Understanding and Enabling Multi-Factor Authentication (MFA)

Practifi is built on the Salesforce platform, and as your technology partner, we work diligently to ensure any Salesforce enhancements and changes are well understood in advance. Salesforce has announced their intention to make enabling multi-factor authentication (MFA) mandatory. Many Practifi clients have already enabled this feature as part of their security protocols. If you are unsure if you have this feature enabled, this article will outline future impacts on your users and security configurations. 

• About MFA
• Upcoming Changes
• MFA Recommendations
• Enabling MFA in Your Practifi Organization
• Handling Lost or Replaced Devices

About MFA

MFA adds another layer of security to your login process by requiring users to enter two or more pieces of evidence — or factors — to prove they are who they say they are. The first factor is the username and password. The second factor is an authenticator app, which can be installed on a user’s mobile device.

Upcoming Changes

Salesforce has announced an MFA enforcement date of February 1st, 2022. The February date is a contractual arrangement; we anticipate automatic enablement will start rolling out in September 2022 and be finalized by May 2023.

MFA Recommendations

There are many options for Multi-Factor Authentication. You may already have a firm-wide approach including Authenticator Apps provided by Salesforce or third parties, physical keys or authenticators built into your device's operating system, such as Touch ID. 

At this time, we highly recommend the Salesforce Authenticator App.  The Salesforce Authenticator App is available for Android and iOS devices and offers the following benefits:

• End users can click “approve” on the push notification instead of typing in the rotating code. (This feature can help reduce support requests.)
• We believe this app is most likely to stay aligned and compatible with future authentication changes to the Salesforce platform.

Enabling MFA in Your Practifi Organization

To enable MFA in your organization, Practifi Administrators can simply add the MFA Permission Set (Practifi - Login - Enforce two-factor authentication) to each user. Please review Adding and Removing User Permissions for assistance managing permission sets.

This Salesforce article will guide you through the steps to enable multi-factor authentication (MFA) using the security level, either standard or high assurance, assigned to a login method in your Salesforce session settings.

If you need more help, contact us via the Practifi Success Portal and our team will guide you through the implementation process.

Handling Lost or Replaced Devices

If a user loses the device they use for MFA, or simply gets a new device, it is suggested to disconnect the previous verification method and then re-register them. Please see this Salesforce documentation on disconnecting and registering verification methods.