Loading
Salesforce Enforces New Security Requirements in Summer 2026Read More
Secure Your Salesforce Org
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Use Salesforce MFA for SSO (Salesforce Orgs)

            You are here:

            1. Salesforce Help
            2. Docs
            3. Secure Your Salesforce Org

            Use Salesforce MFA for SSO (Salesforce Orgs)

            To help prevent unauthorized access to your account, Salesforce requires multi-factor authentication (MFA) when users log in via single sign-on (SSO). You can use the MFA service included in the Salesforce platform to satisfy this requirement. With this approach, when users log in to Salesforce, they're prompted to provide an MFA verification method to confirm their identity.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: all editions
            Important
            Important

            Salesforce started enforcing MFA requirements in June 2026. See these articles for more information.

            User Permissions Needed
            To edit SAML settings: Customize Application AND Modify All Data
            To edit Auth Providers: Customize Application AND Manage Auth. Providers
            To edit session security settings: Customize Application
            Note
            Note

            Prior to Summer '23, the way to use Salesforce MFA for SSO logins was by applying a high-assurance session security requirement to user profiles. For improved functionality, including Visualforce compatibility, we recommend switching to the method shown in this help topic. For guidance on how to remove the old method, see Knowledge Article: Reset Session Security Settings for Your Salesforce MFA for SSO Configuration.

            To use Salesforce MFA for new or existing SSO configurations:

            1. Enable MFA for your users.

              Salesforce automatically enables MFA for all users in production orgs. If that's not the case for your org, see Enable MFA for Your Entire Org.

            2. Enable MFA for your SSO configuration.

              On the setup page for your SAML or Auth Provider SSO configuration, enable the Use Salesforce MFA for this SSO Provider setting. If you use multiple SSO configurations for logins to Salesforce, do this step for each configuration.

            3. Ensure that your session security level settings are correctly configured.
              1. From Setup, in the Quick Find Box, enter Session Settings, and select Session Settings.
              2. In Session Security Levels, make sure that your SSO provider is in the Standard column and Multi Factor Authentication is in the High-Assurance column.

                This setup ensures that your SSO users receive a high-assurance session only if they complete MFA.

              3. Save your changes.

            If you're creating a new SSO configuration, see these resources for help with the setup process.

            See Also

             
            Loading
            Salesforce Help | Article