Users Exempted from Multi-Factor Authentication (MFA) in Salesforce

#1MinuteTip With Salesforce mandating Multi-Factor Authentication (MFA) to login to Salesforce in 2023, there are a few types of users who are exempted from this enforcement. This includes:

  1. System integration login types via the API, Developer Edition and scratch orgs
  2. User accounts for test automation tools, such as Selenium, Cucumber, or Appium
  3. User accounts for Robotic Process Automation (RPA) systems
  4. Users assigned an Employee Community license (that is, a Salesforce Platform license paired with either a Company Community for Lightning Platform permission set license or a legacy Company Community license)
  5. Logins using a certificate service that requires a PIN before users can select or receive a user certificate (for example, when logging in with a PIV or CAC card)
  6. Logins using a combination of a trusted device and a trusted network

To ensure that MFA is not enforced for these users, create a permission set enabling the permission “Waive Multi-Factor Authentication for Exempt Users” and assign the above-mentioned users to this permission set.

Users Exempted from MFA in Salesforce

References & Useful URLs

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top