Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Multi-Factor Authentication Glossary

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Multi-Factor Authentication Glossary

            Familiarize yourself with common terminology related to multi-factor authentication (MFA) and the contractual MFA requirement.

            Auto-Enable MFA
            On a customer’s behalf, Salesforce turns on MFA for all users who log in directly to a Salesforce product’s user interface. Users who weren’t previously using MFA are prompted to register for it the next time they log in and can’t proceed until they do so. Users who were already logging in with MFA aren’t affected. Until MFA is enforced for a product, admins can temporarily disable the service if their users aren’t ready for it yet. See also Enforce MFA and Register for MFA.
            Authentication
            The process of validating that a user is who they say they are before they’re allowed to log into an account, perform an action, or access information.
            Enable MFA
            The action that customer admins take to turn on MFA for the users in their org/tenant/realm.
            Enforce MFA
            When Salesforce enforces MFA for a Salesforce product, it becomes a permanent part of the product’s login process. During enforcement, Salesforce auto-enables MFA for any users who aren’t already using it for direct logins. At the same time, Salesforce removes the option for all customer users, including admins, to disable MFA.
            Least Privilege
            The idea that a user should have the fewest number of permissions necessary to do their job — and nothing more. This security principle limits the risk of a user accessing information or performing an action that shouldn’t be allowed given their role, limits the impact of user errors, and reduces the damage of compromised credentials during a security threat.
            Multi-Factor Authentication (MFA)
            A security measure used to increase protection for user account access. MFA requires users to present two or more pieces of evidence — or factors — during login to prove they’re who they say they are. These pieces of evidence must fall into at least two different categories (something a user knows, has, or is). A familiar example of MFA is the two factors needed to withdraw money from an ATM. To withdraw funds, you must first present your ATM card (something you have), and then you must enter your PIN (something you know). See also Verification Method.
            Phishing-Resistant Verification Method
            Phishing-resistant verification methods provide high assurance that users accessing Salesforce products are who they say they are. Salesforce supports two phishing-resistant verification methods: built-in authenticators and physical security keys. These methods both use passkeys. See also Verification Method.
            Privileged User
            Admins and users who have a high level of access to the application or sensitive data.
            For products built on the Salesforce Platform, a privileged user is a Salesforce admin (defined as a user with both the Customize Application and Modify All Data user permissions) or a user with any of these user permissions: Customize Application, Manage Users, Modify All Data, or View All Data.
            Register for MFA
            The process each user goes through to connect an identity verification method to their Salesforce account so they can use the method to verify themselves when logging in. When MFA is enabled, users are required to register a method before they can log in. Users can register multiple methods so they have backup options in case they lose or forget their primary method.
            Security Keys
            A physical device that electronically authenticates a person’s identity by storing and retrieving some sort of personal information. Security keys come in many different form factors, including USB, Lightning, and NFC. Also referred to as a security token or authentication token.
            Time-Based One-Time Passwords (TOTP)
            Single-use passcodes that can be used as a verification method to authenticate a user to their account. To make use of a TOTP, a user must use a TOTP authenticator app, which generates the single-use passcodes. When a user is authenticating to their account, the generator implements an algorithm to create a one-time passcode based on the current time. Once displayed to the user, this password is valid for a limited time until it expires, at which time it’s no longer valid for login and the user must request a new password.
            Two-Factor Authentication (2FA)
            An older term for referring to MFA functionality. This term is deprecated at Salesforce.
            Verification Method
            A piece of evidence that a user presents when logging in to confirm their identity. Also referred to as a factor or authentication factor.
            Salesforce products support several types of verification methods, including built-in authenticators, physical security keys, Salesforce Authenticator, and third-party TOTP authenticator apps (such as Google Authenticator or Authy). See also Phishing-Resistant Verification Method.
            Important
            Important As a security best practice, require users to use phishing-resistant verification methods: built-in authenticators or physical security keys. For more information about the security benefits of these methods, see the WebAuthn guide.
             
            Loading
            Salesforce Help | Article