Beginning February 1, 2022, per the Salesforce Trust and Compliance Documentation, all Salesforce customers are contractually required to use MFA in order to access Salesforce products. To help customers meet the requirement, Salesforce will begin automatically enabling MFA for users who log in directly to Salesforce products. In the Winter '23 release coming out in September and October 2022, the MFA setting will automatically be turned on for all orgs with fewer than 100 users. The update becomes available in a later release for all other orgs. Even if you’re fully compliant with the MFA requirement now, you may need to complete one last step to prevent MFA-exempt user types from being affected by this release update. Find more information about MFA here.
Once this is implemented, Admins will still have the option to disable MFA if their users aren't ready yet. After the requirement deadline, Salesforce will gradually start enforcing MFA by making it a permanent part of the direct login process and removing controls for admins to disable it. Auto-enablement and enforcement dates will vary by product.
Salesforce is working to finalize auto-enablement and enforcement dates, but in the meantime, you can use the following time frames to estimate when changes will occur for your products. It’s possible that some time frames could shift to later dates, but no changes will take place sooner than what’s listed here.
Please be aware that prior to auto-enablement and auto-enforcement you will need to enable Multi-Factor Authentication for your firm. There are helpful videos and articles below that will guide you on how to do so.
Video: Journey to MFA: Launch Multi-Factor Authentication | Salesforce
Multi-factor authentication (MFA) is one of the best ways to enhance login security to protect against common threats like phishing attacks, credential stuffing, and account takeovers. Learn how to enable MFA for all products built on the Salesforce Platform, including Elements. And see how your users can register and use the Salesforce Authenticator mobile app for MFA logins.
For more on permission sets, watch Who Sees What Permission Sets (http://salesforce.vidyard.com/watch/UFBD2u_NM12BVNhXKsSn4g).
Document: Admin Guide to Multi-Factor Authentication
Our partner, Salesforce, has put together this great Admin guide for MFA, including information about what MFA is, how to implement it, as well as successful adoption tips & other questions.
This article includes links to outside resources. We are not responsible for the content on the external site. If there is a link that does not work, please email [email protected] and we will attempt to adjust the information with an updated link.
