Avast, adventurers! Is your Salesforce ship ready for the wave of Multi-factor Authentication? By April 2024 the Multi-factor authentication(MFA) will be automatically turned on by default in new Salesforce orgs. Salesforce will complete auto-enablement by the Spring 2024 release.
The setting, Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org found in the Identity Verification section of the Setup menu, can control whether MFA is enabled for your Salesforce org.
Admin users have the ability to circumvent this setting. But hold fast, treasure hunter before making this change, as this security feature is meant to protect your Salesforce org from unwanted scallywags. It’s an effective tool to enhance your login security and protect your business treasure.
If you have decided to brave the rough seas without this security, then after the Spring 2024 release, be prepared for the tides to change. Salesforce will start showing notification messages for all admin users each time they log into Salesforce.
The notification will state that the org is out of compliance with the contractual MFA requirement and give steps on how to re-enable the setting.
There are moments when certain users are granted a pardon from the rule. There is a separate setting for each individual user that allows for turning off MFA, these exempt souls sail freely through the changing waters. The Wave Multi-factor Authentication for Exempt Users is a permission found under the users settings and this can be assigned on a user specific basis.
Also, users that access a Salesforce org via API are automatically not taken through the MFA login experience.
Skull and Crossbones: Feature Warnings ☠️
Be warned treasure hunters, there are only certain instances that the exemption setting could be activated. The setting Wave Multi-factor Authentication for Exempt Users should only be assigned to users that meet the criteria below:
- Users for test automation ( ex. Selenium, Robot, Cucumber, Appium )
- Users with an Employee Community License
- Logins using a certificate service that needs a PIN before users can select or receive a user certificate
- Logins that use a combination of a trusted device and a trusted network
Need help finding the Salesforce gems?
Let us help! Were seasoned Salesforce treasure hunters.