Beginning February 1, 2022, all Salesforce customers will be contractually obligated to enable MFA for their users. However, if you haven’t yet begun to roll-out MFA for your users, don’t panic. Enforcement will begin in May 2022, but it may be later depending on the Salesforce product. Here is our quick guide on Salesforce Multi Factor Authentication to help your nonprofit enable this important security feature.


What is Salesforce Multi Factor Authentication?

Multi Factor Authentication (MFA) is a method of logging into Salesforce that significantly increases the security of your Salesforce instance.

A simple login can be hacked by stealing a password (single factor authentication) and a single use code texted to a phone can be stolen by cloning a SIM card (two factor authentication), but MFA is much more difficult for bad actors to beat.


How does it work?

There are four methods that satisfy Salesforce’s new MFA requirement:

  • The Salesforce Authentication app: This user-friendly app can be downloaded to your phone and makes logging into Salesforce quick and easy. Once you enter your username and password, you will be prompted to enter a short-term six-digit code from the Salesforce Authentication app.
  • Third-Party Authenticator Apps: There are several different options for other Authenticator apps, but each will work similarly – providing a time-based, single use code for logging in. Some options include Google Authenticator, Microsoft Authenticator, and Authy.
  • Physical Security Key: This is a USB stick that must be plugged into a device to log into Salesforce. This can be a good option if your users may not have access to a cell phone while working.
  • Built In Authenticators: These use the biometrics, meaning the physical features, of a user to confirm their identity. Common examples include fingerprint ID and face ID.


Who does the new MFA requirement impact?

MFA is required for all internal Salesforce users. It will not be required for external users who login through the Experience Cloud. Unfortunately, smaller organizations with few Salesforce licenses will likely be most impacted, as it will become much more difficult to share logins among more than one person.

Change can be difficult, and users may feel disrupted by the new requirement at first. However, with a thoughtful and well-planned implementation you can create a seamless transition long before the requirement is enforced. Below are some helpful resources on how you can guide your organization and users through this security upgrade. If you need assistance, please reach out and we will be happy to help.


MFA Quick Guide for Admins
How to Roll Out MFA


Written By: Ryan Beck Turner

Ryan is a certified Admin and Nonprofit Cloud Consultant with ten years experience working for nonprofits in a variety of issue areas.