#1MinuteTip With Salesforce mandating Multi-Factor Authentication (MFA) to login to Salesforce in 2023, there are a few types of users who are exempted from this enforcement. This includes:
- System integration login types via the API, Developer Edition and scratch orgs
- User accounts for test automation tools, such as Selenium, Cucumber, or Appium
- User accounts for Robotic Process Automation (RPA) systems
- Users assigned an Employee Community license (that is, a Salesforce Platform license paired with either a Company Community for Lightning Platform permission set license or a legacy Company Community license)
- Logins using a certificate service that requires a PIN before users can select or receive a user certificate (for example, when logging in with a PIV or CAC card)
- Logins using a combination of a trusted device and a trusted network
To ensure that MFA is not enforced for these users, create a permission set enabling the permission “Waive Multi-Factor Authentication for Exempt Users” and assign the above-mentioned users to this permission set.
References & Useful URLs
- Salesforce Help Article – Salesforce Multi-Factor Authentication FAQ
