How Salesforce Authenticator Works ?

Learn how Salesforce Authenticator works and how Salesforce Authenticator that help protect your account with a frictionless two-factor authentication (2FA) experience.

Once you have Salesforce Authenticator set up, it works by requiring two steps for authentication:

1. Something You Know: Your Salesforce username and password.
2. Something You Have: Your mobile device with the Salesforce Authenticator app installed.

Whenever you attempt to log in to your Salesforce account, after entering your credentials, Salesforce sends a push notification to your mobile device. You can then view the details of the login attempt, such as the location and device, and choose to either approve or deny the request.

Additionally, Salesforce Authenticator can recognize trusted locations, such as your home or office. When logging in from these familiar places, the app can automatically approve your login or provide more details to help you make an informed decision.

Learn how Salesforce Authenticator works?

Multi-Factor Authentication (MFA) is a great way to achieve that. When you’re required to use MFA to log in, you need at least two pieces of evidence or factors to prove you’re who you say you are.

• The first factor is something you know, like your username and password.
• The second factor is a verification method that you have in your possession, such as a mobile device with a security app installed.

This additional factor adds an extra layer of protection to your account because even if a bad actor steals your password, it’s unlikely that they can also guess or hack your verification method.

After your Salesforce admin turns on MFA, you need to provide a second factor every time you log in. We recommend using the Salesforce Authenticator mobile app because it makes MFA fast and easy.

How to Download Salesforce Authenticator

To get started with Salesforce Authenticator, you need to register the app so it’s connected to your Salesforce account. Follow these steps:

Step 1: Download the App

• Start by downloading the Salesforce Authenticator app from the Apple App Store for iOS or the Google Play Store for Android.

Step 2: Install the App

• Once downloaded, install the app on your mobile device by following the on-screen instructions.

Step 3: Open Salesforce Authenticator

• After installation, open the Salesforce Authenticator app and swipe through a brief tour to familiarize yourself with its features.

Registering Salesforce Authenticator with Your Salesforce Account

Now that you have the app installed, follow these steps to connect it to your Salesforce account:

Step 1: Log in to Salesforce

• Open your web browser and log in to your Salesforce account.
• Since MFA is required, you will be prompted to provide a second factor of authentication.

Step 2: Choose Salesforce Authenticator

• If prompted to choose a verification method, select Salesforce Authenticator from the list.
• Click Continue.

Step 3: Connect the App

• In the Salesforce Authenticator app on your mobile device, tap Add an Account.
• The app will display a unique two-word phrase. Enter this phrase in your Salesforce account to establish the connection.
• You will be prompted to confirm the connection in Salesforce Authenticator. Review the details to ensure the request is legitimate.
• Tap Confirm in the app to finalize the connection.

Congratulations! You have successfully registered Salesforce Authenticator and completed the login process.

Enabling Account Backups

Once your account is connected to Salesforce Authenticator, it’s important to enable account backups to safeguard your data. Here’s how:

Step 1: Verify Your Email Address

• Tap the settings icon within the Salesforce Authenticator app.
• Select Backup Accounts.
• Enter your email address to receive a verification code.
• Check your email and enter the verification code in the app.

Step 2: Set a Passcode

• The app will prompt you to set a passcode. This passcode will be used if you ever need to restore your connected accounts.

By enabling backups, you can easily restore your connected accounts if you change, lose, or wipe your mobile device.

Enabling Push Notifications for Easy MFA Logins

To ensure that Salesforce Authenticator can send you notifications for quick MFA logins, follow these steps:

Step 1: Access Settings

• Go to the settings page within the Salesforce Authenticator app.
• Double-check that push notifications are enabled.

Step 2: Update Device Permissions

• If push notifications are not enabled, tap Change in the settings.
• Switch to your mobile device’s settings and update the Salesforce Authenticator permissions to allow notifications.

With push notifications enabled, you can approve or deny login attempts directly from your mobile device with ease.

Logging in with Salesforce Authenticator

Here’s what the login process looks like when using Salesforce Authenticator:

Step 1: Enter Credentials

• Enter your Salesforce username and password as usual.

Step 2: Receive Notification

• Salesforce sends a push notification to your mobile device via the Salesforce Authenticator app.

Step 3: Verify Login Attempt

• Open the Salesforce Authenticator app and review the login details:
  • Check if the username and service field match the login attempt.
  • Verify the device and location information.

Step 4: Approve or Deny

• If everything looks correct, tap Approve to complete the login.
• If something doesn’t look right, tap Deny to block the login attempt.

By following these steps, you ensure that only authorized users can access your Salesforce account, enhancing overall security.

Advanced Features of Salesforce Authenticator

Salesforce Authenticator offers several advanced features to make MFA logins even easier and more secure:

1. Automatic Approval for Trusted Locations

• Tell Salesforce Authenticator to automatically approve login requests when your mobile device is at a trusted location and all details match the current login information.

2. Einstein Recommendation

• Enable Einstein recommendations in the automation settings. This feature automatically suggests trusted requests based on your login patterns, further streamlining the authentication process.

3. One-Time Passcodes

• If you need to log in but your mobile device doesn’t have a data connection, Salesforce Authenticator can generate a one-time passcode. Enter this passcode during login to authenticate without receiving a push notification.

These advanced features provide flexibility and convenience while maintaining robust security for your Salesforce accounts.

Conclusion

Salesforce Authenticator is a must-have tool for anyone using Salesforce who wants to add an extra layer of security to their account. By implementing two-factor authentication, it safeguards your data against unauthorized access while maintaining ease of use through features like push notifications and one-tap approvals.

Additional Resources

• Salesforce Authenticator Official Page
• Salesforce Authenticator Help Documentation
• Trailhead: Multi-Factor Authentication for Users