You are here:
Get Ready for Multi-Factor Authentication Enforcement in May
The requirement to use multi-factor authentication (MFA) when accessing Salesforce products went into effect on February 1, 2022. To help customers satisfy this requirement, MFA is soon to be a permanent part of the B2C Commerce login experience. Starting May 1, 2022 and continuing on a rolling basis through the end of May, Salesforce is enabling and enforcing MFA for all users who log in directly to B2C Commerce applications.
Where: This change applies to Business Manager, Account Manager, Log Center, Control Center, and On-Demand Sandboxes for Salesforce B2C Commerce.
When: May 1 through 31, 2022
How: Here's what to expect:
- On behalf of customers, Salesforce automatically enables MFA for all users who log in directly to B2C Commerce. Users already logging in with MFA aren’t affected.
- To enforce MFA, we remove the option for admins to turn off or modify MFA settings for their organizations.
- After MFA is enforced, all users must use MFA each time they log in. If a user hasn’t already registered for MFA, they’re prompted to do so before they can get access to their account.
There are some use cases that are exempt from the MFA requirement. If any of these situations apply to your implementation, take the following steps before MFA is enforced to avoid potential disruption to your business.
- If you use the ROPC grant type, you need to change to the client credential grant type or authorization grant type. See Password Grant Type Changes for Salesforce B2C Commerce for more information.
- If you use automated user interface testing tools, see “How do I use MFA with system users/automated processes?” in the B2C Commerce Multi-Factor Authentication FAQ.
- If you’re planning to use a combination of trusted devices and trusted networks to satisfy the MFA requirement, contact your Salesforce representative.
