Newer Version Available

This content describes an older version of this product. View Latest

Set Two-Factor Authentication Login Requirements

Salesforce admins can require users to enter a time-based one-time password (TOTP) generated from an authenticator app when they log in to Salesforce.
Available in: Both Salesforce Classic and Lightning Experience
Available in: Contact Manager, Database.com, Developer, Enterprise, Group, Performance, Professional, and Unlimited and Editions

User Permissions Needed
To edit profiles and permission sets: “Manage Profiles and Permission Sets”

To require this authentication every time a user logs in to Salesforce, select the “Two-Factor Authentication for User Interface Logins” permission in the user profile (for cloned profiles, only) or permission set.

Watch Video Demo Enhancing Security with Two-Factor Authentication

See a demonstration of Two-Factor Authentication for Salesforce, and when to use it.

Walk Through It Walk Through It: Secure Logins with a Unique Code (Two-Factor Authentication)

Users must enter the code generated by the authenticator app every time they log in to Salesforce.

After two-factor authentication is enabled, it applies to users logging in to Salesforce, including organizations with custom domains created using My Domain.

The basic implementation of two-factor authentication doesn’t apply to users of the following authentication methods. You can enforce two-factor authentication for these users with custom login flows.

  • SAML for single sign-on
  • Social sign-on in to organizations or Communities
  • Username and password authentication in to Communities