Newer Version Available
Configure When Users Are Prompted to Verify Identity
You can control how and when users are prompted to verify their identity.
| Available in: all editions |
| User Permissions Needed | |
|---|---|
| To modify identity verification settings: | Customize Application |
- In Setup, enter Identity in the Quick Find box, and then click Identity Verification.
-
Customize the identity verification settings, and then click
Save.
Field Description Enable the SMS method of identity confirmation Allows users to receive a one-time password delivered via SMS. If this setting is selected, administrators or users must verify their mobile phone number before taking advantage of this feature. This setting is selected by default for all orgs. Require security tokens for API logins from callouts (API version 31.0 and earlier) In API version 31.0 and earlier, requires the use of security tokens for API logins from callouts. Examples are Apex callouts or callouts using the AJAX proxy. In API version 32.0 and later, security tokens are required by default. Let users use a security key (U2F) Allows users to use a U2F security key for two-factor authentication and identity verification. Instead of using Salesforce Authenticator, one-time passwords generated by an authenticator app, or one-time passwords sent by email or SMS, users insert their registered U2F security key into a USB port to complete verification. Let users authenticate with a certificate Enable certificate-based authentication to use PEM-encoded X.509 digital certificates to authenticate individual users to your org. Require identity verification during two-factor authentication registration Requires users to confirm their identities to add a two-factor authentication method, such as Salesforce Authenticator, instead of requiring a relogin as before. Require identity verification for change of email address Requires users to log in again and confirm their identity before the change to their email address is applied. Salesforce asks the user to verify identity using a registered verification method, such as Salesforce Authenticator, SMS text message, or email.
Allow automated location-based verifications with Salesforce Authenticator - Allow only from trusted IP addresses
When users are in a trusted location, such as their home or office, they can use the Salesforce Authenticator to automatically verify their identity. You can allow automated verifications from any location, or you can restrict them to only trusted IP addresses, such as your corporate network.
These identity verification settings are also available on the Session Settings page. You can change the settings in either location.