With the Salesforce '24 Spring Release, there may be some questions from customers surrounding Salesforce's Multi-Factor Authentication enforcement. Below is a list of common questions and answers.
Questions and Answers:
When did the SFDC ‘24 Spring Release happen? How can I confirm this?
- The SFDC ‘24 Spring Release occurred between 1/12/2024 and 2/10/2024. You can confirm this via Salesforce Trust.
- You can confirm the specific MFA Auto-Enablement Date for your Production Orgs under Setup > Release Updates. If the release has already occurred, the update will be under Archived.
What MFA setting was enabled for the SFDC ‘24 Spring Release?
- The enabled setting is Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org under Setup > Identity Verification.
Why is Go Online showing that I need to configure the SFDC MFA Authenticator even though my SSO users are using SSO MFA?
- While Salesforce allows using MFA on the SSO provider side to meet the contractual obligation for MFA, the connection to Salesforce cannot see that an SSO user has MFA on the SSO side.
- In such cases, Salesforce will allow for an exemption from the MFA requirement in the Org for SSO users who use MFA on the SSO side.
- Please refer to our CRM guide and Veeva Connect Link below:
What if we are not ready for MFA?
- Salesforce has a 30-day grace period where users have an option to log in without setting up MFA. If 30 days is not enough, administrators have the option to temporarily disable the MFA requirement. Please review Register for Multi-Factor Authentication (or Get a Little More Time If You Need It) for additional information.
-
Note that disabling MFA globally for the Org in this manner means you’re no longer complying with the contractual MFA requirement, so plan to re-enable it as soon as possible.
Some of our Admins have a shared account, can we use the ‘Waive Multi-Factor Authentication for Exempt Users’ permission to bypass the MFA requirement?
-
The ‘Waive Multi-Factor Authentication for Exempt Users’ permission should not be utilized in this case. Please note that Salesforce prohibits sharing user credentials with multiple users as noted in Some of our users share a single Salesforce account. How can we implement MFA?.
Why is my CRM Sandbox org not affected?
Related Documentation:
Veeva CRM
- Authentication Overview
- Multi-Factor Authentication Enablement and Potential Impact to “Go Online” action for iOS Devices
- What MFA Configuration is Possible For The Type of Authentication Method And Device For Veeva CRM And The SFDC MFA Requirement?
Salesforce Help
- Salesforce Multi-Factor Authentication FAQ
- Exclude Exempt Users from MFA
- Register for Multi-Factor Authentication (or Get a Little More Time If You Need It)
- Salesforce SSO and MFA FAQ