Is Your Business Prepared For Salesforces Multi-Factor Authentication?

Prepared for Salesforces Multi-Factor Authentication?

As we all know, technology is constant and continues to evolve. Businesses need to continue to evolve and protect their systems from cyber-attacks, especially if their employees work remotely. If their systems are not protected from attacks, confidential information about their customers and business will be exploited, which can lead to serious implications. In order to prevent this from happening, Salesforce has provided an extra layer such as Multi-Factor Authentication (MFA) to protect all customers from any technological threat. That is why the NPWR Group (“NPWR”) has decided to team up with Commercient to help their mutual customers in safeguarding their information on Salesforce, by providing the right tools and required knowledge for customers to have a seamless integration experience.

NPWR is a boutique, registered-Salesforce implementation partner. Driven by their passion for service and business transformation, they leverage the ever-expanding Salesforce customer success platform to improve the lives of their clients. Providing a full life-cycle of services, NPWR has completed projects across the entire Salesforce platform for customers in a broad range of industries. These include professional services, technology, retail, consumer goods, healthcare/life sciences, manufacturing, construction, professional services, general business, and non-profit. 

The NPWR team has deep experience with clients’ purchasing and leveraging technology to drive business optimization. Their client-side experience provides a unique perspective that contributes to successful outcomes for our clients. 

“Commercient has provided a reliable and effective solution for our clients with ERP and/or Salesforce integrations,” said Taylor Nen, Sales and Marketing Specialist at NPWR. “We have confidently referred Commercient to our clients, and they’ve delivered great results. We are working together to ensure Commercient and our clients are prepared for the new changes.”

What is MFA and How Does it Work?

MFA is an extra security layer for protection against cyber-attacks, such as account takeovers, phishing, and credential stuffing. The extra security layer involves a two-step authentication to prove you are who you are. The first step is for a client to utilize their username and password combination, and the second step is to provide a verification method that the user has in their possession, such as a security key or app. 

When Does MFA Go Into Effect, and Does Salesforce Need Their Customers to Use MFA?

By February 1, 2022, customers will be required to use MFA to log into Salesforce products through the user interface. The Salesforce Spring 2021 releases may impact an org, therefore it is advised to start implementing this change now.

With the Spring 2021 updates, when you log into Salesforce, you may see an update notice requesting you to activate MFA now. But it is advised to set your org up first in order to be ready for MFA, otherwise, users may get locked out, or they may not be able to log in to Salesforce.

Is There Anyone Not Required to Use MFA?

External users — your customer’s customer and partners — who log into e-commerce sites, help portals, Experience Cloud Sites, and more. 

Which Verification Tools can be Used for MFA?

There are a few verification tools, including:

  • Time-based one-time passcode (TOTP)
  • Salesforce Authenticator Mobile App
  • Google Authenticator or Microsoft Authenticator or Authy
  • WebAuthn
  • Security Keys that support U2F

Each time a user logs into a Salesforce product, a verification method will need to be given.

How Will This Affect Current Commercient Customers Updating Their Salesforce to MFA?

If you update your Salesforce to MFA, a ticket will need to be logged with Commercient, explaining you are upgrading to MFA because MFA may disrupt your OAuth. If your OAuth is disrupted, Commercient will have to re-do OAuth with the MFA and Commercients customers will need to supply the MFA code.

How Does Commercient Work with MFA Going Forward with New Customers?  

If you have MFA set up in your new Salesforce org, or going forward when Commercient first integrates, they will need the MFA code for the first time. Commercient will not set up cell phone numbers, as per Commercient’s company security policy, and customers will need to provide this. If you do not have it set-up, Commercient will continue working with the OAuth token for API integrations.


What do you think about these FAQs? If you would like to get your Salesforce org set up for MFA now in order to avoid issues, NPWR can help! They recommend taking immediate action to avoid any potential problems. If you are struggling with your data integration, or have any questions, Commercient and NPWR are here to help. Contact us today