Home
IT Hub
Salesforce

Securing Your Salesforce: A Comprehensive MFA Guide

Reco Security Experts
Updated
May 14, 2024
May 31, 2024

Can you imagine the fear of a stranger gaining access to your bank account simply because they have access to public data about you? As companies embrace remote work culture, cybersecurity concerns have reached a peak. Data, an important element for operational businesses, should be protected from unauthorized access. Salesforce is a trusted data storage and access platform that recognizes the importance of data security.


Usernames and passwords alone may not protect users and their data strongly against phishing attacks and account takeovers. Therefore, leading tech companies, including Salesforce, have implemented a more advanced approach to organizational security: Multi Factor Authentication, or MFA.

Click on MFA for Single User in Your Org


Step 1:
Type “Permission” in the quick find section, click Permission Sets, and create a new permission set.

Step 2: Save your recently created permission set and navigate to “System Permission.

Step 3: Open System Permissions and select the Multi-Factor Authentication in the User Interface Logins Box.

Step 4: Scroll up and click “Manage Assignments” > “Add Assignment,” then assign the permission set to a user.

Step 5: If a new user is logging in, they will be asked to reset their password. Once that is done, you are good to go!

There you have it! Whenever users log into the org again, they will be required to add the credentials via the MFA permission set you just put in place.

How to Get MFA for Everyone in Your Org


Getting an MFA for everyone in your org takes just one click!

Set up >> Quick Find >> Identity Verification >> Request multi-factor authentication (MFA) for all direct UI logins to your Salesforce org.

All it takes is just a selection of a box.

Practices for Salesforce MFA

  • Define a Roll-Out Strategy for Your MFA: Decide on the structure and execution of your multifactor authentication (MFA) rollout. Develop a strategy that works for your company's size, business goals, and Salesforce products.
  • Know Who your Users Are: As an administrator, it might be difficult to know all of your users, but if you have only a few users, it is more efficient to pay attention and know them. This will help you detect a non-user in your organization.
  • Prioritize Your Users: In developing your rollout strategy, some users must figure out their MFA first. These users have some privileges that others do not have. While you set up the MFA for privileged users, you can limit other users' access from the profile level.

Conclusion


Salesforce security mechanisms protect users from getting targeted by various security breaches that can endanger a business and its data. As an administrator, you always want your data to be in safe hands

“I’ve looked at other tools in this space and Reco is the best choice based on use cases I had and their dedication to success of our program. I always recommend Reco to my friends and associates, and would recommend it to anyone looking to get their arms around shadow IT and implement effective SaaS security.”
Mike D'Arezzo
Executive Director of Security
“We decided to invest in SaaS Security over other more traditional types of security because of the growth of SaaS that empowers our business to be able to operate the way that it does. It’s just something that can’t be ignored anymore or put off.”
Aaron Ansari
CISO
“With Reco, our posture score has gone from 55% to 67% in 30 days and more improvements to come in 7-10 days. We are having a separate internal session with our ServiceNow admin to address these posture checks.”
Jen Langford
Information Security & Compliance Analyst
“That's a huge differentiator compared to the rest of the players in the space. And because most of the time when you ask for integrations for a solution, they'll say we'll add it to our roadmap, maybe next year. Whereas Reco is very adaptable. They add new integrations quickly, including integrations we've requested.”
Kyle Kurdziolek
Head of Security

Explore More

Ready for SaaS Security
that can keep up?

Request a demo