Below are some troubleshooting steps that a system administrator can conduct if their users are encountering Two-Factor Authentication issues:
- From Salesforce classic UI, select Setup | Manage Users | Users | click on the username.
- From New Lightning UI, click on top right Gear | Setup Home | Users | Users | click on the username.
- Locate the field App Registration One-Time Password Generator ( Time-Based Token ) field on the affected user record.
- Click on the Remove option next to App Registration One-Time Password Generator (Time-Based Token). By removing it, the system will generate a new QR code to be scanned by the user upon login.
- The user has to download the Salesforce Authenticator or Google Authenticator on their mobile device and confirm that they have a QR code scanner. Links: (Apple Version for Google Authenticator) (Android Version for Google Authenticator).
- After the user logs in with Salesforce username and password, the QR code needs to be scanned, to generate a token:
- The user has to use the Salesforce Authenticator app already installed on their mobile device to scan the QR code to create a time-based token code.
- As soon as the QR code is scanned have the affected user type in the code generated from the Authenticator app in the box displayed under the QR code.
- Click on "Verify and login" button once the code is entered and the user will be logged in.
Note: If you're getting an error on the mobile device when attempting to replace a old time-based token, please swipe left to remove the time token.
Enhancing Security with Two-Factor Authentication video tutorial (6:56 minutes)
Introduction to Salesforce Authenticator video tutorial
Instructions to setup Salesforce Authenticator app with user accounts can be found HEREHow to enable Trusted Locations and how to use Push Notifications
- You need to enable "Location" from their mobile device Settings
- When you log in from a new device or browser, the Salesforce Authenticator app will send a notification. Please see below:
See Trusted Locations and how to clear Trusted Locations
1. Open the Salesforce Authenticator app
2. Tap the account you want to see the Trusted Locations for.
3. Tap the Gear icon in the top right.
4. Tap the button for the action you'd like to take.