Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Enable MFA for External Experience Cloud Site Users (or Specific Internal Users)

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Enable MFA for External Experience Cloud Site Users (or Specific Internal Users)

            Salesforce doesn’t require multi-factor authentication (MFA) for external users but you can certainly include this class of users in your MFA implementation. To enable MFA for external users who log in directly to your company’s Experience Cloud sites, employee communities, or other types of community portals, apply the Multi-Factor Authentication for User Interface Logins user permission. You can also use the MFA user permission to enable MFA for specific internal users. When MFA is turned on, users logging in directly with their username and password must also provide an identity verification method such as an authenticator app or security key.

            Required Editions

            Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
            Available in: all editions
            User Permissions Needed
            To edit profiles and permission sets: Manage Profiles and Permission Sets
            Note
            Note For full details about the contractual requirement to use MFA, see the Salesforce Multi-Factor Authentication FAQ.

            To enable MFA for external Experience Cloud site users:

            1. In Setup, in the Quick Find box, enter Users, and then select Profiles.
            2. Edit the custom profiles assigned to external Experience Cloud site users. (Standard profiles can’t be edited.)
            3. In the General User Permissions section, select the Multi-Factor Authentication for User Interface Logins checkbox.
            4. Save your change.
            Note
            Note

            The Multi-Factor Authentication for User Interface Logins user permission can also be used to enable MFA for direct logins by specific internal users. This method is useful for testing an MFA rollout in a trial, sandbox, or dev org. The setup process is the same as shown in this topic except you can assign the user permission by a permission set instead of editing customer profiles. See Create Permission Sets, Enable User Permissions in Permission Sets, and Manage Permission Set Assignments for guidance. (The permission set option doesn’t apply for external users.)

            Because Salesforce automatically enables MFA for all internal users who log in directly to production orgs, the MFA user permission is no longer necessary or useful in those environments.

            You can’t assign the Multi-Factor Authentication for User Interface Logins permission to users with the Salesforce Limited Access – Free license. We're working to resolve this issue.

            See Also

             
            Loading
            Salesforce Help | Article