How to Set Up Two-Factor Authentication for your Salesforce Org

Salesforce and Ledgeview Partners

If you’re reading this, you probably know or at least have some awareness regarding the importance of setting up two-factor authentication (also known as 2FA) to protect your account security.

With Salesforce, it’s no different. Salesforce says, “two-factor authentication is the most effective way to protect your org’s user accounts”, and we couldn’t agree more!

When you want to enhance your org’s security, setting up two-factor authentication is a great way to do it.

Two-factor authentication is a free resource available in these Salesforce editions:

  • Salesforce Essentials
  • Salesforce Group
  • Salesforce Professional
  • Salesforce Enterprise
  • Salesforce Performance
  • Salesforce Unlimited
  • Salesforce Developer
  • and Salesforce Contact Manager Editions

By setting up two-factor authentication, Salesforce admins are able to limit access to their org. The most common usage is limiting access to the entire org, however, an admin may choose to set it up specifically for when a user is attempting to view reports or access an app that is connected to the Salesforce org.

This second layer of security that admins may choose to add to their orgs, which comes highly recommended by Salesforce and most Salesforce partners, may be a password or code that is generated via a mobile device.

By requiring an additional factor, admins set their users up to not suffer the effects of a potential hack. Two-factor authentication makes it much more difficult for hackers to gain access and obtain user credentials, for example.

Two-factor authentication is not only good as a preventative measure but for your org’s collective peace of mind.


The two-factor authentication process comes in two phases for Salesforce admins.

First, admins must enable two-factor authentication through permission or profile settings.

Then, when users are logging in, they will be invited to use two-factor authentication by pairing their mobile app with the org (i.e. Salesforce Authenticator or a U2F security key).

Image Courtesy of Salesforce
Image Courtesy of Salesforce

Salesforce advises admins with the following steps, which are applicable to the aforementioned editions. (All of the steps shared are attributed to Salesforce):

  1. Create a two-factor authentication permission set
  2. From your Setup Home page, click on “Settings”
  3. Type “Permission Set’ into your Quick Search bar on the left of your screen to locate the Permission Sets, which you’ll find under users, and then click on that link

    Image Courtesy of Salesforce
  4. Create a new permission set by clicking on the “New. For the Label” field, and type in “New 2FA Perm Set”
  5. Hit your “Tab” bar to automatically populate your API field
  6. Select the type of license the permission set can be made available to your users, and click “Save”
  7. To enable the Permission Set you’ve created, click on “System Settings”, and then scroll down to “Require 2FA for logins”
  8. Mark “Require 2FA for logins” and save your Permission Set again
  9. You can assign permission sets by …
    • Clicking on “Manage Assignments”
    • Click on “Add Assignments”
    • Select yourself to enable 2FA on your own account, and assign to more users when you’re ready for the 2FA rollout phase
    • Click “Assign”
  10. Now you’re ready to create your first pairing! Take out your mobile device, go to your App store, and find and install the free Salesforce Authenticator App
  11. Launch the App once you’ve downloaded it from Google Play or the Apple App Store
  12. Complete your tour, and then connect your App to your org account

  13. To connect, login to your Salesforce org via the Login page
  14. Enter your pairing phrase once Salesforce prompts you to
  15. Refer back to your mobile device, and tap “New Account” in the center of your screen to generate the pairing phrase
  16. Type the pairing phrase into your connection prompt
  17. Press “Connect” to confirm the device connection
    Salesforce 2FA Admin Rollout Guide
    Image Courtesy of Salesforce

  18. Now, to login using Salesforce Authenticator, you will …
    • Enter your username and password, like you always do
    • From there, you’ll get a notification that shows you everything you need to know about the request
    • If it’s 100% correct, click on “Approve” and log in!

Congratulations! You’ve done it.

Salesforce advises that, as an admin, you roll this out gently to users, in phases.

First, you’ll want to plan and test, determining who will be required to use two-factor authentication or even considering a test-pilot group. You will also want to come up with a strong communication plan, and move on to the second step of providing support materials to them.

Salesforce encourages admins to: “prepare your helpdesk with training on setup, troubleshooting, and token generator issuing/resets”.

When you’re ready for rollout in the third step, you may consider introducing your Salesforce users to the concept of two-factor authentication with an internal webinar.

Be sure to notify them, and give them time to adopt! While it may be easy for some users to adapt, others may feel differently.


Do you need Salesforce support for two-factor authentication? Or, do you have other concerns with your system you’d like to be addressed?

Whether you’re a novice or have used the system for years, there’s always something to learn, and Ledgeview is here to help!

Reach out to our Salesforce experts for support.

We are eager to help take you where you’re meant to go with the technology.

Contact Ledgeview Partners

RESOURCES:

About Julia Flaherty

Marketing Coordinator at Ledgeview Partners.

Comments are closed.