Two Factor Authentication In Salesforce

Last Updated on November 12, 2017 by Rakesh Gupta

Two Factor Authentication
Two Step Authentication in Salesforce

What is Two Factor Authentication ?

Once you enable Two Factor Authentication for few web applications like Gmail, Facebook etc. then to access such applications you have to enter your credentials with security code generated by mobile apps or received by SMS.

Authentication process in Salesforce ?

Currently we have SMS-based and Email-based login verification to activate a computer, In that salesforce is sending 6 digit Pass-code directly to your mobile or email Inbox. After Winter’14 release you can able to setup Time-Based Tokens for Identity Confirmation for any user’s in your organization. Salesforce uses time-based tokens from a supported mobile authenticator app as a form of two-factor authentication to verify users’ identity and prevent unauthorized access to the service during login and whenever a High Assurance security level is required.

What are the Prerequisite?

Google Authenticator App, To install this app click on Google Authenticator Setup link.

How it work‘s ?

Once Two factor authentication enabled for users, when user login next time it will prompted to add a time-based token. They must enter the changing token from their mobile app every time they log in. Once users add a time-based token to their account they can also use the token to confirm their identity when they activate their computer. Partner Portal and Customer Portal users aren’t required to activate computers to login.
Note:- Users aren’t asked for a verification code the first time they login to Salesforce.

Process to enable Time-Based Tokens for Identity Confirmation ?

Time-based tokens can now be used in addition to SMS-based and email-based login verification to activate a computer.

1. Download the supported Authenticator app for your mobile devices.
2. Create One permission sets with Name ‘Two Factor Authentication‘. To do that navigate to Name  | Setup | Manage Users | Permission sets | New and fill the data you can take help from below screen shot.

Permission Sets
Permission Sets

3. Add ‘Two-Factor Authentication for User Interface Logins‘ System permission in newly created permission sets.

System Permission
System Permission

4. Now navigate to User’s record for whom you want to enable Two Factor Authentication.
5. Add this permission sets to users record, By clicking on Edit Assignments button in Permission Sets Assignments related list on User’s record.

Permission Sets Assignments
Permission Sets Assignments

6. Now Log out from salesforce and login by using your credentials, you will come across below page.

Add a Time-Based Token
Add a Time-Based Token

7. SO what next ? Open Google Authenticator App in your mobile.

8. Scan bar code and it will look like below screen.

Scan Your Barcode
Scan Your Bar code

9. Enter this code in screen (6) and access your org.

Set a High Assurance required policy for accessing reports and dashboards

To set a High Assurance required policy for accessing reports and dashboards, then follow the below instructions.

1. Navigate to Name | Setup | App Setup | Customize | Reports & Dashboards | Access Policies.
Note :- Access Policies control the conditions under which users may access Reports and Dashboards.

2. Select ‘High Assurance session required‘ Check-box and select desired option.

Access Policies
Access Policies

3. Next time when you click on Report or Dashboards tab , It will redirect you to Two-Factor Authentication Required Screen (Like below screen)

Two-Factor Authentication Required
Two-Factor Authentication Required

4. Click on ‘Use Mobile Authenticator App‘ Button enter Token Generated by mobile apps and access Reports & Dashboards.

How to Remove Time Based Token/Two Factor Authentication ?

It’s very easy to do that, Just navigate to users record, Click on Remove  link in-front of Time-Based Token.

Remove Time-Based Token
Remove Time-Based Token

Try it and leave your comments….Cheers!!!!

14 thoughts on “Two Factor Authentication In Salesforce

  1. Good Article. Do you know if there is a way to create a trust from a system or device after an authentication success? I’d like my users to perform a two-factor auth, but allow them to trust certain systems like their work laptop.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.