Blogs » Others » Multi Factor Authentication in Salesforce

Multi Factor Authentication in Salesforce

  • One single vulnerability is all attacker needs - Windows Synder

    Today we are so deeply entrenched in our digital worlds. Almost all our day to day activities are on the web. Many companies simply use username and password to login their applications, which makes it easy for any hacker to access the organization’s data, email account and any other sensitive information. Phishing attacks, Malicious viruses and spy-ware attempt to gain confidential - sensitive data such as login credentials, credit card information, network credentials, and more putting both individuals and organizations are at risk.

    These actions demand the critical need for top-notch security as cyber culprits morph their attacking methods in ever-more smart and multifaceted forms. Clearly, just a password is not enough for shielding authentic logins. The most pragmatic way to strengthen authentication is to require users provide more than just their username and password. Multi-factor authentication enables us to deploy a security strategy that protects the company data thus reducing complications while ensuring access and making it easy and flexible for remote workers.

    Implementing an additional factor to verify the user identity will make it more difficult for cyber criminals to breach data. These methods are called Multi-factor authentication or simply two factor authentication. The above few lines clearly tells the need of MFA. Fortunately, Salesforce has always made it easier to help users and build security into their product by implement stronger measures to protect business and customer

    MFA like name means simply using multiple forms of authentication. Select a strong authentication factor from the below list of supported factors and build a plan to implement one of them for the release. The currently supported authentication methods are:

    • Salesforce Authenticator
    • Google Authenticator
    • Microsoft Authenticator
    • Authy
    • Yubikey (Hardware Key)
    • Google Titan Security Key (Hardware Key)

    Two Factor Authentication
    2FA is a subset of MFA. 2FA can be considered as the door and lock to your house behaving as 1st and 2nd factor respectively. These two factors typically include details you already know (like username/ password) something that generates a random number—which expires after one use and can only be used during a specific period of time—at fixed intervals (e.g., a code generated on a mobile device/hard tokens).

    By requiring more than one factor during the authentication process, there is increased assurance the user's access is authorized. While there is risk that a single factor such as a password may be compromised, requiring a second factor can effectively mitigate this risk.

    By requiring more than one factor during the validation cycle, there is expanded affirmation the user's access is approved. While there is hazard that a solitary factor, for example, a password might be undermined, requiring a subsequent/second factor can adequately mitigate this jeopardy.

    Salesforce supports different techniques for 2FA including Salesforce Authenticator,U2F Tokens, OAUTH HOTPs, Temporary Tokens. Furthermore, Salesforce has a wide variety of built-in tools for scaling your deployment, including 2FA delegation, reports, dashboards, and email adoption campaigns.

    The Most recommended is 2FA using Salesforce Authenticator

    Salesforce Authenticator is an easy to use, fast, smart, mobile two-factor authentication solution app that delivers enterprise-class security, while providing an extra layer of security to your Salesforce Orgs. Thus, by adding this feature we can increase security while driving a better user experience.

    Once the users download the App from Playstore/Appstore, With a single tap on their mobile device, they can approve logins and other actions, even verifying automatically from trusted locations. Upon entry of the user's credentials into the Salesforce login page, the following details can be known from the app:

    • The action that needs approval
    • Which user is requesting the action
    • The device the user is using
    • From which service is the requested action coming
    • From what location would the user approve or deny this request

    With all this information, the user can simply tap the "Approve" or "Deny" button and thus complete authentication quickly and get on with the intended task.

    For more convenience, User can use trusted locations services to automatically verify from locations you trust, like your office or home. Better yet, Einstein can save trusted locations for you! Then you need only respond to notifications when something out-of-the-ordinary happens.

    The codes also work as a backup authentication method if you're on a plane or have poor connectivity. This means Salesforce Authenticator also works with third-party services that use OATH TOTP tokens.
    With Salesforce Authenticator we can keep track of number of times user Authenticator has verified the User’s login to Salesforce along with location information

    Can a user have more than one authentication system enabled?

    You can enable Salesforce login with SAASPASS secure single sign-on (SSO) and provide your users the ability to login to Salesforce and other SAASPASS integrated apps, all at once.

    Can SSO & MFA work together? MFA is not enforced for users that login using SSO, however, SSO + MFA is recommended to ensure that the user accounts are highly secure.

    However MFA is not enforced for API integrations

    2FA, MFA or biometrics - None of them are unbreakable, individually or in combination, but you need to put some muscle to get through.. Therefore, it might be wise to take some precaution measures in the unfortunate, but probable, event of a data breach




No Stickers to Show