Just download the Salesforce Authenticator from the App Store/Google Play, install, open and click the „Add Account“ button. It will tell you two words you will enter into the dialog, confirm on both sides and you are good to go. Don’t want another app? But maybe you don’t want to install another app for 2FA/MFA.
Full Answer
How do I set up Salesforce authenticator on a mobile device?
Download and install the Salesforce Authenticator app for the type of mobile device you use. For iPhone, get the app from the App Store. For Android devices, get the app from Google Play. From your personal settings, in the Quick Find box, enter Advanced User Details, then select Advanced User Details. No results?
What is multi-factor authentication (MFA) in Salesforce?
Multi-factor authentication (MFA) is a great way to do just that. MFA adds an extra layer of security to Salesforce by requiring you to enter two or more pieces of evidence about your identity—or factors—each time you log in. The first factor is something you know, like your username and password combination.
How does Salesforce authenticator work when the device is offline?
The Salesforce Authenticator mobile app requires a data connection to authenticate via push notifications or location-based automated verification. If a user's mobile device is offline, however, users can still authenticate using one of the unique, time-based one-time password (TOTP) codes that the app continually generates.
Can I use Salesforce for MFA instead of SSO?
You can use your SSO provider’s MFA service. Or, for products that are built on the Salesforce Platform, you can use the free MFA functionality provided in Salesforce instead of enabling MFA at the SSO level. See how MFA works and why it’s a critical piece of your defense-in-depth strategy.
Why is multifactor authentication important?
Multi-factor authentication (or MFA) adds an extra layer of protection against threats like phishing attacks, increasing security for your business and your customers.
What is Salesforce MFA?
Salesforce offers simple, innovative MFA solutions that provide a balance between strong security and user convenience. Salesforce products support several types of strong verification methods to satisfy your business and user requirements.
What is Salesforce security key?
Security keys are a great solution if mobile devices aren’t an option for your users. Salesforce supports USB, Lightning, and NFC keys that support the WebAuthn or U2F standards, including Yubico’s YubiKeyTM and Google’s TitanTM Security Key.
What is MFA verification?
MFA requires a user to validate their identity with two or more forms of evidence — or factors — when they log in. One factor is something the user knows, such as their username and password combination. Other factors are verification methods that the user has in their possession.
Management view
Obviously management is the first one to make any decision and communicate it properly inside the organisation. From my point of view they need to decide only on one thing – what is the form of MFA they want to support, as there are multiple of them:
Admins view
Management decided, you „just“ need to enable it. Go to profile (s), change the „Session Security Level Required at Login“ to High Assurance or check the „Multi-Factor Authentication for User Interface Logins“.
Users view
Ok, admin enabled something new, you missed all the communication around it and now are stuck at this nice page after you entered your name and password.
Shared Users
I know I know. It isn’t contractually allowed and no-one share one user with multiple people, but you might need it. Actually a lot of partners do this because the customer cannot provision user licence for every member of the team on production especially as they normally don’t need it. But with MFA enforced we need to find a way out.
MFA Essentials
MFA is an effective way to increase protection for user accounts against common threats like phishing attacks, credential stuffing, and account takeovers. It adds another layer of security to your login process by requiring users to enter two or more pieces of evidence — or factors — to prove they’re who they say they are.
Requirement to Enable MFA
Beginning February 1, 2022, Salesforce will require customers to use MFA in order to access Salesforce products. All internal users who log in to Salesforce products (including partner solutions) through the user interface must use MFA for every login.
Scope of the MFA Requirement
Customers can satisfy the MFA requirement by enabling MFA for all internal users who log in to Salesforce products (including partner solutions) through the user interface. See the following tables for full details about how user types, login types, and environments are affected by the requirement.
MFA for SSO Logins to Salesforce Products
On its own, SSO doesn’t satisfy the MFA requirement. With a well-implemented SSO strategy, you can reduce some of the risks associated with weak or reused passwords, and make it easier for your users to log in to frequently used applications.
Verification Methods for MFA
Let’s start with verification methods that don’t satisfy the requirement, whether you’re using your SSO identity provider’s MFA services or Salesforce’s MFA for direct logins.
MFA User Experience
After MFA is enabled for user interface logins, each user must have at least one registered verification method before they can log in. The registration process connects a method to the user's Salesforce account. Users can register methods at any time.
Roll Out MFA
We have several cross-product resources to help you learn how to prepare for and roll out MFA, including: