Newer Version Available

This content describes an older version of this product. View Latest

Set Two-Factor Authentication Login Requirements

Administrators can require users to enter a time-based token generated from an authenticator app when they log in to Salesforce.
Available in: Contact Manager, Database.com, Developer, Enterprise, Group, Performance, Professional, and Unlimited and Editions

User Permissions Needed
To edit profiles and permission sets: “Manage Profiles and Permission Sets”

To require this authentication every time a user logs in to Salesforce, select the “Two-Factor Authentication for User Interface Logins” permission in the user profile or permission set.

Watch Video Demo Enhancing Security with Two-Factor Authentication (6:56 minutes)

See a demonstration of Two-Factor Authentication for Salesforce, and when to use it.

Note

Users must enter the changing value generated from the authenticator app every time they log in to Salesforce.

After two-factor authentication is enabled, it applies to users logging in to Salesforce, including organizations with custom domains created using My Domain.

The basic implementation of two-factor authentication doesn’t apply to users of the following authentication methods, but you can enforce two-factor authentication for these users with custom login flows.

  • SAML for single sign-on
  • Social sign-on into organizations or Communities
  • Username and password authentication into Communities