top of page

Prepare for Salesforce MFA Mandate

MFA support with security key (FIDO2 / U2F)

2022/06/15 Article update

By supporting WebAuthn (FIDO2) in ​Salesforce, registration and authentication methods using FIDO2 compatible security keys have been added.

​How to set and initialize FIDO2 compatible keysherePlease refer to


By applying the Summer'22 version of Salesforce,Supports WebAuthn (FIDO2) security keysI came to This change allows users to register WebAuthn (FIDO2) or U2F security keys for identity verification. If you have keys previously registered as FIDO U2F, you may be prompted for an authentication sequence (PIN) as FIDO2 due to Summer'22 enforcement.

All Salesforce users, are you ready for MFA (Multi-Factor Authentication)? Contractually required to use MFA to access Salesforce products after February 1, 2022 (Multi-Factor Authentication Adoption Roadmap). In this article, Salesforce access isFIDO2or FIDO U2F (Universal 2nd Factor), we will introduce MFA support using an authenticator that supports .

What is MFA (Multi-Factor Authentication)?

There is a limit to protecting data against security threats with password authentication alone, and it is recommended to use authentication with higher security strength to protect customers' information assets.


MFA (multi-factor authentication) refers to authentication that combines these three factors: knowledge that only the person knows, possessions that the person has, and biometric information that is the person's physical characteristics. Even if a user's password is leaked, the risk of unauthorized data access can be reduced because it is protected by other factors.


MFA is an effective technique to reduce security risks such as phishing and man-in-the-middle attacks. Salesforce promotes MFA to protect business and customer information from security threats.

MFA (多要素認証) とは

MFA-enabled methods and reasons to choose security keys

There are five major patterns in how Salesforce supports MFA. There are five types using Salesforce Authenticator provided by Salesforce, third-party TOTP, physical device security key (FIDO2 / U2F), single sign-on (SSO), and Yubico OTP.

1. Salesforce Authenticator

Install Salesforce Authenticator on your mobile device and use it immediately with a simple setup.

2. 3rd Party TOTP

Install apps such as Google Authenticator, Microsoft Authenticator, and Authy on your mobile device and use it immediately with a simple setup.

3. Security key (FIDO2 / U2F)

It can be used immediately by registering a FIDO2 / U2F compatible security key.

4. Yubico OTP (Soft Giken original)

Can be used even when connected remotely or when USB is restricted. ​
Account and YubiKey can be managed.


If you use SSO, you can meet Salesforce's MFA requirements by requiring MFA.

Next, I will explain the reasons for choosing a security key (FIDO2 / U2F). The Salesforce standard authenticator and TOTP are easy to install and can be used by simply installing them on a mobile device. It seems that the second MFA support may be difficult. Regarding SSO, it is good if you are already using it, but when it comes to new installations, you may not be able to start implementing it. In such cases, MFA countermeasures using security keys (FIDO2 / U2F) are considered to be the most effective method. After purchasing a security key compatible with FIDO2/U2F and registering the security key, users can use it immediately. Also, depending on the product, you don't have to worry about running out of battery like you do with mobile devices. Many of the products are highly durable and easy to operate during authentication, so end users will not be stressed.

MFA 対応の方法とセキュリティキーを選択する理由

available security key

Any product can be used as long as it is a security key that supports FIDO2 / U2F. Here are some security keys.



Both the multi-protocol YubiKey 5 Series and the FIDO authentication-focused Security Key Series are available.

Brand: Yubico


Idem Key

USB key with NFC function that supports various authentications such as FIDO, OTP, and PKI.

Brand: GoTrust

You can also purchase the products we handle from this purchase page.

Please contact us from the inquiry page for bulk purchases and requests for quotations.


How to set up and use Salesforce MFA (FIDO2 / U2F)

Setting up MFA in Salesforce requires setup by a system administrator. Please check the setting method from the administrator operation procedure below. Also, please check the user operation procedure for user operations.

Admin action


MFA setting operation by system administrator

User operation


User registration and login operations

Salesforce MFA (U2F) の設定および使用方法
bottom of page