The Salesforce MFA Requirement: Secure Your Applications and Users Before February 2022

Organizations everywhere are expanding access to their applications and systems, making it easier for employees to work from any device or location. While this has been a boon for productivity, it also creates new targets for threat actors. This has resulted in a new urgency for IT and security leaders to prioritize and enhance login security.

That’s why Salesforce, the global CRM leader, announced it will soon require customers to enable multi-factor authentication (MFA), at no additional cost, to access the company’s apps and services.

What makes MFA so important

For most organizations, the rapid expansion of remote systems and networks to enable remote work has multiplied security vulnerabilities. Cybercriminals are increasing their attack efforts with sophisticated tactics to impersonate authorities, steal credentials, and execute data breaches.

MFA is a secure authentication method that requires users to prove their identity by supplying two or more pieces of evidence (or “factors”) when they log in. By tying user access to multiple types of factors, MFA makes it much harder for common threats like phishing attacks and account takeovers to succeed. These include:

• Something you know: typically, your username and password
• Something you have: a factor only you should have access to, such as a keycard, a USB, a code received by text message, or a code from an authentication app like Okta Verify
• Something you are: a biometric verification factor, such as your fingerprint or iris

It takes a combination of factors to reliably verify user identity, especially when they access your applications, networks, or systems from new locations or devices. MFA is simple to set up, quick at verification, and crucial to preventing cybercrime. Even if a user’s password is stolen, the odds are low that an attacker can guess or impersonate a factor that a user physically possesses.

What you need to do before February 1, 2022

Do your Salesforce products already have SSO enabled through your provider? Are your users already required to use MFA? If so, you meet the MFA requirement and don’t need to take action.

If you don’t have SSO enabled or require users to use MFA, you have two options: 

Enable MFA through Salesforce:  If your users log in directly through the Salesforce user interface, enable MFA within Salesforce. There is no charge to enable MFA or to use the free authenticator app within Salesforce. You can already enable MFA for Salesforce products.

Enable MFA through your SSO provider: If your Salesforce products are configured for SSO with an identity provider, such as Okta, then you must enable MFA through the provider. Enable MFA within Salesforce for admins that log in to the platform directly.

You can get much more information on Salesforce’s MFA requirement here.

How Okta can help

The move by Salesforce to require MFA is a step in the right direction for identity and security. MFA offers security and peace of mind for everyone across an organization, from senior execs and IT teams to end-users.

Okta MFA frees users from passwords and takes authentication above and beyond with robust security and a streamlined user experience. 

• Customers achieve 75% fewer IT helpdesk calls related to login issues.
• Users adopt, log in to, and use new applications 50% faster.
• IT saves time provisioning applications—an average of 30 minutes per request.

Security comes standard for all Okta SSO customers, which includes Okta Verify one-time password protection. Secure your IT environment, user base, and devices without time-consuming password resets or complicated policies. Integrate seamlessly with Salesforce and meet the new security requirements today. Enable MFA with Okta.