Newer Version Available

This content describes an older version of this product. View Latest

Setting Two-Factor Authentication Login Requirements

Administrators can require users to enter a time-based token generated from an authenticator app when they log into Salesforce.
Available in: Enterprise, Performance, Unlimited, Developer, and Database.com Editions

User Permissions Needed
To edit profiles and permission sets: “Manage Profiles and Permission Sets”

To require this authentication every time users log into Salesforce, select the “Two-Factor Authentication for User Interface Logins” permission in the user profile or permission set.

Watch Video Demo Enhancing Security with Two-Factor Authentication (6:56 minutes)

See a demonstration of Two-Factor Authentication for Salesforce, and when to use it.

Note

Users are prompted to add the value generated by the authenticator app the next time they log into Salesforce, and they must enter the changing value from the authenticator app every time they log in.

Once enabled, two-factor authentication applies to users logging in to Salesforce (including organizations with custom domains created using My Domain). However, it does not apply to users of the following authentication methods.

  • SAML for single sign-on.
  • Social sign-on into organizations or Communities.
  • Username and password authentication into Communities.