Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Test Your MFA Implementation for Salesforce Orgs

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Test Your MFA Implementation for Salesforce Orgs

            If you’re evaluating Salesforce, we recommend enabling and testing multi-factor authentication (MFA) in your trial org before converting to a subscription. MFA is automatically enabled for all users when a production org goes live. If you test MFA ahead of time, you get first-hand experience with the MFA registration process and are prepared to assist users if they have issues logging in. Even if Salesforce automatically enabled MFA for your existing org, it’s beneficial to evaluate and refine how things work in a test environment before applying changes for your users.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: all editions

            We recommend testing MFA in an environment other than your production org. You can use a trial org, a sandbox environment, or sign up for a free Developer Edition org.

            Salesforce enables MFA via the Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org setting. But this setting turns on MFA for every user in an org. To avoid getting accidentally locked out of your test environment, enable MFA in a more limited way by turning it on for one or two test users only. Take this approach by assigning the Multi-Factor Authentication for User Interface Logins user permission in a profile or via a permission set.

            Note
            Note To ensure you don’t lose access to your test environment, avoid using your admin account for MFA testing.

            When MFA is enabled for your test environment, log in as a test user and complete the registration process for each of the verification methods that you’re supporting. Then log out and log back in again to confirm the methods are working as expected.

            Note
            Note If you’re deploying security keys or built-in authenticators, turn on these options in your test environment. See Configure the MFA Verification Methods Available to Your Users for Salesforce Orgs. Built-in authenticators must be set up on your device before they can be registered for MFA.

            It’s also a good idea to test access recovery options so you’re prepared to help if a user loses or forgets their verification method.

            See Also

             
            Loading
            Salesforce Help | Article