In a commitment to providing the highest level of security, Salesforce recently announced it will require all customers to enable Multi-Factor Authentication (MFA) to access its products beginning February 1, 2022. What does this mean for your organization? If you’re already leveraging MFA or single sign-on protected by MFA, then congrats, you’re ahead of the curve and don’t need to take any action. If you haven’t enabled MFA, are wondering what it is or how it works, then read on!
Multi-factor authentication: something you know and something you have
MFA makes logging into your Salesforce products even more secure. It’s an authentication method that requires users to provide two or more pieces of evidence for their identity (these are the “factors”). Think of MFA as, “two or more pieces of identity to log in”. The most common factors include a username/password users know and an authenticator app or security key in their possession.
Why multi-factor authentication?
Why is Salesforce requiring all customers to meet the MFA requirements? Simple, it improves the security of your data. We can all agree that’s a good thing.
Forrester Research shows that MFA can prevent up to 96% of bulk phishing and 100% of bot threats. It’s one of the easiest, most effective tools for enhancing login security. The great news is that it’s also available from Salesforce at no extra cost. Salesforce also supports single sign-on (SSO). If your organization already utilizes SSO for all Salesforce products and has MFA configured for the identity provider, then you should be covered.
Change is hard
If you find yourself wondering how to tackle this new MFA requirement, you’re not alone. Some of the top reasons that organizations haven’t implemented MFA include disruption to user’s daily routine, lack of resources to support maintenance, steep employee learning curve and executive resistance.
Tools to help
Are you an Admin trying to unravel MFA vs. SSO and the various options while managing your user’s enhancement requests? Are you an executive concerned about the potential security implications and change management across your organization?
Based on our years of experience implementing MFA and SSO, Traction On Demand has put together an accelerator project to help your team plan and implement the best approach for your organization. Our new Multi-Factor Authentication (MFA) Accelerator is designed for any organization using Salesforce that has not implemented multi-factor authentication or single sign-on (SSO) capabilities.
This accelerator considers the key personas in the MFA rollout. IT/Cyber Security teams are critical to the MFA process as they typically own the login processes for organizations. Our team works hand-in-hand with IT to make the process as seamless as possible. MFA rollouts include a large organizational change management component and we work together with you to identify the optimal support processes to meet your employee’s needs. For Salesforce Admins, we offer repeatable processes based on our years of MFA/SSO rollouts that can keep you focused while juggling the demands of the rest of your organization’s enhancements requests.
Traction on Demand’s Multi-Factor Authentication Accelerator inclusions
- Kickoff/MFA Review
- Team intros
- Multi-factor authentication/SSO review
- Permissions Auditor App
- Installation of the Permissions Auditor App
- MFA Audit - User Inventory
- Inventory users, Roles & Permissions, Identify privileged users
- Tabulated data review
- MFA solution design
- Rollout Documentation
- Recommendations for all users
- Identify pilot groups
- Highlight SSO/user provisioning needs
- MFA Go-Live
- Enable Users
Optional enhancements: customizations & integrations
Traction on Demand’s MFA Accelerator was developed with extensibility in mind, which means it can be fully customized to support your unique processes and organizational demands.
- Change management: Full change management services to help your organization transition through this critical security upgrade
- Rollout Support Services: Enhancement of your support channels to aid the transition
- Single Sign-On: Configuration of Salesforce as your identity provider or leveraging third-party IDP tools
- User Provisioning Services: Automating new user creation in conjunction with your new authentication protocols