Plan for Multi-Factor Authentication

To optimize how MFA works for your users, consider these actions.

• Determine Business and User Needs for MFA
  Even though multi-factor authentication (MFA) is automatically enabled for direct logins to production orgs, we recommend looking for ways to optimize the experience for your users. If your company accesses Salesforce via single sign-on (SSO), understanding your business and users’ needs gives you insights to help define your MFA implementation. By reviewing the considerations in this topic, you can determine the most suitable MFA verification methods for your users.
• Prepare Your Users for MFA
  Most people these days are familiar with some form of multi-factor authentication (MFA). But don’t assume your users are going to intuitively appreciate the value of MFA, or feel comfortable completing MFA registration when they log in, without some advance awareness and preparation. Whether you’re launching a new production org where MFA is on by default, turning on MFA in an org that didn’t previously use it, or adding MFA to your single sign-on (SSO) process, ensure your users are trained for MFA ahead of time. A simple change management plan goes a long way in delivering a smooth onboarding experience.
• Test Your MFA Implementation for Salesforce Orgs
  If you’re evaluating Salesforce, we recommend enabling and testing multi-factor authentication (MFA) in your trial org before converting to a subscription. MFA is automatically enabled for all users when a production org goes live. If you test MFA ahead of time, you get first-hand experience with the MFA registration process and are prepared to assist users if they have issues logging in. Even if Salesforce automatically enabled MFA for your existing org, it’s beneficial to evaluate and refine how things work in a test environment before applying changes for your users.