SalesForce to Require Multi-Factor Authentication for All Users Starting in February 2022

Salesforce, the world’s largest customer relationship management (CRM) platform, has announced that starting in February 2022, customers will not be able to access their accounts unless they turn on multi-factor authentication (MFA)

Help And Training Community

On and after February 1, 2022, Salesforce will require customers to use MFA to access Salesforce products

Salesforce has stated that only certain types of MFA methods will be supported, including the following

  • Salesforce Authenticator mobile app (available in the Apple App Store or Google Play Store)
  • Google Authenticator, Microsoft Authenticator, and Google Authenticator, Microsoft Authenticator, Authy, etc.)
  • Time-based one-time passcode (TOTP) authentication apps.
  • Security keys that support WebAuthn and U2F, such as Yubico’s YubiKey and Google’s Titan.
  • Built-in authenticators such as Apple’s Touch ID, Face ID, and Windows Hello
  • Salesforce Authenticator

MFA solutions that rely on sending a one-time passcode via email, phone call, or SMS message “are not permitted for use as these methods are inherently vulnerable to interception, spoofing, and other attacks,” Salesforce explains.

It is recommended that users register multiple authentication methods and make backups in case they forget or lose their primary authentication method.

The MFA mandate applies to all of Salesforce’s major cloud products, including.

Products built on the Salesforce Platform, including:

  • Sales Cloud, Service Cloud, Analytics Cloud, B2B Commerce Cloud, Experience Cloud, Industry products (Consumer Goods Cloud, Education Cloud, Financial Services Cloud, Government Cloud, Health Cloud) Financial Services Cloud, Government Cloud, Health Cloud, Manufacturing Cloud, Nonprofit Cloud, Philanthropy Cloud), Marketing Cloud-Audience Studio, Marketing Cloud-Pardot, Platform, Salesforce Essentials, Salesforce Field Service, Partner Solutions, etc.
  • B2C Commerce Cloud
  • Marketing Cloud-Datorama
  • Marketing Cloud-Email Studio, Mobile Studio, Journey Builder
  • MuleSoft Anypoint Platform
  • Quip

Salesforce has stated that they will provide MFA support at no cost to users and will only take this step to improve security and protect customer accounts.

The company’s decision was announced in March of last year, but they have been notified of the new requirements since at least February 2021, giving them time to prepare a year before they go into effect.