Turn on multi-factor authentication (MFA) for everyone in your org with a single
setting. When MFA is enabled, all internal users logging in directly with their username and
password must also provide an identity verification method, such as an authenticator app or
security key.
Required Editions
Available in: both Salesforce Classic and
Lightning Experience
Available in: all editions
User Permissions Needed
To modify identity verification settings:
Customize Application
Important
As a safeguard against unauthorized account access, customers are contractually required to
use MFA when logging in to Salesforce. To help users satisfy this requirement, the setting
discussed in this topic is automatically enabled for production orgs. For full details about
the MFA requirement, see the Salesforce
Multi-Factor Authentication FAQ.
Before you begin:
Determine if you have use cases that are exempt from the MFA requirement. For certain
types of exempt users, you must manually exclude them from MFA enablement. To learn more, see
Exclude Exempt Users from MFA for Salesforce Orgs.
To enable MFA for all internal users in your org:
From Setup, in the Quick Find box, enter Identity, and then select
Identity Verification.
Select Require multi-factor authentication (MFA) for all direct UI logins to
your Salesforce org.
Note Ensure that admins and other privileged users are able to perform
actions that require a high assurance-level of security. On the Session
Settings page in Setup, make sure Multi-Factor Authentication is in the High
Assurance column.
Considerations:
Users who have been assigned the Multi-Factor Authentication for User Interface Logins
user permission experience no change when this org setting is enabled.
The Waive Multi-Factor Authentication for Exempt Users user permission overrides this
setting.
If the Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce
org setting is disabled in a production org, all Salesforce admins see a warning prompt when
working in Setup. These recurring prompts advise that the org is out of compliance with the MFA
requirement and provide guidance on how to re-enable MFA.
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
