Recommended Adoption Order for MFA, Enhanced Domains, and Hyperforce

Recommended Adoption Order: MFA, Enhanced Domains, Hyperforce

MFA, enhanced domains, and Hyperforce are different enhancements, but there’s one thing that they share: the hostnames that Salesforce uses to serve your org. With this in mind, Salesforce has some recommendations regarding the adoption order for these enhancements.

MFA is contractually required for your Salesforce users, and we recommend that you enable it as soon as possible. If MFA isn’t enabled yet, deploying enhanced domains before you enable MFA can reduce your effort. We also recommend that you deploy enhanced domains before they’re enforced, and before your migration to Hyperforce.  

Here’s why we recommend this order.

• Multi-factor authentication (MFA) is essential to secure your data and accounts. To protect your Salesforce environment against rising cyberattacks, Salesforce requires MFA to access Salesforce products. We recommend that you enable MFA as soon as possible rather than waiting for Salesforce to enable it for you in 2023.

• To minimize the number of URL changes for Visualforce pages, content, and Experience Builder, we recommend that you deploy enhanced domains before your migration to Hyperforce. If you don’t deploy enhanced domains first, be aware that those URLs change twice: when you move to Hyperforce, and again when you deploy enhanced domains. For more information, see My Domain URL Format Changes When You Enable Enhanced Domains. 

• Hyperforce requires Server Network Indication (SNI) for some connections. Because enhanced domains support SNI, we recommend that you deploy enhanced domains before your migration to Hyperforce. 

• When your My Domain login URL or site URL changes, authentication methods such as SSO and multi-factor authentication (MFA) can stop working. To preserve access to Salesforce and prevent end-user frustration, we recommend that you verify backup methods and communicate to your users before you deploy enhanced domains. For more information, see Preserve Login Access During a My Domain Login URL Change in Salesforce Help. If you plan to enable MFA and deploy enhanced domains within a short time, you can minimize the required updates to MFA by deploying enhanced domains first.

More Information About the Enhancements

Unfamiliar with MFA, enhanced domains, and Hyperforce? To learn more about these enhancements, why Salesforce is implementing them, and when they’re required, read on. 

Multi-Factor Authentication (MFA) 

What: MFA adds another layer of security to your login process by requiring users to enter two or more pieces of evidence — or factors — to prove that they’re who they say they are.

Why: MFA is one of the simplest, most effective ways to prevent unauthorized account access and safeguard your data and your customers' data. We require customers to implement MFA to help mitigate the risks stemming from threats like phishing attacks, credential stuffing, and account takeovers.

When: Effective February 1, 2022, Salesforce customers are contractually required to use MFA to access Salesforce products. If you haven’t enabled MFA for all of your Salesforce users yet, please be aware that over the course of 2022 and 2023, Salesforce is taking action to automatically enable and enforce MFA for all direct logins to Salesforce products. For more information, see the MFA Enforcement Roadmap.

More information about the MFA requirement

• Customer Site: Salesforce Multi-Factor Authentication
• Knowledge Article: Salesforce Multi-Factor Authentication FAQ

 

Enhanced Domains

What: Enhanced domains are the latest version of the My Domain feature, which meets the latest browser security requirements. Enhanced domains update the format of URLs that Salesforce hosts for your org. Your instance name is removed from all URLs, your company-specific My Domain name is included in all URLs, and multiple domain suffixes change to meet the latest security standards. 

Why: Enhanced domains allow users to access Salesforce with browsers that block third-party cookies. Also, with no instance names, enhanced domains don’t change when an org is moved to another Salesforce instance. For more information, see Why Enhanced Domains in Salesforce Help.

When: Enhanced domains are enforced in phases. Automatic deployment started in Winter ’23 and enforcement in Winter ’24. For additional timeline details, see Enhanced Domains Timeline in Salesforce Help.

More information about enhanced domains

• Video overview: Enhanced Domains
• Salesforce Help: Enhanced Domains
• Salesforce Help: Plan for a My Domain Change
• Salesforce Enhanced Domains FAQ
• Trailblazer Community group: My Domain and Enhanced Domains

 
Hyperforce

What: Hyperforce is the next generation Salesforce infrastructure architecture, built for the public cloud.

Why: Hyperforce allows Salesforce to rapidly deliver its platform and applications to locations worldwide, giving customers more choice and control over data residency. Products running on Hyperforce benefit from enhanced standards for compliance, security, agility, and scalability, and from our continued commitment to privacy. By providing a common foundation for our applications, Hyperforce accelerates our ability to innovate across product clouds and deliver additional business value to customers.

When: Salesforce is migrating instances to Hyperforce during maintenance windows. When your org is moving to Hyperforce, you receive a notification email with instructions about how to prepare for the migration. After you’re notified that you’re eligible to upgrade to Hyperforce, you can use the Hyperforce Assistant in Setup to prepare you for your upgrade.

More information about Hyperforce

• Video: Get Ready for Hyperforce - Part 1: Introduction
• Knowledge Article: Introducing Hyperforce - General Information & FAQ
• Knowledge Article: Retain uninterrupted access to Salesforce services on Hyperforce
• Salesforce Engineering Blog: Behind the Scenes of Hyperforce: Salesforce’s Infrastructure for the Public Cloud