You’ve been seeing the alerts for months now. “Admin Notice: It’s Time for MFA” pops up every time you log into your org, and you close it every time. You’ve procrastinated for any number of reasons: you don’t have time to look into it right now, you’ve already implemented something that should take care of it, it’s going to be a pain to get users to adopt it, etc. Besides, it’s not going to roll out for a few weeks, anyway.
Wait…a few weeks? That’s right. Salesforce is going to begin requiring orgs to be compliant with MFA (Multi-Factor Authentication) beginning in February. Time is running short, so let’s get started now!
You may be wondering why Salesforce is rolling out MFA requirements, or even how MFA is different than your current login policies.
Multi-factor authentication, or MFA, is a security practice that requires a user to verify their identity using something they know AND something they have. This is different from receiving a verification code via SMS or email messages that you may utilize in your current Salesforce environment.
MFA is an added layer of security for your company’s data. As we have shifted to a remote workforce, it’s more important than ever for companies to institute data security measures like MFA. Threats like phishing, credential stuffing, keylogging, and password breaches are becoming the norm. MFA is another added layer of protection to help keep your data safe and your company away from embarrassing headlines.
Here are 5 tips to help you have a successful launch of MFA in your org—as well as links to several resources to ensure the smoothest transition possible for all your users.
Start the conversation now!
The deadline for MFA is quietly sneaking up on you. February will be here sooner than you know! You need to start having conversations with stakeholders to get them on board, and with users on what they can expect.
As you will see, there are multiple ways to implement MFA, but all are going to require planning and extensive communications with your team. Time is short, but you’re not out of time yet!
Download the MFA Rollout Pack
Salesforce has put together some great resources in to help you plan and communicate your rollout. Click this link MFA for Salesforce Rollout Pack to get customizable planning and change management templates, presentations, user training decks, drip campaign emails, a rollout checklist, and more!
As you begin planning, one of the first things you’ll want to talk about is the various MFA alternatives. There are multiple options available to you, so you’ll want to make sure you choose the method that most aligns with your company’s needs.
- Method 1: Salesforce Authenticator Mobile app
Simple set up, easy to use. The Salesforce Authenticator app is available on Google Play or the iOS App Store to download to a mobile device. The user provides their Salesforce Credentials as normal, wherein Salesforce pushes a notification to the user’s registered device for them to verify their identity with a single tap.
- Method 2: Third Party Authenticator Mobile App
MFA is an industry standard practice, and so there are several authenticator apps on both Google Play and the iOS App Store that would help you meet MFA requirements. If you’re already using Authy, Google Authenticator, Microsoft Authenticator, or some other Authentication app that uses MFA, this may be a better option than asking your Salesforce users to download yet another app to their mobile devices.
- Method 3: Security Key
There are also physical ways to create an additional layer of security to any authentication into your org. A physical security key, like Yubico’s YubiKey or Google’s Titan Security Key, may be options for organizations where users do not own mobile devices or are not permitted to use one while working.
- Method 4: Single-Sign-On with MFA
If you’re already using a Single-Sign-On (SSO) service, like OneLogin, Okta, or Duo for your users you can simply add Salesforce as one of the enabled apps. Be aware that you must be using MFA authentication through your SSO provider to be in compliance. This solution won’t make sense, however, unless you’ve already implemented SSO or are about to implement it in time for the February compliance deadline.
NOTE: If you’re not sure which is the best choice for you, our team of certified Salesforce consultants would be happy to talk through your business needs and provide recommendations.
Test your rollout with a pilot group of users
Choose a set of open-minded users from a variety of job functions to test the implementation. Work through any unexpected issues and gather their feedback. These users can also provide support to their team members when it’s time for the rest of the organization to go live with MFA.
Prepare onboarding materials and be available for launch day support
Take the time to set your users — and yourself — up for success. Provide user training, document your MFA related policies and procedures, and establish a support team. Schedule open hours on launch day to be available for troubleshooting, demonstrations, and account access recovery if needed. Make sure to add MFA enablement as part of the new hire process going forward.
Regardless of your reason for taking a rain check on MFA, now is the time to make it a priority. We hope these tips are helpful as you begin to plan your rollout, but we also understand that change is hard for users and change management is hard for administrators. Teaming up with a trusted partner like Revolution Group can give you peace of mind as you rely on our experience and expertise to help you navigate through a successful implementation resulting in better protection for your company’s data. Questions? Give us a call at 614-212-1111 or by email at [email protected].