Salesforce Marketing Cloud - Multi-Factor Authentication
You've probably noticed it already: Since the July release went live, when logging into the Marketing Cloud, the prompt “Activate the new multi-factor authentication (MFA) feature for your users” appears. Since we've already received a few questions about what this notification means, we'd like to explain today's Feature Friday what MFA is about and how activation works.
What does MFA mean?
In simple terms, MFA means that every Marketing Cloud user must take another step when logging in, in addition to entering a username and password, with which they can confirm their identity. There are three verification methods available in SFMC:
- 1. The Salesforce Authenticator app (for mobile devices)
- 2. Physical security keys such as YubiKey or Google's Titan Security Key
- 3. Third party authentication apps such as Google Authenticator, Microsoft Authenticator, or Authy
Salesforce recommends using multiple verification methods at the same time to always ensure account access. As soon as MFA is activated, it replaces the current Identity Verification Feature (IDV), and thus also the browser verification codes sent by email.
What does MFA do?
Multi-factor authentication provides additional protection against unauthorized logins, for example in the event that user data falls into the wrong hands.
MFA is a common way to increase security in login processes. Verification with a second factor represents a relatively high hurdle, which significantly reduces the risk of unauthorized access. We therefore welcome the introduction of MFA, although it makes the login process a bit more complex.
Do I have to do that now?
No, not right away anyway. Multi-factor authentication is mandatory for all new SFMC customers. IDV can continue to be used with existing accounts — at least for now, because in the long term, MFA is also intended to replace their previous identification method. Salesforce does not specify an exact deadline by which existing customers must have completed the changeover. It is simply recommended that MFA be introduced “as soon as possible.”
How does activation work?
Activation should be prepared and performed by an administrator. The following steps must be followed:
- 1. The administrator notifies all users about the introduction of MFA and prepares for the transition. It must also be ensured that all users can use one of the verification methods when activated, i.e. security keys must be provided or authentication apps must be installed.
- 2. On the day of the changeover, the administrator activates MFA in Marketing Cloud. To do this, click on the “Activate” button in the dialog box that appears when you log in and then activate MFA in the “Security” section. Instructions for this are available in the documentation.
- 3. As soon as users log in afterwards, they must register for one or more verification methods. Here it is recommended that Step-by-step guide to follow from the documentation.
- 4. When logging in next, users must then use one of the registered verification methods in addition to their username and password.
Detailed information about MFA is available here.
