Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Resolve MFA Access Issues for Your Users (Salesforce Orgs)

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Resolve MFA Access Issues for Your Users (Salesforce Orgs)

            As a Salesforce admin, part of your role is managing and maintaining user access. With multi-factor authentication (MFA) in effect for your org, it’s important to know how to resolve MFA-related access issues that users can encounter. There are three likely scenarios. A user doesn’t have access to their MFA verification method and can’t log in. A user loses or replaces a verification method and must register a new one. And the connection between a user’s registered verification method and their Salesforce account stops working. Use temporary verification codes to allow users to regain access immediately. When dealing with a broken connection or a missing verification method, revoke the connection and help the user set up a new method.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: all editions
            Important
            Important If you’re the only admin for your Salesforce org and you get locked out because of MFA, contact Salesforce Customer Support for help.

            Here are the recommended recovery steps for these MFA-related access issues.

            Note
            Note Make sure you have the Manage Multi-Factor Authentication in User Interface permission in addition to your Salesforce admin permissions. You need this additional permission to generate temporary verification codes, disconnect verification methods from user accounts, and monitor identity verification and verification method activities in your org. See Delegate MFA Management Tasks for Salesforce Orgs.

            User Forgot Their Verification Method

            If a user forgot to bring their security key or the device that has their authenticator app or service, a temporary verification code gets them through the day.

            User's Verification Method Is Lost or Stolen

            Temporary verification codes allow a user to work until they’re able to replace their verification method. We also recommend several security-related steps to ensure a bad actor isn’t trying to use the missing method.

            User's Verification Method Isn't Working or Has Been Replaced

            If a user’s verification method has stopped working correctly, reset the method so the user can re-register it for MFA. These steps also apply if a user updates their security key with a new device, or replaces their mobile device or computer and has to install an MFA authenticator on the new hardware.

            See Also

             
            Loading
            Salesforce Help | Article