If you might be scratching your head about recent emails from Salesforce about implementing a Multi-Factor Authentication (MFA) requirement for your organization, you are not alone.
The key challenges we see with product announcements from Salesforce like this one are that they:
- focus on the needs of their medium- to large-scale B2B sales customers, not smallish nonprofits,
- are written for the use of at least moderately experienced in-house Salesforce admins, who can easily identify which parts of the announcement (if any) are relevant for that particular organization.
Many nonprofits don’t fall into these categories. In fact, we have had a few Help Desk clients check in with our team about this email so we thought we would share some information about it so your team can be on top of this Salesforce update.
Our goal with this post is to help nonprofit organizations of various sizes to be able to navigate this change to their MFA with the least amount of headaches.
What is the new MFA requirement in Salesforce?
Beginning February 1, 2022, all Salesforce users will now be required to enable MFA for access to their Salesforce products.
Yep, you have almost an entire year to make sure this change happens.
However, even though this is still a ways out, we don’t want to underplay this update because this changes the way your users login to Salesforce. And you can’t just ignore it until the February 2022 deadline. But don’t panic, because that’s way more time than most nonprofits will need.
What is MFA?
Before we dive into the how, we thought we would actually address what multifactor authentication, or MFA, actually means for your Salesforce users.
Adding MFA helps significantly with security. It requires users to thoroughly prove their identity by using two or more identifying factors when they sign in. The standard has always been username and password, but MFA adds another level of security by utilizing tools like a security key or authenticator app. When there are more hoops to sign in, it makes it much harder for threats to succeed.
If you’d like to learn more about MFA, check out this blog post here.
When should our organization make this Salesforce update?
The rather urgent-sounding email Salesforce sent is more for the benefit of customers with dozens or hundreds of users, who will require a good deal of communication and planning to have a good MFA rollout. So if that is not you, you are doing just fine.
If you have a relatively small number of users, we don’t anticipate this taking too much time for you to implement overall. You can also activate MFA for one user (or a small group of users) at a time, so it’s easy to work out the kinks and find a process and method that best works for you.
So is this something you need to deal with now or later?
Well there are a few factors at play here. How long it will take, and how easy it will be, is entirely dependent on how many Salesforce users you have, how comfortable they are with technology change, and how easily you can communicate the necessary change.
If you are the only user, turning on MFA will take under 30 minutes. If you’ve got dozens (or hundreds) of users, you’ll likely need to plan a rollout over several weeks or more to minimize disruption to your users.
What should be considered with a MFA rollout?
There are a few authentication methods you can use to set up MFA for your Salesforce users including the Salesforce Authenticator and third-party options like Google Authenticator, Microsoft Authenticator, or Authy.
In our experience, the Salesforce Authenticator is what we recommend because of the ease of use (aka it doesn’t require typing in a 6-digit code every time) and because the login interface walks users through the setup. This is an app you install on your phone and link to your Salesforce account—and whenever anyone attempts to log in with your Salesforce account, you’ll get a message asking you to approve the login.
However, we encourage you to check out the other authentication methods and do your own assessment to see what will work best for your team. For example, maybe your team already uses Google Authenticator for other systems so that would be a better option? We know every team has different needs and hoops to jump through with their technology setups.
You can turn on MFA for specific users or profiles early if you want to evaluate the change for yourself or a small group to better plan the organization-wide rollout and manage user expectations. Similarly, large organizations can roll out this update in phases to different groups of users.
If you would like to learn more about this update, check out Salesforce’s FAQ’s on their MFA requirements.
And as always, if you have any issues as you start planning to make this change, our team at Tackle is always willing to pitch in! Simply contact us today, we’d love to chat with you about your technology system needs.