Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Manage Identity Verification Methods for Multi-Factor Authentication (Salesforce Orgs)

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Manage Identity Verification Methods for Multi-Factor Authentication (Salesforce Orgs)

            Multi-factor authentication (MFA) requires users to verify their identity with a verification method in addition to their username and password. Fine-tune the MFA login experience by giving users a choice of methods and optimizing the registration process based on the methods used most by your user base. As a security best practice, require users to use phishing-resistant verification methods: built-in authenticators or security keys.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: all editions
            • Verification Methods for Multi-Factor Authentication
              The multi-factor authentication (MFA) login process requires users to provide an identity verification method in addition to their username and password. Salesforce products support several types of verification methods, including built-in authenticators, physical security keys, and authenticator apps. As a security best practice, require users to use phishing-resistant verification methods: built-in authenticators or security keys. Here’s an overview to help you identify which options work best for your business and your users.
            • Decide How Users Select a Verification Method During MFA Registration for Salesforce Orgs
              Optimize how users register identity verification methods for multi-factor authentication (MFA) and device activation, based on the methods you want to prioritize. If you’re supporting multiple verification methods, you can start with a list of all options for users to choose from. Or, if you want to prioritize built-in authenticators, you can present that option first.
            • Configure the MFA Verification Methods Available to Your Users for Salesforce Orgs
              Salesforce supports four identity verification methods for multi-factor authentication (MFA) and device activation: built-in authenticators, physical security keys, Salesforce Authenticator, and third-party authenticator apps. As a security best practice, require users to use phishing-resistant methods: built-in authenticators or security keys. In orgs created before Summer ’25, Salesforce Authenticator and third-party apps are automatically available to users, but a Salesforce admin must enable the options to use built-in authenticators and physical security keys. In orgs created in Summer ’25 and later, all verification methods are allowed by default. For external users only, you can allow the use of one-time passcodes delivered via SMS text messages.
            • Help Users Register MFA Verification Methods for Salesforce Orgs
              Multi-factor authentication (MFA) is automatically enabled for direct logins to Salesforce production orgs. To log in, users must have at least one registered identity verification method that they provide in addition to their username and password. If they haven’t set up a verification method, they’re prompted to register one for MFA when they log in. The registration process connects a verification method to the user’s Salesforce account. Each user must complete this step themselves — Salesforce admins can’t do it for them. But you can head off confusion and support tickets but making sure your users understand what they must do.
             
            Loading
            Salesforce Help | Article