Loading

Use Cases That are Excluded from the multi-factor authentication (MFA) Requirement

Fecha de publicación: Apr 22, 2026
Descripción

Multi-factor authentication (MFA) is required for most Salesforce users, but several user types, login types, and org types are excluded. Per the Salesforce Multi-Factor Authentication FAQ, the exclusions include: 

 User and Login Types

  • External users (more about external users below)
  • Chatter External and Chatter Free users
  • Automated Testing account logins to the UI
  • Robotic Process Automation (RPA) account logins to the UI
  • System integration login types via the API
  • Logins where the user has a combination of a trusted corporate device that has been issued a device certificate AND their trusted device is on a trusted network (that is, an IP address in their corporate network’s IP range, either by accessing the network from inside the office or by using VPN).

Org Types

  • Developer Edition and Partner Developer Edition orgs
  • Scratch orgs
  • Trailhead Playgrounds
  • Experience Cloud sites, e-commerce sites, help portals, employee communities 
  • Some sandbox environments (more about sandbox environments below)
Solución

More About External Users

For products built on the Salesforce Platform, MFA isn't required for your company's Experience Cloud sites, employee communities, help portals, or e-commerce sites/storefronts. You don't have to enable MFA for external users who access these sites. You can identify external users by these types of licenses:

  1. Community licenses
  2. External Identity licenses
  3. Employee Community licenses (either a Salesforce Platform license paired with a Company Community for Lightning Platform permission set license or a legacy Company Community license)

For Tableau Online, MFA isn't required for Tableau Online external users who consume visualizations in embedded contexts or for external users of a customer's Tableau Online site.

More About Sandbox Environments

Whether MFA is required for a sandbox environment depends on the Salesforce product.

For products built on the Salesforce Platform:  Sandboxes are temporarily excluded from the MFA requirement. The requirement will apply in the future, after we’ve released features that make it easier to manage MFA in these environments. Even though MFA isn’t required for sandboxes at this time, we strongly recommend using MFA for these environments if they include any intellectual property, customer data, or other Salesforce production data.

For B2C Commerce and Marketing Cloud Intelligence:  MFA is required for sandbox environments. These environments will be affected when MFA is enforced for B2C Commerce and Marketing Cloud Intelligence customers.

For products, such as Marketing Cloud Engagement, that don’t have formal sandbox environments: Even if you have tenants, orgs, or instances that are used solely for testing purposes, MFA is required for these environments.

Recursos adicionales
Número del artículo de conocimiento

000389309

 
Cargando
Salesforce Help | Article