Data Security

Safer Security with Salesforce and Two-factor Authentication (2FA)

With businesses across the globe having to increase their reliance on remote working due to the Covid-19 pandemic, cyber criminals have seen this as an opportunity to scale up their cyber-attacks. In fact, the first 100 days of Covid-19 saw the volume of cyber-attacks rise by 33%

It is now more important than ever to make sure your businesses systems are as protected as they can be.

The good news is that Salesforce makes one of the most essential web security tools really easy to setup, two-factor authentication (2FA). Any concern that 2FA creates friction during the the sign-in process for users is quickly overcome as Salesforce makes it simple with Lightning Login.

Two-Factor Authentication Setup

Step 1

The first step is to set the session security level for two-factor authentication by heading over to Session Settings in Setup and making sure that two-factor authentication is in the High Assurance category.

Salesforce Session Settings

Step 2

The second step is to create one of those things we all know and love, the permission set. Head over to Setup and create a new permission set. Under the System settings section click System Permissions, select Edit, look for Two-Factor Authentication for User Interface Logins and check the box. You can then Save.


Salesforce Permission Set

Step 3

The final step is to now assign the new permission set to your users. Click on the Managed Assignments button on the new permission sets detail page, check the box next to the relevant users and then click Assign.

Job done – now every time they log in your users will have to use a two-factor authentication code to have access to your Salesforce Org.

Now for the quality of life improvement, The Salesforce Authenticator Mobile App.

The Salesforce Authenticator Mobile App

The Salesforce Authenticator comes with some really handy bells and whistles for not only your users but also for you, the security super admin. To install it your users can head over to their phones app store and download the relevant iOS or Android app for their phone.

When your user logs in for the first time they will be asked to set up a two-factor authentication method. By default Salesforce will encourage them to use the Salesforce Authenticator. They can choose to use another method, e.g Google Authenticator, but we definitely recommend the Salesforce Authenticator. Get them to follow the easy-as-pie on-screen instructions and they are all set. If you are unsure of the steps in this process then you can always visit the Secure Your Users’ Identity module on Trailhead.

Now for the sexy bits:

Geolocation

Most people access Salesforce from the same place (their home, their office, their bathroom) on a regular basis. To make the login process even smoother your users can use their phone’s location services to automatically log them in when they are in a particular spot. They can set this as and when they see the prompt to authenticate a log in on their mobile app by selecting Always approve from this location. Next time they go to log in at that location they are granted access automatically.

Note: if you need to restrict this as your users are making every location they set foot in a trusted location, you can switch this off in Session Settings here:

Salesforce Authenticator
Salesforce Authenticator

Lightning Login

We all know that user who hates passwords and has the ‘please hack me’ sign written on their forehead. Now we can make their life easier AND make sure that our Org’s data is not compromised by their weak password and lack of 2FA by using Lightning Login. To set this up needs both you the awesome admin and the user to follow a few simple steps

The Admin Steps: Head over to Session Settings and make sure Allow Lightning Login is enabled. Here you can also decide if all users should be allowed Lightning Login or just those with the Lightning Login User permission. If you have decided that only those with the Lightning Login User permission can use Lightning Login, then you can assign this on their user profile or by using a permission set.

The Users Steps: First, get your user to head over to the Advanced User Details section in their Personal Settings. From here they can select Enroll next to the Lightning Login field. They will then get a number of prompts on their Salesforce Authenticator App. The next time they log into your Salesforce Org and the login page asks for their username and password, simply get them to check the Allow Lightning Login next time checkbox. From now on, when they login on a trusted device and see the lightning bolt next to their enabled username they can click their username, receive a notification on their mobile device and BOOM, ther’re logged in safe and sound!


Author Bio

It’s fair to say my journey to Salesforce awesomeness has been a varied one! I started out in the music industry, being trained by two Grammy award winning legends and then writing a track for the 2011 Rugby Union World Cup, working with such legends as Dido and The Weeknd to name just a few. Some of my work can be found on Soundcloud. Having ran my own recording studio during this time, I was really keen to transfer these management skills into my family business; Bluegrass Group. It was great to be working alongside my family; the connection we have is really unique and we all have something different to bring to the business.

I’ve held a few different roles within the organisation to date, including Sales and Operations Manager, but have now found my calling as our Salesforce Administrator. I love the progress and integration Salesforce has brought to Bluegrass and the fact it grows with us is very exciting, we’re using more and more features all the time.

In my spare time I am a dad to two amazing boys and a wedding photographer. I also have a passion for ice hockey, computer games, beer and whisky. If there is anywhere in the world I’m keen to take my sons to visit when they’re older; it’s definitely the beautiful country of Canada!


Share the Post: