IT Hub

Securing Your Salesforce: A Comprehensive MFA Guide

Reco Security Experts
May 14, 2024
May 14, 2024

Can you imagine the fear of a stranger gaining access to your bank account simply because they have access to public data about you? As companies embrace remote work culture, cybersecurity concerns have reached a peak. Data, an important element for operational businesses, should be protected from unauthorized access. Salesforce is a trusted data storage and access platform that recognizes the importance of data security.

Usernames and passwords alone may not protect users and their data strongly against phishing attacks and account takeovers. Therefore, leading tech companies, including Salesforce, have implemented a more advanced approach to organizational security: Multi Factor Authentication, or MFA.

Click on MFA for Single User in Your Org

Step 1:
Type “Permission” in the quick find section, click Permission Sets, and create a new permission set.

Step 2: Save your recently created permission set and navigate to “System Permission.

Step 3: Open System Permissions and select the Multi-Factor Authentication in the User Interface Logins Box.

Step 4: Scroll up and click “Manage Assignments” > “Add Assignment,” then assign the permission set to a user.

Step 5: If a new user is logging in, they will be asked to reset their password. Once that is done, you are good to go!

There you have it! Whenever users log into the org again, they will be required to add the credentials via the MFA permission set you just put in place.

How to Get MFA for Everyone in Your Org

Getting an MFA for everyone in your org takes just one click!

Set up >> Quick Find >> Identity Verification >> Request multi-factor authentication (MFA) for all direct UI logins to your Salesforce org.

All it takes is just a selection of a box.

Practices for Salesforce MFA

  • Define a Roll-Out Strategy for Your MFA: Decide on the structure and execution of your multifactor authentication (MFA) rollout. Develop a strategy that works for your company's size, business goals, and Salesforce products.
  • Know Who your Users Are: As an administrator, it might be difficult to know all of your users, but if you have only a few users, it is more efficient to pay attention and know them. This will help you detect a non-user in your organization.
  • Prioritize Your Users: In developing your rollout strategy, some users must figure out their MFA first. These users have some privileges that others do not have. While you set up the MFA for privileged users, you can limit other users' access from the profile level.


Salesforce security mechanisms protect users from getting targeted by various security breaches that can endanger a business and its data. As an administrator, you always want your data to be in safe hands

Explore More
See more articles from our Hub