Enabling MFA (Multi-Factor Authentication) on Salesforce
You have two options to enable MFA: create and assign a permission set OR use Session Security Levels.
*IMPORTANT*
DO NOT enable MFA for the TargetX Integration user as it may interfere with Email. TargetX intends to update the TargetX Integration User for MFA sometime later this year.
Salesforce does not recommend that SSO be enabled for Administrative users. For more information, see the Salesforce Help & Training article: FAQs for Single Sign-On.
Before You Begin:
Premier Clients
Please connect with Premier Services regarding these steps and a Timeline for enabling them.
Before you enable MFA, you'll need to regenerate the Online App Snapshot job so that future calls to Heroku include the appropriate authorization:
Please perform the following steps before and after enabling MFA in your org.
Before Enablement
- As a System Administrator, visit your Salesforce instance's Online App Settings page.
- After you've logged in to your Org, add /apex/settings to the URL, for example, https://mysalesforceorg.com/apex/TargetX_App__Settings
- Click the Cancel Hourly Job button to disable the snapshot job.
Enable MFA in your org using the steps outlined below.
After Enablement
- As a System Administrator, return to the Online App Settings page.
- After you've logged in to your Org, add /apex/settings to the URL, for example, https://mysalesforceorg.com/apex/TargetX_App__Settings
- Select the settings you want for the job. It should retain any preferences you previously had.
- Click Start Hourly Job and allow access in the prompt that appears.
After that, you're all set! Your job should continue as before but will include the appropriate MFA approval token.
Option 1: Enable MFA via a Permission Set
Step 1: Create a Permission Set with the following Permissions
- Navigate to Setup and search for Permission Sets.
- Click the New button.
- Enter a Label, such as Multi-Factor Authentication.
- Save your changes.
- Click System Permissions.
- Check the boxes for:
- Multi-Factor Authentication for User Interface Logins
- Multi-Factor Authentication for API Logins
- Save your changes.
Step 2: Assign Permission Set to User
- Navigate to Setup and search for Users.
- Click the User you wish to update.
- Navigate to the 'Permission Set Assignments' section.
- Select Edit Assignments.
- Click the Permission Set you want to add from the Available Permission Sets list and select Add.
- Save your changes.
Step 3: Logout and Login As a User using MFA
To disable MFA
Step 1: Remove Permission Set Assignment
- Navigate to Setup and search for Users.
- Click the User you wish to update.
- Navigate to the 'Permission Set Assignments' section.
- Click Del next to the Permission Set you want to delete.
- Save your changes.
Step 2: Logout and Login As a User WITHOUT using MFA
Option 2: Enable MFA with Session Security Levels
For additional information, see the Salesforce Help and Training article: Enable MFA with Session Security Levels. This option should not be used for the TargetX Integration user or users whose credentials are used in Third-Party connectors that utilize APIs since this forces MFA even if the entry is through API.
Note: When MFA is enabled for a site, admins can't use the Log In As feature to access the site.
Step 1: Update Profiles with High Assurance Session Settings
- From Setup, enter Profiles in the Quick Find Field, then select Profiles.
- Select a Profile.
- Click Session Settings
- Click Edit, find the Session security level required at the login setting, and select High Assurance.
Do not use the High Assurance Session Settings for TX SMS or TX Print Profiles for users that need to create reports, print jobs or bulk text.
- Save your changes.
- From Setup, enter Session Settings in the Quick Find Field, then select Session Settings.
- In Session Security Levels, ensure that Multi-Factor Authentication is in the High Assurance column.