Salesforce Authenticator for MFA

The Salesforce Authenticator mobile app is a verification method that can be used as a second factor for multi-factor authentication (MFA) logins. The app is free and simple to use.

Important

MFA requirements are changing in June 2026.

• Salesforce enforces MFA for direct UI and SSO logins for all employee users across production and sandbox orgs. See Prepare for MFA Enforcement for All Employee Users.
• Salesforce requires phishing-resistant MFA for users with the System Administrator profile or certain permissions. See Prepare for Phishing-Resistant MFA Enforcement for Privileged Users including Admins.

Salesforce Authenticator is available for all Salesforce products that provide MFA functionality.

Salesforce Authenticator makes MFA authentication easy because the app automatically integrates into the Salesforce login process with push notifications. After a user enters their username and password, the app sends a notification to the user's mobile device. The user taps the notification to open Salesforce Authenticator, verifies that the login request is coming from them, and then they’re logged in.

In addition to push notifications, Salesforce Authenticator generates time-based one-time passcode (TOTP) codes that allow users to authenticate even if their mobile device doesn’t have a data connection.

Note We highly recommend that users set up a PIN or biometric requirement on their mobile device to ensure that unauthorized parties aren’t able to access Salesforce Authenticator.

Download the Salesforce Authenticator app from the Apple App Store or Google Play.

Important As a security best practice, require users to use phishing-resistant verification methods: built-in authenticators or physical security keys. For more information about the security benefits of these methods, see the WebAuthn guide.