the process:
- Make sure to do a test run before all users have access to MFA. This will help in recognizing and solving problems before the final rollout.
- Encourage users to give feedback, as this information will be useful in making adjustments and improvements.
- Monitor the usage metrics of MFA in order to keep users’ data secure.
- Make sure the support team is up-to-date on the latest updates and practices in order to easily fix bugs within the system.
Need help implementing MFA or putting a plan together? We’re here to help. Fill out the form to your right and we’re happy to set up a time to discuss.