使用 Apex 實作自訂 MFA 流程 (Salesforce 組織)

MFA 需求會在 2026 年 6 月變更。

• Salesforce 針對生產與 Sandbox 組織中所有員工使用者的直接 UI 和 SSO 登入強制執行 MFA。請參閱針對所有員工使用者準備強制執行 MFA。
• 針對擁有「系統管理員」設定檔或特定權限的使用者,Salesforce 需要防網路釣魚的 MFA。請參閱 針對特權使用者 (包括管理員) 準備強制執行網路釣魚防盜 MFA。

此範例顯示使用 Salesforce Authenticator 作為驗證方法的 MFA Apex 程式碼。

public void initVerification() {
// user will receive push notification on mobile device where the app is registered for MFA
 identifier = UserManagement.initVerificationMethod(Auth.VerificationMethod.SALESFORCE_AUTHENTICATOR);
}

public Auth.VerificationResult verifyVerification() {
// requiring identifier from the initVerification
// user will need to take the action on the mobile device where the app is registered for MFA
return UserManagement.verifyVerificationMethod(identifier, '' , Auth.VerificationMethod.SALESFORCE_AUTHENTICATOR);
}

以下是 SMS 的範例。

public void initVerification() {
// user will receive code on their registered verified phone
 identifier = UserManagement.initVerificationMethod(Auth.VerificationMethod.SMS);
}

public Auth.VerificationResult verifyVerification() {
// requiring identifier from the initVerification
// the code will need to be entered in this method
return UserManagement.verifyVerificationMethod(identifier, code , Auth.VerificationMethod.SMS);
}

後續兩個範例顯示僅使用密碼和 TOTP 驗證之 verifyVerificationMethod 的 MFA Apex 程式碼。

public Auth.VerificationResult verifyVerification() {
// user will enter their password as a param in the verifyVerificationMethod for password verification method
return UserManagement.verifyVerificationMethod('', password , Auth.VerificationMethod.PASSWORD);
}

public Auth.VerificationResult verifyVerification() {
// user will enter their registered time-based one-time password (TOTP) code (token)
return UserManagement.verifyVerificationMethod('', code , Auth.VerificationMethod.TOTP);
}