Salesforce - Manage Multi-Factor Authentication (MFA) Options

Owned by AlphaSys, created
Last updated: Jan 17, 2022
2 min read

Admins can assist with lost access through the normal setup page for users and then generating temporary verification codes. Users can manage MFA options in the Advanced User Details page in their user profile settings. These do not cause MFA to be enabled, as MFA is enabled by a permission set.

Instructions as a Salesforce Admin

If users have a lost access to their multi-factor method and need to reset it, an admin can go through the following process to generate a temporary code which can provide access with a minimum duration of 1 hour. Of course, the identity of the person should be confirmed before providing access to the code.

  1. Log into Salesforce, go to Setup

  2. Go to Users and select a user account

  3. On the “User Detail” page, view the section shown below for “Temporary Verification Code”. Click on “Generate” to create a code which should be securely provided to the user requiring access.

 

Instructions as a Salesforce User

For users to add additional methods or disconnect existing methods, they can log onto their account and go to Advanced User Details.

  1. Log into Salesforce, click on your profile

  2. Select “Settings”

  3. Advanced User Details

  4. In the User detail, view the section shown below (the image shows already configured MFA options which can be disconnected):

    1. App Registration: One-Time Password Authenticator (for example, Google Authenticator or any one-time passcode app)

    2. App Registration: Salesforce Authenticator - Salesforce Authenticator App for push notifications

    3. Security Key (U2F) - physical key for MFA

    4. Lightning Login - removes need for password at login, allow login with push notification after email address is entered.

    5. Temporary Verification Code - generate temporary codes if accessed is lost.

 

https://alphasys.atlassian.net/wiki/spaces/CSD/pages/1559330817