Newer Version Available
Set Two-Factor Authentication Login Requirements
Administrators can require users to enter a time-based token
generated from an authenticator app when they log in to Salesforce.
| Available in: Contact Manager, Database.com, Developer, Enterprise, Group, Performance, Professional, and Unlimited and Editions |
| User Permissions Needed | |
|---|---|
| To edit profiles and permission sets: | “Manage Profiles and Permission Sets” |
To require this authentication every time a user logs in to Salesforce, select the “Two-Factor Authentication for User Interface Logins” permission in the user profile or permission set.
Users must enter the changing value generated from the authenticator app every time they log in to Salesforce.
After two-factor authentication is enabled, it applies to users logging in to Salesforce, including organizations with custom domains created using My Domain.
The basic implementation of two-factor authentication doesn’t apply to users of the following authentication methods, but you can enforce two-factor authentication for these users with custom login flows.
- SAML for single sign-on
- Social sign-on into organizations or Communities
- Username and password authentication into Communities
