Two Factor Authentication in Salesforce

Enable Two Factor Authentication in Salesforce to prevent unauthorized access to your Salesforce Org and add an extra layer of security. Two-Factor Authentication ( a.k.a 2FA ), simply means that after the username/password authentication, user will need to complete one more step before they are authenticated into the application. The idea is that even if someone somehow knows your username & password (phishing attack is one of the common ways get that information), he or she will still not be able to login to the application. The second factor in 2FA can be

  • Something you know (mother’s maiden name, answer to secret question, birthdate etc. )
  • Something you have (a token, a device)
  • Something you are (biometrics – e.g. fingerprint, retina scan)

For the purpose of this blog post we’ll use “Something you have” and the “thing” that you will need to “have” is a smartphone. Follow this step-by-step guide and in less than 30 minutes from now, you will have a more secure Salesforce Org

(To download the PDF version of this presentation, please click here)

The 2FA that we have implemented here is using out of the box, declarative feature of Salesforce – which is using Salesforce Authenticator App. For this to work, users in your organization will need to have a smartphone. If that’s a concern, you can also implement Two-Factor Authentication using Email or SMS. Interested in exploring more about how that’s going to work?

Please refer to the following blog posts on how to send SMS from Salesforce and how to use Login Flow. You can blend these two recipes and come up with your recipe for enabling 2FA using SMS

  1. Step by Step Guide on Sending & Receiving SMS From / In Salesforce
  2. Enable / Disable Users to Login to Salesforce Using Login Flow

References:

Tell me and I forget. Teach me and I remember. Involve me and I learn – Benjamin Franklin