salesforce_security_impl_guide
salesforce_security_impl_guide
salesforce_security_impl_guide
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configuring Salesforce Security Features<br />
Setting Two-Factor Authentication Login Requirements<br />
Setting Two-Factor Authentication Login Requirements<br />
Administrators can require users to enter a time-based token generated from an authenticator app<br />
when they log into Salesforce.<br />
To require this verification every time users log into Salesforce, select the “Two-Factor Authentication<br />
for User Interface Logins” permission in the user profile or permission set.<br />
Note:<br />
Enhancing Security with Two-Factor Authentication (6:56 minutes)<br />
See a demonstration of Two-Factor Authentication for Salesforce, and when to use it.<br />
Users are prompted to add a time-based token the next time they log into Salesforce. They must<br />
enter the changing token from their mobile app every time they log in.<br />
Note: Users aren’t asked for a verification code the first time they log in to Salesforce.<br />
Once users add a time-based token to their account they can also use the token to confirm their<br />
identity when they activate their computer. Partner Portal and Customer Portal users aren’t required<br />
to activate computers to log in.<br />
EDITIONS<br />
Available in:<br />
• Enterprise<br />
• Performance<br />
• Unlimited<br />
• Developer<br />
• Database.com<br />
USER PERMISSIONS<br />
To edit profiles and<br />
permission sets:<br />
• “Manage Profiles and<br />
Permission Sets”<br />
IN THIS SECTION:<br />
Adding a Time-Based Token<br />
You can add a time-based token to your account to use a mobile authenticator app to activate your computer.<br />
Removing or Resetting Time-Based Token Keys<br />
Only one time-based token can be stored on a user’s account. The user must use the authenticator app on the same mobile device<br />
to retrieve the token. If a user can’t access the mobile authenticator app used to add the time-based token, administrators can remove<br />
the key used to generate the token to deactivate it.<br />
Adding a Time-Based Token<br />
You can add a time-based token to your account to use a mobile authenticator app to activate your<br />
computer.<br />
Once you add a time-based token to your account, you’ll be prompted to enter the changing token<br />
stored in the mobile app whenever Salesforce needs to confirm your identity, such as when you<br />
log in from an unknown IP address.<br />
EDITIONS<br />
Available in all editions<br />
Note: If you have the “Two-Factor Authentication for User Interface Logins” permission, you must enter this token every time you<br />
log into Salesforce through the user interface. If you have the “Two-Factor Authentication for API Logins” permission, you must<br />
enter this token to access the service instead of the standard <strong>security</strong> token.<br />
1. Download the supported authenticator app for the type of mobile device you’re using.<br />
2. From your user detail page in Salesforce, click Add next to Time-Based Token.<br />
3. For <strong>security</strong> purposes, you’re prompted to log into your account.<br />
4. Scan the QR code with the authenticator app on your mobile device.<br />
Alternatively, you can manually enter your username and the key displayed when you click Can’t scan the QR code into the app.<br />
5. Enter the token generated from the mobile app into the Token field in Salesforce.<br />
87