Multi-Factor Authentication (MFA) Explained
Salesforce mandated MFA for all direct UI logins starting February 2022, making it a contractual requirement under the Salesforce Trust and Compliance Documentation. MFA adds a second verification factor beyond the password: the Salesforce Authenticator mobile app (which supports push notifications and location-based auto-verification), third-party TOTP authenticators such as Google Authenticator, Microsoft Authenticator, or Authy, or physical security keys that support WebAuthn/FIDO2 such as YubiKey or Titan.
Admins enable MFA through the 'Multi-Factor Authentication for User Interface Logins' permission in a permission set or directly on the profile. For SSO environments, MFA should be enforced at the identity provider level rather than at Salesforce, since the SSO assertion satisfies the Salesforce login; the MFA requirement applies to the IdP login itself. Session security levels can be configured so that high-assurance sessions (MFA-verified) are required for accessing sensitive Connected Apps or reports. Clientell AI can audit your org's MFA adoption, identify users who have not registered a verification method, and generate compliance reports for security reviews.
Related Salesforce Terms
Profile
A Profile in Salesforce defines the baseline set of permissions, page layout assignments, and system settings that apply to every user assigned to it.
Permission Set
A Permission Set is a collection of permissions that can be assigned to users on top of their profile to grant additional access without changing the profile itself.
Connected App
A Connected App is a configuration framework that enables an external application to integrate with Salesforce using OAuth 2.0, SAML, or other standard protocols.
Field-Level Security (FLS)
Field-Level Security controls which users can see and edit specific fields on Salesforce objects, enforced at the profile and permission set level.