top of page
Blog article

Blog article

Using "YubiOn for Salesforce" to Support Salesforce's MFA requirement

Beginning February 1, 2022, multi-factor authentication, or MFA, will now be mandatory for Salesforce, making another factor of authentication, apart from the traditional ID and password, required.


While Salesforce supports the following MFA, there may be cases where the MFA verification method cannot be used due to the customer's configuration. Luckily, YubiOn for Salesforce is available for these situations.


Salesforce Authenticator

Login is possible by authenticating based on push notifications sent to the device.

Third-party TOTP

Login is possible by entering a temporary code sent to the device.

Security Key (U2F)

Login is possible by authenticating with a physical device plugged into the USB port.

For example, the following are not considered acceptable MFA methods as per recommendations by Salesforce.


“Salesforce Authenticator" and "3rd Party TOTP" require a mobile device, meaning that if company devices are not loaned, it may not be possible to use them. U2F also requires a paid physical device to be plugged into the USB port for authentication and cannot be used if U2F communication is not possible due to USB restrictions or remote connections. In addition, U2F makes it difficult to identify individual devices.



A few advantages of YubiOn for Salesforce, an application for multi-factor authentication with OTP (One Time Password) using YubiKey, are:

  • No mobile device is required

  • OTP is recognized as a keyboard, so it can be used under USB restrictions or remote connection

  • Easy management of authentication devices


A trial demo for YubiOn for Salesforce is covered in the remainder of this article.



Easy Installation Access the package installation site.

Enter the installation key and click the "Install" button.

※The URL of the installation site and the installation key will be distributed when you purchase the package.


The YubiKey management application (YubiKeyManager) will be available immediately after installation is complete.


Batch management of YubiKey with YubiKeyManager Register, rename, and delete YubiKeys used for authentication.


It is also possible to assign and unassign YubiKeys for authentication to each user.

Multiple YubiKeys can be assigned to a single user, or the same YubiKey can be assigned to multiple users.


MFA (multi-factor authentication) for login Apply a login flow that requires MFA for each user (per role, called a profile).


Users to whom the login flow for MFA has been applied will be required to use OTP with YubiKey from their next login.

The user logs in with the conventional ID and password (1st factor).

Plug the YubiKey into the USB port.

(Note: Only YubiKey with OTP functionality is available)

By simply placing a finger on the [y] area, OTP authentication (second factor) is performed, and one can log in to the Salesforce service.

This concludes the guide for use of MFA through YubiOn for Salesforce, a program designed to support users who were unable to implement MFA verification through Salesforce.


To purchase YubiKeys via Amazon, click here.


As Soft Giken also provides YubiKeys, if one wishes to acquire a YubiKey, please contact us.


Also, for more information regarding YubiOn for Salesforce, please visit here.




Comments


bottom of page