What is Two Factor Authentication ?
Once you enable Two Factor Authentication for few web applications like Gmail, Facebook etc. then to access such applications you have to enter your credentials with security code generated by mobile apps or received by SMS.
Authentication process in Salesforce ?
Currently we have SMS-based and Email-based login verification to activate a computer, In that salesforce is sending 6 digit Pass-code directly to your mobile or email Inbox. After Winter’14 release you can able to setup Time-Based Tokens for Identity Confirmation for any user’s in your organization. Salesforce uses time-based tokens from a supported mobile authenticator app as a form of two-factor authentication to verify users’ identity and prevent unauthorized access to the service during login and whenever a High Assurance security level is required.
What are the Prerequisite?
Google Authenticator App, To install this app click on Google Authenticator Setup link.
How it work‘s ?
Once Two factor authentication enabled for users, when user login next time it will prompted to add a time-based token. They must enter the changing token from their mobile app every time they log in. Once users add a time-based token to their account they can also use the token to confirm their identity when they activate their computer. Partner Portal and Customer Portal users aren’t required to activate computers to login.
Note:- Users aren’t asked for a verification code the first time they login to Salesforce.
Process to enable Time-Based Tokens for Identity Confirmation ?
Time-based tokens can now be used in addition to SMS-based and email-based login verification to activate a computer.
1. Download the supported Authenticator app for your mobile devices.
2. Create One permission sets with Name ‘Two Factor Authentication‘. To do that navigate to Name | Setup | Manage Users | Permission sets | New and fill the data you can take help from below screen shot.
3. Add ‘Two-Factor Authentication for User Interface Logins‘ System permission in newly created permission sets.
4. Now navigate to User’s record for whom you want to enable Two Factor Authentication.
5. Add this permission sets to users record, By clicking on Edit Assignments button in Permission Sets Assignments related list on User’s record.
6. Now Log out from salesforce and login by using your credentials, you will come across below page.
7. SO what next ? Open Google Authenticator App in your mobile.
8. Scan bar code and it will look like below screen.
9. Enter this code in screen (6) and access your org.
Set a High Assurance required policy for accessing reports and dashboards
To set a High Assurance required policy for accessing reports and dashboards, then follow the below instructions.
1. Navigate to Name | Setup | App Setup | Customize | Reports & Dashboards | Access Policies.
Note :- Access Policies control the conditions under which users may access Reports and Dashboards.
2. Select ‘High Assurance session required‘ Check-box and select desired option.
3. Next time when you click on Report or Dashboards tab , It will redirect you to Two-Factor Authentication Required Screen (Like below screen)
4. Click on ‘Use Mobile Authenticator App‘ Button enter Token Generated by mobile apps and access Reports & Dashboards.
How to Remove Time Based Token/Two Factor Authentication ?
It’s very easy to do that, Just navigate to users record, Click on Remove link in-front of Time-Based Token.
Try it and leave your comments….Cheers!!!!