Understanding MFA Auto Enablement and Audit Trail Entries in Salesforce

This situation typically arises due to the following reasons:

• Deferred Auto Enablement of MFA for Direct UI Logins:
  • Some customers choose to defer the auto enablement of MFA for direct UI logins. This means that even though MFA is required, it isn't enforced immediately for all users.
• Salesforce's Enforcement of MFA After the Due Date:
  • Once the deferred period expires, Salesforce automatically enforces MFA for direct UI logins. This is a security measure to ensure compliance with Salesforce's MFA requirements.
• Audit Trail Entry for the First Non-SSO User:
  • After Salesforce enforces MFA enablement, the first non-SSO (Single Sign-On) user who attempts to log in will be recorded in the audit trail as having enabled MFA.