User Operation Instructions for Salesforce MFA (FIDO2 / U2F)
This section describes how to register a security key (FIDO2 / U2F) and how to log in.
2022/06/15 Article update
By supporting WebAuthn (FIDO2) in Salesforce, registration and authentication methods using FIDO2 compatible security keys have been added.
How to set and initialize FIDO2 compatible keysherePlease refer to
News
2022/06/12
By applying the Summer'22 version of Salesforce,Supports WebAuthn (FIDO2) security keysI came to This change allows users to register WebAuthn (FIDO2) or U2F security keys for identity verification. If you have keys previously registered as FIDO U2F, you may be prompted for an authentication sequence (PIN) as FIDO2 due to Summer'22 enforcement.
Environmental information
Device: Windows 10
Interface: Lightning Experience
Browser: Chrome
*Depending on the OS and browser you use, it may differ from the explanation image.
In-page link
Security key registration method
This section describes how to register a security key (FIDO2 / U2F) by the user.
If the system administrator has set MFA (multi-factor authentication) for the user, the user will be required to register a security key at the next login. increase.
Log in with "username/password" from the login page of Salesforce.
Connect Salesforce Authenticator Click "Choose another verification method" at the bottom of the screen.
Click Use Universal Second Factor (U2F) Key or WebAuthn (FIDO2) and click Next.
Click the "Register" button on the Register Security Key page.
After moving to the security key registration page, the "Security key setup" popup will automatically appear, so click the "OK" button.
Next, "Continue Setup" will be displayed, so click the "OK" button.
Insert the security key into the USB port.
For registration with FIDO2 security key
For FIDO2-compatible security keys, you will be prompted to enter a PIN.
If a PIN has not been set for the security key, a screen for setting will be displayed. Please set a PIN.
Touch the button or metal part of the security key.
Finally, enter the security key name and click the "Save" button to complete security key registration and login.
*For both FIDO2 / U2F, the flow is to set the security key name after completing the registration.
From the next login, you will be asked to authenticate with the security key after logging in with your "user name/password".
How to log in with a security key
Describes how users log in with security keys (U2F).
The user must have registered a security key.
Regarding how to register "Security key registration methodPlease refer to
From the login page of Salesforce, log in with "user name / password".
Click the Validate button.
Insert the security key into the USB port.
After that, the authentication sequence differs between FIDO2 compatible security keys and FIDO U2F only compatible security keys.
Here's a quick way to tell.
U2F: Authentication is completed just by touching the security key.
FIDO2: A PIN is required during authentication.
*If a PIN is not set for the security key, the PIN setting screen will be displayed.
For registration with FIDO U2F security key
For security keys that only support FIDO U2F, PIN is not required, and authentication is completed simply by touching the button or metal part of the security key.
For authentication with FIDO2 security keys
For FIDO2-compatible security keys, you will be prompted to enter a PIN.
If a PIN has not been set for the security key, a screen for setting will be displayed. Please set a PIN.
Touch the button or metal part of the security key.
You have successfully logged in.
If you lose or forget your security key
If you have lost or forgotten your security key, you can temporarily log in using a temporary code by contacting the system administrator and having them issue a verification code. Here, we explain what to do when the security key cannot be used and how to log in with the confirmation code.
If the security key cannot be used when logging in, the "lost security key"or"forgot security key” to the system administrator. After reporting, wait for contact from the system administrator.
When reporting to the system administrator, be sure to use the "lost" or "I forgotPlease clearly report whether
After receiving the confirmation code and expiration date from the system administrator, log in with "user name / password" from the login page of Salesforce.
Enter the verification code provided by your system administrator and click the "Verify" button.
*You cannot log in with an expired confirmation code.
Login completed.
[For lost security key]
Logging in with the verification code is only a temporary workaround. If you receive a new security key, please re-register as soon as possible.
After that, the registration sequence differs between FIDO2-compatible security keys and FIDO U2F-only security keys.
Here's a quick way to tell.
U2F: Just touch the security key to complete setup.
FIDO2: A PIN is required during setup.
*If a PIN is not set for the security key, the PIN setting screen will be displayed.
For registration with FIDO U2F security key
For security keys that only support FIDO U2F, no PIN is required, and setup is completed simply by touching the button or metal part of the security key.