Salesforce is the world’s most trusted enterprise cloud and with that comes an expectancy to keep accounts and data secure. And rightly so. That’s why Multi-Factor Authentication is an essential (and soon compulsory) addition to your Salesforce CRM.
The past 18 months have changed the way we work. Possibly forever. With so many people working from home, everyone has adjusted to keep the wheels turning. That includes relying on home-based networks that may not have the security level you need. Unfortunately, as our reliance on the internet increases, so does the threat of cyber-attacks.
Multi-Factor Authentication is the most effective way to protect your Salesforce data and keep your company and customers safe. Cybercriminals will take advantage of a lapse in security at the first opportunity.
What is Multi-Factor Authentication?
It is built by Salesforce to protect the platform and provides an extra layer of protection. It is designed to battle against hackers, phishing attacks, and credential stuffing. MFA balances security and user convenience seamlessly, which is particularly useful with so many people working from home. It allows Salesforce users, partners, and consultants to stay one step ahead of the bad guys. It is available at no extra cost and will give you peace of mind as we all find new ways of working.
How does it work?
MFA is about proving who you are. Passwords aren’t enough and other verification methods or ‘factors’ are required before Salesforce gives the green light. To log in, users will need their username and password as well as two or more other identifying methods such as a security key, fingerprint scan, or authenticator app. Multiple factors of identification significantly reduce the chances of someone gaining unauthorised access to your Salesforce account. It also gives you protection even if your password is compromised.
What’s your password?
Don’t say it out loud. But how secure is it? Passwords are the single easiest way to hack into data, and all too often they are easy to decipher. Alone, they don’t provide a good enough safeguard against intelligent cybercriminals. You need to protect your customers and your business, as the aftermath of a data breach or phishing attack can be damaging for a company’s reputation. Not to mention the emotional and financial worries it brings.
Prepare your systems in advance
The time to get Multi-Factor Authentication set up is now. Multi-Factor Authentication will be compulsory from 1st February 2022, and it will be here before we know it. So, make sure you are familiar with it well in advance and ensure everyone in your team is aware of the changes and requirements. Plan your rollout according to the size of your business and do it in stages if that works for you. Multi-Factor Authentication Assistant will guide you through the process for a successful rollout and the team at Stimulus Consulting are always on hand to help.
Getting Started for Admins
As an Admin, the set-up of MFA is pretty straight forward. You will need to create a permission set and assign it to you users. You may want to test this out on a group of super users first so they can help support the roll out to the rest of the company.
1. From the Set Up menu select Permission Sets
2. Give the Permission Set a recognisable name and description
3. Add the permission Multi Factor Authentication for User Interface Logins to the set. This can be found in the system permission section or by using the search functionality.
4. Click Save
5. Click Manage Assignments and then Add Assignments
6. Check the checkboxes next to the users you want to assign the Permission Set to and click Assign
Getting Started for Users
There are three options for logging in: the Salesforce authenticator app, third-party one-time authenticators such as Google authenticator or a physical security key.
If you decide on the Salesforce Authenticator, then your users will need to make sure they download the authenticator app from either the App Store of Google Play and connect the app to the org, using their Salesforce credentials. Then each time they log in a push notification is sent to their mobile device and they just need to tap to confirm and then they can access their org as normal.
Take a look at our Salesforce tutorial video on Multi-Factor Authentication below: