Salesforce’s MFA Deadline Approaching: Info and Security Tips for Salesforce Users

Author: Véronique Fugère

One of the biggest stories to make the headlines in 2021 was the Colonial Pipeline cyberattack; an entire pipeline was brought down due to a single compromised password.

Prior to this, citing data presented by Interpol about the rise in cyberattacks during the pandemic, Salesforce announced they were mandating a February 1, 2022 deadline for all account users to implement MFA (multi-factor authentication).

Why MFA?

Cyberattacks can cripple a business. Unlike other dual authentication methods, MFA is less vulnerable to things like interception via phishing emails and SMS.

Salesforce’s MFA FAQ is being continuously updated and can be found here.

What This Means for Your Organization

While MFA is something Salesforce users may be familiar with, as it’s offered by many financial institutions, social media networks, and businesses—Salesforce’s mandatory MFA update could require a change in processes, policy, and best practices for organizations.

Regardless of how your Salesforce users are currently accessing your Salesforce products, you will need to double check that you are meeting the requirements for compliancy before the February 1st deadline: MFA Requirement Checklist.

  • All internal users who sign in to Salesforce products and partnered solutions via the user interface must, and will be prompted to, use MFA for every login.
    • This will also impact any support services you receive from your implementation partner.
  • Users who access Salesforce products through SSO (excluding ClickSoftware products) won’t be affected by auto-enablement and enforcement actions if MFA is enabled for the SSO account.
    • More info on MFA and SSO can be found here.
    • If you’re a Diabsolut partner, our client care team has a multi-phase SOC-2 security compliance plan for enablement and will contact you if any additional actions are required.
  • There should be very little if any, associated costs—unless your organization has specific needs that require the purchase of additional licenses.

What to Expect

MFA is a way to increase data security by requiring direct verification for login and is one of the most effective ways to safeguard against cyberattacks. Rather than providing an emailed or texted code or link, Salesforce is requiring a direct security code, which is much more difficult to compromise.

Logging in to Salesforce will change with the update; MFA adds a small, extra login step that will take a few additional seconds:

  • Users will log in to their Salesforce account with their username and password on the login screen, as usual.
  • They will then be prompted to enter the additional verification—provided by something like an authentication app on their mobile device or a USB security key.

MFA Salesforce

This little step goes a long way toward making your organization’s data more secure.

More information on this, including what authentication apps are compliant, can be found here; and a glossary of MFA-related terms can be found here.

Additional Resources

Following best practices, having the right tools, and a solution that is up-to-date are all vital when it comes to keeping your organization and clients’ data secure.

If your organization is struggling to set up MFA for this update and is looking for more information, or needs to address compliancy gaps—such as nearing your solution’s EOL date — please use our contact form or reach out to us at