Multi-Factor Authentication (MFA) FAQ

Created by Alan Martinez, Modified on Tue, Nov 22, 2022 at 2:07 PM by Alan Martinez

TABLE OF CONTENTS


Multi-Factor Authentication (MFA) FAQ

What is Multi-Factor Authentication?


MFA adds a layer of protection to the login process by requiring a supplemental verification method, in addition to a password.


Who is affected by this update and when will it go into effect?


All Salesforce users will be required to register an MFA-compliant verification method by Thursday, January 20th, 2022. For a full list of current users at your school, please email Josh at jmentzer@cristoreynetwork.org.


What do I need to do?


The Salesforce Authenticator mobile app is a simple, no-cost verification method that satisfies the MFA requirement. The national office will support users’ installation and registration of the app to prepare for the Spring ‘22 release. Step-by-step guides to install the Salesforce Authenticator mobile and to register the app in Salesforce can be found here.


What happens if I do not install and register the Salesforce Authenticator app by January 20th?


The next time you try to log in to Salesforce, you will be required to install and register the application. We recommend taking care of these steps before the deadline to avoid a disruption in Salesforce access.


What if we need to log in to more than one Salesforce org?


You can connect the Salesforce Authenticator app to multiple Salesforce orgs. Once you have already downloaded and installed the app, see this section to register an additional account with the app.


What if two people share a single Salesforce account?


Salesforce prohibits sharing user credentials with multiple users. Before you can satisfy the MFA requirement, you need to resolve any shared accounts or credentials that are in use. This practice is incompatible with MFA because each user must register and connect a unique verification method to their Salesforce account before they can log in. If multiple users are sharing a single account, only one person will be able to log in to that account after MFA is enabled. If you need to purchase additional licenses, please reach out to the national office Salesforce team.


Will I be required to use the Salesforce Authenticator app in order to log in to the standard Salesforce mobile app?


Yes, the first time you log in to the standard Salesforce mobile app, you will be required to open the Salesforce Authenticator app to approve the log in. Subsequent app usage will most likely not require you to approve through the Salesforce Authenticator app.


Other MFA-Compliant Verification Methods

Should I register more than one MFA-compliant verification method?


While it is not required, Salesforce recommends registering more than one MFA-compliant verification method in the event that a user loses their primary method (e.g., loses their phone).


Are there other ways to comply with the MFA requirement, besides or in addition to the Salesforce Authenticator app?


While the national office is supporting the use of Salesforce Authenticator to comply with the MFA requirement, there are other options for users who wish to add an additional authentication method or who cannot download the app. This Salesforce help article explains four different MFA verification methods that users can use to satisfy the requirement.


  • If you are unable to download and install the Salesforce Authenticator app, you can use another authenticator app to generate one-time passcodes. The national office does not endorse any specific application beyond the Salesforce Authenticator app; however, users have successfully used the following authenticator apps to satisfy the MFA requirement:
  • If users do not wish to download a mobile application, the national office recommends the use of a physical security key. Please see this Salesforce help article for more details on security keys. The national office does not endorse any specific security key, but users have reported that this Yubico product works well, particularly for Chrome users. Users are responsible for purchasing and registering their security keys and must have the security key with them each time they wish to access Salesforce if it is their sole MFA verification method. See this help article on how to register a Yubico key. Note that a physical security key is not a good option for users who rely on the Salesforce mobile app - the Salesforce Authenticator app is strongly recommended if you use the mobile app regularly.


Live Support Sessions

Multi-Factor Authentication Q&A Sessions


Soon to come!



Day-Of Office Hours

Attend this Zoom meeting for support. Registration is required.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article

z