Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Implement a Custom MFA Process with Apex (Salesforce Orgs)

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Implement a Custom MFA Process with Apex (Salesforce Orgs)

            To implement your own multi-factor authentication (MFA) process, use Apex methods under the System.UserManagement class. The methods come as a pair for the Salesforce Authenticator and phone (SMS) identity verification methods — one to initiate a verification service, and one to complete the verification service. For password or time-based one-time password (TOTP) verification methods, you can use the second method alone to provide a complete verification service. Use of SMS for MFA is supported only for external users accessing your company’s Experience Cloud sites, employee communities, and other types of community portals.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: all editions

            The Apex configuration that you use depends on your verification method.

            • To implement an MFA service for the Salesforce Authenticator or SMS verification methods, use initVerificationMethod and verifyVerificationMethod.

            • To implement an MFA service for password or TOTP verification methods, use verifyVerificationMethod.

            Example
            Example Apex Methods for MFA

            This example shows Apex code for MFA using Salesforce Authenticator as the verification method.

            public void initVerification() {
// user will receive push notification on mobile device where the app is registered for MFA
 identifier = UserManagement.initVerificationMethod(Auth.VerificationMethod.SALESFORCE_AUTHENTICATOR);
}

public Auth.VerificationResult verifyVerification() {
// requiring identifier from the initVerification
// user will need to take the action on the mobile device where the app is registered for MFA
return UserManagement.verifyVerificationMethod(identifier, '' , Auth.VerificationMethod.SALESFORCE_AUTHENTICATOR);
}

            Here’s an example for SMS.

            public void initVerification() {
// user will receive code on their registered verified phone
 identifier = UserManagement.initVerificationMethod(Auth.VerificationMethod.SMS);
}

public Auth.VerificationResult verifyVerification() {
// requiring identifier from the initVerification
// the code will need to be entered in this method
return UserManagement.verifyVerificationMethod(identifier, code , Auth.VerificationMethod.SMS);
}

            The next two examples show Apex code for MFA using only the verifyVerificationMethod for password and TOTP verifications.

            public Auth.VerificationResult verifyVerification() {
// user will enter their password as a param in the verifyVerificationMethod for password verification method
return UserManagement.verifyVerificationMethod('', password , Auth.VerificationMethod.PASSWORD);
}
            public Auth.VerificationResult verifyVerification() {
// user will enter their registered time-based one-time password (TOTP) code (token)
return UserManagement.verifyVerificationMethod('', code , Auth.VerificationMethod.TOTP);
}

            See Also

             
            Loading
            Salesforce Help | Article