Prepare for Salesforce MFA Mandate
MFA support with security key (FIDO2 / U2F)
2022/06/15 Article update
By supporting WebAuthn (FIDO2) in Salesforce, registration and authentication methods using FIDO2 compatible security keys have been added.
How to set and initialize FIDO2 compatible keysherePlease refer to
News
2022/06/12
By applying the Summer'22 version of Salesforce,Supports WebAuthn (FIDO2) security keysI came to This change allows users to register WebAuthn (FIDO2) or U2F security keys for identity verification. If you have keys previously registered as FIDO U2F, you may be prompted for an authentication sequence (PIN) as FIDO2 due to Summer'22 enforcement.
All Salesforce users, are you ready for MFA (Multi-Factor Authentication)? Contractually required to use MFA to access Salesforce products after February 1, 2022 (Multi-Factor Authentication Adoption Roadmap). In this article, Salesforce access isFIDO2or FIDO U2F (Universal 2nd Factor), we will introduce MFA support using an authenticator that supports .
What is MFA (Multi-Factor Authentication)?
There is a limit to protecting data against security threats with password authentication alone, and it is recommended to use authentication with higher security strength to protect customers' information assets.
MFA (multi-factor authentication) refers to authentication that combines these three factors: knowledge that only the person knows, possessions that the person has, and biometric information that is the person's physical characteristics. Even if a user's password is leaked, the risk of unauthorized data access can be reduced because it is protected by other factors.
MFA is an effective technique to reduce security risks such as phishing and man-in-the-middle attacks. Salesforce promotes MFA to protect business and customer information from security threats.
MFA-enabled methods and reasons to choose security keys
There are five major patterns in how Salesforce supports MFA. There are five types using Salesforce Authenticator provided by Salesforce, third-party TOTP, physical device security key (FIDO2 / U2F), single sign-on (SSO), and Yubico OTP.
1. Salesforce Authenticator
Install Salesforce Authenticator on your mobile device and use it immediately with a simple setup.
2. 3rd Party TOTP
Install apps such as Google Authenticator, Microsoft Authenticator, and Authy on your mobile device and use it immediately with a simple setup.
3. Security key (FIDO2 / U2F)
It can be used immediately by registering a FIDO2 / U2F compatible security key.
5.SSO
If you use SSO, you can meet Salesforce's MFA requirements by requiring MFA.
Next, I will explain the reasons for choosing a security key (FIDO2 / U2F). The Salesforce standard authenticator and TOTP are easy to install and can be used by simply installing them on a mobile device. It seems that the second MFA support may be difficult. Regarding SSO, it is good if you are already using it, but when it comes to new installations, you may not be able to start implementing it. In such cases, MFA countermeasures using security keys (FIDO2 / U2F) are considered to be the most effective method. After purchasing a security key compatible with FIDO2/U2F and registering the security key, users can use it immediately. Also, depending on the product, you don't have to worry about running out of battery like you do with mobile devices. Many of the products are highly durable and easy to operate during authentication, so end users will not be stressed.
available security key
Any product can be used as long as it is a security key that supports FIDO2 / U2F. Here are some security keys.
How to set up and use Salesforce MFA (FIDO2 / U2F)
Setting up MFA in Salesforce requires setup by a system administrator. Please check the setting method from the administrator operation procedure below. Also, please check the user operation procedure for user operations.
