Two-Factor Authentication is Magical

I did the Trailhead about two-factor authentication and was pretty impressed by it. Soon after, I got a request to actually implement it. The timing was unreal. As educational and fun as Trailhead is, actually implementing something often makes you go a bit deeper into the subject.

Definition of two-factor authentication from Trailhead:

What are the two factors?

  • Something users know, like their password
  • Something users have, such as a mobile device with an authenticator app installed

That second factor of authentication provides an extra layer of security for your org.

As an admin, you can require it every time your users log in. Or you can require it only in some circumstances, such as when users log in from an unrecognised device or try to access a high-risk application. After users successfully verify their identity with both authentication factors, they can access Salesforce and start working.

My requirement was to require users logging in outside the company IP ranges to use two-factor authentication in order to login. This was to provide extra security outside of the office.

While I was researching how to achieve this I found a lot of great resources:

I discovered that I needed to create a specific login flow for people logging in outside the company-approved IP ranges.

I’d never created a login flow and wasn’t quite sure where to start. Before I did too much exploration into creating one from scratch, I found an unmanaged package that includes sample login flows. One of the pre-built flows it included matched my requirement exactly.

In the setup search menu, search for “Login Flows” and then once you find it, click “New.” Find the pre-built flow called “Conditional_Two_Factor.” Specify which user license and profile and that’s it. Super straightforward, right?

capture

After that I had the users install the Salesforce Autheticator app on their phones and created a help doc for them. I’ll share the help doc in a future post.

2FA Something you know and something you have

Source: Trailhead

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s