You are here:
Multi-Factor Authentication for Salesforce Orgs
Multi-factor authentication (MFA) is a secure authentication method that requires users to verify their identity with a second piece of evidence (or factor) in addition to their password. To protect users from security threats like phishing, credential stuffing, and account takeovers, Salesforce requires MFA for all logins to Salesforce products. This contractual requirement applies equally to direct logins with a Salesforce username and password and to logins via single sign-on (SSO). Salesforce provides free MFA functionality for all Salesforce products. To help customers satisfy the MFA requirement, MFA is automatically enabled for direct logins to production orgs.
Get Started Learn What MFA Is and Why It’s So Important |
Plan for MFA Determine Business and User Requirements |
Manage Verification Methods Learn About Supported Verification Methods Decide How Users Select a Verification Method During MFA Registration |
Implement MFA Enable MFA for Direct User Logins Turn On MFA for Single Sign-On (SSO) |
Support MFA |
Other Resources Everything You Need to Know About Multi-Factor Authentication for Salesforce Orgs |
MFA requirements are changing in June 2026.
- Salesforce enforces MFA for direct UI and SSO logins for all employee users across production and sandbox orgs. See Prepare for MFA Enforcement for All Employee Users.
- Salesforce requires phishing-resistant MFA for users with the System Administrator profile or certain permissions. See Prepare for Phishing-Resistant MFA Enforcement for Privileged Users including Admins.
