Print this page

Enable the SMS method of identity verification

Knowledge Article Number 000175978
Description Enable the SMS method of identity verification provides users the possibility to receive the 5-digit verification code by SMS when they are challenged to authenticate a new IP address or a new device/browser from where they are logging in.
Resolution Administrators can enable this feature at the setting below:
  • Salesforce classic UI: Select Setup | Security Controls | Session Settings, check box for Enable the SMS method of identity verification
  • New Lightning UI: Select the top-right Gear | Setup Home | Security | Session Settings, check box for Enable the SMS method of identity verification
 
Once the feature is enabled, every user will get a prompt screen after logging in that asks them to register for mobile verification.
 
The user can take one of the following actions:
  • Enter a mobile phone number and then have it verified with a text message. Refer to How to verify a valid mobile number
  • Skip entering a mobile number now, but get asked again at your next login.
  • Completely opt-out of mobile verification.
 
System Admin can add the mobile number under the User Detail page and the mobile number is automatically considered verified.
Example:
   +1 5034440579
   +39 5034440579

Refer to How to verify a valid mobile number article https://help.salesforce.com/apex/HTViewSolution?urlname=How-to-verify-a-valid-mobile-number&language=en_US

Note:
If "Enable the SMS method of identity verification" is NOT set, the user won't be able to verify their mobile phone number upon login, and Salesforce will send the 5-digit verification code via email by default.
 
The SMS-based identity verification or Email-Based Identity verification does not apply to Portal Users because Portal Users utilize alternate URL's to access Salesforce. This only applies to users that utilize the standard Salesforce login page at login.salesforce.com.
 
For customer with business justification, customer can have Salesforce sent the 5-digit verification code via email by default as we cannot remove the crucial identity verification feature.

- Workaround 1:System Admin can re-enable email identity confirmation by assigning a user permission called “Email-Based Identity Verification Option” to a profile or as a permission set to an individual user.
Group Edition can't have profile so workaround#1 is not applicable.

- Workaround 2: System Admin removes the user's mobile number then the Identity Confirmation verification code will be sent to email.

Otherwise, customer can open a support case to have Enable the SMS method of identity verification option disabled. Then, the verification code will be sent via email by default.




promote demote