Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Understand the Relationship Between MFA and a High Assurance Login Session (Salesforce Orgs)

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Understand the Relationship Between MFA and a High Assurance Login Session (Salesforce Orgs)

            Certain operations in Salesforce are available only to admins and other privileged users who have a high assurance session. When multi-factor authentication (MFA) is enabled, a high assurance level of security is required to generate temporary verification codes. It’s also necessary for using the Login As feature without needing end users to respond to MFA challenges for you. If your org uses session-level policies, some sensitive actions such as accessing reports or managing IP addresses can require a high assurance session. Avoid access problems by making sure the appropriate users automatically get a high assurance session when they log in to Salesforce.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: all editions
            Important
            Important

            MFA requirements are changing in June 2026.

            To ensure users automatically get a high assurance session when they access Salesforce, go to Setup. In the Quick Find box, enter Session, then select Session Settings.

            Depending on your MFA implementation, make these settings on the Session Settings page.

            If users log in directly to Salesforce with a username and password:

            • Make sure Multi-Factor Authentication is in the High Assurance column.

            If users access Salesforce via single sign-on (SSO) only and you’re using your SSO provider’s MFA solution:

            • Put your SSO provider in the High Assurance column.

            If users access Salesforce via SSO only and you’re using the MFA functionality provided by Salesforce:

            • Put your SSO provider in the Standard column.

            • Make sure Multi-Factor Authentication is in the High Assurance column.

            If users can log in directly as well as via SSO using your SSO provider’s MFA solution:

            • Make sure Multi-Factor Authentication is in the High Assurance column

            • Put your SSO provider in the High Assurance column.
            Note
            Note While it’s possible to reconfigure an org so that MFA logins result in a standard session, we don’t recommend doing so. Admins and other privileged users won’t be able to achieve the necessary level of security to perform tasks that require a high assurance session.
             
            Loading
            Salesforce Help | Article