Practifi is built on the Salesforce platform, and as your technology partner, we work diligently to ensure any Salesforce enhancements and changes are well understood in advance. Salesforce has announced their intention to make enabling multi-factor authentication (MFA) mandatory. Many Practifi clients have enabled this feature as part of their security protocols. If you are unsure if you have this feature enabled, this article will outline future impacts on your users and security configurations.
- About MFA
- Upcoming Changes
- MFA Recommendations
- Enabling MFA in Your Practifi Organization
- Handling Lost or Replaced Devices
About MFA
MFA adds another layer of security to your login process by requiring users to enter two or more pieces of evidence — or factors — to prove they are who they say they are. The first factor is the username and password. The second factor is an authenticator app, which can be installed on a user’s mobile device.
Upcoming Changes
Salesforce will begin MFA enforcement in their May/June 2023 release. System Administrators in Practifi can disable MFA in Settings until this point, as only auto-enablement in MFA occurs in January and not MFA enforcement.
After MFA is auto-enabled in your organization, users are prompted to provide a verification method in addition to their username and password each time they log into Practifi. Verification methods include authentication apps, security keys and built-in authenticators like Windows Hello or Touch ID. If users haven't registered a method, they will be guided through the simple process at their next log-in.
There is a 30-day grace period where users can skip registration and log in to Practifi without using MFA. The grace period begins on the day MFA is auto-enabled in your organization, and the same 30-day window applies to all users of the Practifi organization.
When MFA enforcement occurs in Salesfore's next release, System Administrators will not be able to turn off the Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org setting. Users will receive an MFA challenge each time they log in directly with their username and password and will be required to complete this challenge. Users who weren't already using MFA will be prompted to register for it when they log in and will not be able to access their Practifi account until they do so.
MFA Recommendations
There are many options for Multi-Factor Authentication. You may already have a firm-wide approach, including authenticator apps provided by Salesforce or third parties, physical keys or authenticators built into your device's operating system, such as Touch ID.
At this time, we highly recommend the Salesforce Authenticator App. The Salesforce Authenticator App is available for Android and iOS devices and offers the following benefits:
- End users can click “approve” on the push notification instead of typing in the rotating code. (This feature can help reduce support requests.)
- We believe this app is most likely to stay aligned and compatible with future authentication changes to the Salesforce platform.
Please note: Users are not required to use the Salesforce Authenticator app. Furthermore, not all users in your organization have to use the same authenticator app. Authenticator requirements are left up to your firm's discretion.
Enabling MFA in Your Practifi Organization
To enable MFA in your organization, Practifi Administrators can add the MFA Permission Set (Practifi - Login - Enforce two-factor authentication) to each user. For assistance managing permission sets, please review our Adding and Removing User Permissions article.
This Salesforce Help article will guide you through the steps to enable multi-factor authentication (MFA) in your Practifi organization.
If you need more help, contact us via the Practifi Success Portal, and our team will guide you through the implementation process.
Handling Lost or Replaced Devices
If a user loses the device they use for MFA or gets a new device, it is suggested that they disconnect the previous verification method and then re-register. Please see this Salesforce documentation on disconnecting and registering verification methods.
Comments
Article is closed for comments.