Loading
Get Started with Salesforce
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Methods for Verifying Your Identity

            You are here:

            1. Salesforce Help
            2. Docs
            3. Get Started with Salesforce

            Methods for Verifying Your Identity

            To protect your user account and business data from unauthorized access, Salesforce requires multi-factor authentication (MFA) for an extra layer of security when you log in. In addition to entering your username and password, you’re also prompted to provide a verification method that helps prove your identity. You can register several types of verification methods for your account, including authenticator apps, built-in authenticators, and physical security keys. You can also use a registered verification method if you receive a device activation challenge because you’re logging in from a browser or IP address that Salesforce doesn’t recognize.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: all editions

            Salesforce supports these types of verification methods. The methods appear in order of precedence, with the most secure options listed at the top.

            Verification Method Types Description
            Built-In Authenticator

            If your computer or mobile device has a built-in authenticator such as Face ID, Touch ID, or Windows, you can verify your identity with a fingerprint, iris, or facial recognition scan.

            A built-in authenticator must already be enabled and set up before you can register it for Salesforce MFA. And keep in mind that this option is tied to the device you’re currently using. If you log in from other devices too, you must set up a different verification method for those systems.

            Learn more or get help registering a built-in authenticator. If this option isn’t available in your org, talk to your Salesforce admin.
            Security Key

            A Universal Second Factor (U2F) or WebAuthn security key, such as the YubiKey from Yubico or the Titan Security Key from Google, is a physical device that you plug into your computer to verify your identity. You can use your own security key if you have one, or check if your company is providing them for MFA logins.

            Learn more or get help registering a security key. If this option isn’t available in your org, talk to your Salesforce admin.
            Salesforce Authenticator Mobile App Salesforce Authenticator is a free mobile authenticator app that you can download from the App Store or Google Play. This app makes it easy to verify your identity by sending a push notification that you can approve with a single tap. If your mobile device is offline, you can still log in with the one-time codes that the app generates. Learn more or get help registering Salesforce Authenticator.
            Third-Party Authenticator App Authenticator apps, such as Google Authenticator or Microsoft Authenticator, generate time-based one-time password (TOTP) codes that you enter in Salesforce to verify your identity. Choose from mobile apps, browser extensions, and desktop apps, including most password managers. You can use any third-party product that generates TOTP codes. Learn more or get help registering a third-party authenticator app.
            One-Time Password via SMS Text Message

            Available only for external users logging in to customer or partner Experience Cloud sites.

            If you have a verified mobile number associated with your account, Salesforce sends a one-time password (OTP) code in a text message sent to your phone. If you don’t have a verified mobile number, you’re prompted to register one when you log in to Salesforce. Registering your mobile phone number verifies it and enables this method when you’re challenged in the future. If your mobile number changes, contact your Salesforce admin.
            One-Time Password via Email

            Available only for external users logging in to customer or partner Experience Cloud sites.

            Salesforce sends an OTP code in an email to the address associated with your account. The code expires after 24 hours.

            Consider these tips as you decide which methods to use.

            • You can self-register verification methods at any time. See Register an Identity Verification Method for Salesforce Orgs.

            • We strongly encourage you to register two or more verification methods so you have a backup available for MFA if you forget or lose your primary method. You can register one method for each of the four method types listed at the top of the table in this topic.

            • If you set up multiple methods, Salesforce logins automatically ask you for the most secure type but you can always override the prompt and select a different option.

            • You can register the same verification method with multiple Salesforce accounts, as well as other service providers.

            Managing Identity Verification Prompts

            • Multi-Factor Authentication (MFA) Logins: MFA is turned on by default for logins to the user interface. You must provide a verification method each time you log in.

            • Device Activation: See Device Activation for more information on managing these prompts.

            See Also

             
            Loading
            Salesforce Help | Article