banner

Thales Blog

Don’t wait till the last minute to meet Salesforce’s MFA mandate

December 22, 2021

Danna Bethlehem Danna Bethlehem | Director, Product Marketing More About This Author >

Time is running out fast. Salesforce.com (SFDC) is requiring customers to implement multi-factor authentication (MFA) for users logging onto its platforms starting February 1, 2022. But best get it done before then to remain compliant.

Two reasons for deploying MFA now!

There are two good reasons why you should enable MFA sooner rather than later. First, you will ensure that you are compliant with the SFDC requirement and avoid any legal problems. SFDC warns that customers who don’t enable appropriate MFA will be out of compliance with their contractual obligations and should consult with their legal department to understand the implications. With SFDC being such an essential component for a lot of modern enterprise businesses, you wouldn’t want to risk disrupting the services offered by Salesforce.

The second reason is related with the increasing attack landscape which is evolving to include more sophisticated methods of targeting data. We also saw the number of phishing websites increase by 80% in 2020, according to Google’s Safe Browsing report.

Criminals are always seeking the easiest path to your systems, and weak or compromised credentials are easy targets for them. Given that 90% of data breaches start with compromised credentials, it is about time you got rid of insecure single factor authentication (i.e., passwords) and start looking for ways to deploy MFA across your entire SaaS estate – not only for SFDC apps.

Which is the preferred MFA method?

SFDC does not specify any MFA method. However, it does mention that the selected MFA method should be aligned with the NIST guidelines. Hence, SFDC does not accept email, SMS, and voice authentication methods for MFA. The SFDC communique specifies that customers may either use the SFDC authentication service or a third-party MFA authentication and SSO provider, such as Thales SafeNet Trusted Access.

How Thales can help you meet the SFDC requirement

Salesforce applications often contain user and customer information for an entire organization. By requiring that users provide MFA to access sensitive data, Salesforce’s MFA mandate is simply helping you protect yourself and your organization from potential breaches. Enabling MFA wherever possible is one of the best practices to prevent breaches.

Thales SafeNet Trusted Access is the perfect solution to quickly meet the Salesforce MFA requirement. This native cloud solution can enable MFA in a couple of minutes. With SafeNet Trusted Access you can protect enterprise on-prem applications as well as your cloud and web services, ensuring that your users are not easy targets for credential theft. SafeNet Trusted Access offers:

  • A broad range of authentication capabilities to meet the diverse expectations and access requirements of all users
  • Enhanced security with Smart SSO and policy-driven access controls
  • A frictionless passwordless experience for end users
  • Detailed audit trail of all access and authentication events

Hopefully, you already have MFA enabled across your enterprise and you do not need to worry about the February 1, 2022, deadline. If you don’t, you should start planning now!

Learn how Thales SafeNet Trusted Access can help you meet the SFDC MFA requirement.