Q: Why is this feature being enabled?
A: By providing a separate channel from email, SMS method of identity confirmation adds an extra layer of protection, as there is less potential for a third party to compromise multiple user devices simultaneously.
Q: How is this different from how identity confirmation worked before?
A: To date, Email Identity Confirmation has been enabled for all organizations as default. If you had previously enabled SMS Identity Confirmation for your org, your users have had a choice to receive identity confirmation verification codes via email, SMS, Salesforce Authenticator app or Temporary Verification code
Q: Does SMS Identity Confirmation apply to Portal Users?
A: SMS Identity Confirmation does not apply to Portal Users, as they do not use the standard Salesforce login URL to access Salesforce.
Q: Does SMS Identity Confirmation apply to Chatter External Users?
A: SMS Identity Confirmation does apply to Chatter External Users, as they do use the standard Salesforce login URL to access Salesforce.
Q: How do I enter my mobile phone into the system?
A: How to verify a valid mobile number.
Q: What if I don’t have a mobile phone?
A: If you do not have a mobile phone, you can simply decline to verify a number and continue to use email verification. No additional action is required on your part.
Q: Can I choose to have both SMS and email-based identity confirmation?
A: Your system administrator can enable Email-based Identity Confirmation to your profile or via a permission sets assigned to your user account. However, individual users cannot choose this option themselves.
Q: How do I get a SMS Identity Confirmation code when I don’t have mobile phone coverage (i.e. on a plane)?
A: Due to the nature of SMS Identity Confirmation, you will not be able to login to Salesforce until you are able to retrieve a verification code on your phone unless your system administrator enables Email-based Identity Confirmation to your profile or via a permission sets assigned to your user account.
Q: What if I lose my phone? How do I get access to a verification code?
A: If you lose your phone, please contact your system administrator who can:
- remove the mobile number from your user detail page so that you can retrieve a verification code via email. If you are the only system administrator, please submit a case with Salesforce Support to have the mobile number removed.
When you can’t access the device you usually use for two-factor authentication, ask your Salesforce admin to give you a temporary identity verification code. The code is valid for 1 to 24 hours. Your admin sets the expiration time, but you can expire the code early if you no longer need it.
Instructions can be found here: Verify Your Identity with a Temporary Code / Generate a Temporary Identity Verification Code
Q: I receive an error when attempting to verify with SMS "Unable to send you a verification code at this time. You may have attempted too many verifications in the last hour. Try again later."
A: Our system limits the number of messages sent our for a single user to five per hour. Once the hour is up you will be able to try again.
Q: What will change for my users once the change is activated?
A: After this change is activated for your organization, users who do not have a verified mobile number will see a prompt to submit a mobile number on their next login. Users who already have a verified mobile number will only notice a change the next time they to attempt to access your Salesforce org from a new/unauthenticated IP address. All users that have verified mobile numbers will no longer see email verification as an option when challenged, unless the Email-Based Identity Confirmation is enabled.
Q: Can I re-enable email identity confirmation as an org preference or user preference?
A: You can re-enable the “Email-Based Identity Confirmation Option” permission to a profile or add it to a permission set and assign that permission set to a user.
Q: Can my end-users choose to have both SMS and email-based identity confirmation?
A: End-users do not have the ability to control the option to have both SMS and Email. Only system administrators can set this option.
Q: What if all my users do not have mobile phones?
A: When users are prompted to verify their phone number on login, they have the option to decline and continue to use email verification.
Q: If I am using SSO what are my implications of SMS Identity Confirmation?
A: Users using Delegated Authentication will be prompted to enter a phone number. Users using SAML (Federated Authentication) will not be prompted. Orgs with SAML enabled but who have users logging in directly via login.salesforce.com (not via SAML) will be prompted.
Contact, Group or Professional Edition
Q: I am not able to edit profiles or add permission sets in my org. How can I re-enable the email identity confirmation for verified mobile users?
A: Please contact your Salesforce Account Team