Home
IT Hub

How to Enforce MFA on the Salesforce Mobile App

Salesforce
Reco Security Experts
Updated
July 24, 2024
July 25, 2024

How to Enforce MFA on the Salesforce Mobile App for Secure Access

The Salesforce mobile app aims to make Salesforce accessible to everyone in your organization while on the go. For sales teams, the Salesforce Mobile app allows sales representatives to access and report data from their phones, especially while on field duty.

Security is a top priority in Salesforce, especially in the area of data protection. Mobile apps offer mobility and convenience but pose a significant data security risk. This risk must be addressed in businesses, where data is crucial. This is where multi-factor authentication (MFA) for your Salesforce mobile app comes into play. The risks of not implementing MFA can have serious consequences for your organization. Let’s look at some scenarios below:

  1. Phones Can Be Misplaced: If a user in your org loses their phone without any security mechanism on their Salesforce app, the risk of losing the company’s valuable and secret data in Salesforce becomes higher.
  2. Inappropriate Access to Your Org: Phones can be swapped or temporarily out of sight. If an MFA is not activated, a stranger can access your org, which can put the entire organization at risk.

Understanding how to enforce MFA on the Salesforce mobile app is key to integrating the Salesforce Authenticator app into your login process and ensuring secure access to your organization's data.

How to Enforce MFA on the Salesforce Mobile App for Users

The most recommended way for users to enforce MFA on the Salesforce mobile app is to integrate the Salesforce Authenticator app into their login process. The Salesforce Authenticator app is free and integrates seamlessly into Salesforce’s login process. The permission sets option is the easiest option for successfully enabling MFA for a user using the Salesforce Authenticator app.

Enabling MFA for a Salesforce Mobile App User via a Permission Set

Enabling (MFA) for a Salesforce mobile app user via a permission set is the easiest and quickest way. Here are the steps involved:

1. Navigate to setup ⚙️and type “Permission Set” in the quick find box. Click “New”. Permission Set >> New.

2. Label the permission set. The API Name will auto-populate. Then, save the permission set. 

3. Next, scroll down and click “System Permissions.”

4. Scroll down to these two checkboxes and check them:

Multi-Factor Authentication for API Logins: This helps require users to enter a code from a time-based one-time password (TOTP) authenticator app (in this case, the Salesforce Authenticator App) instead of the email security token in the API.

Multi-Factor Authentication for User Interface Logins: This helps require users to provide an additional verification method in addition to their username and password when logging in to Salesforce orgs.

Note: You must click the edit button at the top of the permission before checking the boxes.

5. Save your changes/configurations.

6. Next, assign your permission set to the user for which you want to enable MFA. This means that the user must already be in your org. To do this, scroll up and click “Manage Assignments.”

7. Click “Add Assignments” and add the user for which you want to activate MFA.

8. Go to the “Quick Find” box. Type in “Login Access Policies” and enable “Administrators Can Log in as Any User.”

9. Log out and log back in using MFA.

Conclusion

The Salesforce mobile app ensures users can stay up-to-date with their data, take action, manage leads, and collaborate from anywhere. It puts data at the users' fingertips, providing easy access to reports, the dashboard, lead management, setting up meetings and tasks, and much more. In addition, it is also important to activate MFA for your users to ensure data security.

Explore More
See more articles from our Hub

Start Securing Your Entire SaaS Lifecycle

Request a demo