You are here:
Automate Multi-Factor Authentication with Salesforce Authenticator
Authenticator can automatically approve multi-factor authentication (MFA) requests. Automation relies on several conditions, including your device and browser information, your location, and the service that you’re logging into. When all factors of an incoming request match a request that was approved three times, Authenticator automatically verifies the activity and approves it.
Required Editions
| Salesforce Authenticator setup available in: both Salesforce Classic and Lightning Experience |
| Multi-factor authentication with Salesforce Authenticator available in: all editions |
The automation feature is enabled only if you have at least one Salesforce ecosystem account connected to the app. These accounts make up the Salesforce ecosystem.
- Salesforce.com
- Commerce Cloud
- Heroku
- Sales Cloud
- Marketing Cloud
- MuleSoft
- Quip
- Tableau
To use the app as a verification method for an MFA login requirement, first connect it to your Salesforce account.
You’re prompted to allow location services when you first connect a Salesforce Ecosystem account or when restoring accounts that include a Salesforce Ecosystem account.
Automated verification works best when Salesforce Authenticator always has access to your precise location and you permit it to run in the background. Your mobile device’s location data doesn’t leave the app.
To automate a request in Salesforce Authenticator, approve the request three times and
leave automation enabled. The Einstein icon is blue when it is enabled 
and gray when disabled 
.
-
Respond to a request notification by opening the app on your mobile device.
The app shows you five factors describing the request.
Factor Description Service The service that’s trying to verify your identity, such as your Salesforce org. Username Your username for the account. You can have multiple accounts with a single service. Action The action that requires identity verification, such as logging in to your account. Location Your approximate location at the time of the request, such as your home or office. Client Information about your device and the browser or app that you’re using to access your account. - If you trust all the factors shown, leave the Einstein icon enabled.
-
Tap Approve.
In Salesforce, you’re logged in or granted access to the desired resource. After you approve the request three times with the same five factors, the app automatically verifies the activity without prompting you for approval.
If all factors of a request match one of your previous requests except the client, save the request with a new client:
- On the first notification, manually approve the request.
- On the second notification, switch on New recurring client detected. Automate future requests from this client? and approve the request again.
The detected client of your incoming requests can change based on your web browser configuration. Using private browsing modes, using virtual desktop infrastructure (VDI), and switching between browser applications can inhibit automation performance.
Your Salesforce admin sets automation policies for the service that you’re accessing. If the service doesn’t allow automation for certain actions, Authenticator can’t automate request approvals for those actions. Contact your Salesforce admin to learn which types of requests are restricted from automation.
