Environment
Most Salesforce products used at U-M are impacted, including (but not limited to), Service Cloud, Sales Cloud, Marketing Cloud, and Pardot. The only exclusions are specific on-premise products. Please see the Salesforce Multi-Factor Authentication FAQ for details.
Issue
Beginning February 1, 2022, Salesforce will require Multi-factor Authentication (MFA) in order to access Salesforce organizations. All internal users who log in to Salesforce products (including partner solutions) through the user interface must use MFA for every login. All Salesforce customers must comply with the MFA requirement as fulfillment of the Terms of Service.
Resolution
Compliant Configurations
Logging into Salesforce with U-M Web Login (SSO) and Duo Two-Factor Authentication satisfies the Salesforce MFA Requirement. See this Knowledge article to configure your Salesforce org for U-M SSO.
What about sandboxes?
- Salesforce will not require MFA on sandboxes on Feb 1, 2022
- This does not mean an MFA requirement for sandboxes will never arrive
- Salesforce admins should be familiar with how to enable SSO on their orgs
- For sandboxes, Salesforce's own MFA app may also be an option
- The Salesforce Center of Excellence continues to monitor Salesforce's position on sandboxes closely
What about contractors?
If you will have contractors working in your Salesforce Org, they will require a Sponsored Account.
Resources
Salesforce Trailhead Multi-Factor Authentication Quest
- A slide deck from the Salesforce Center of Excellence (SFCOE) with additional details and U-M-specific concerns is attached as a PDF to this knowledge article
- If after completing the Trailhead and reviewing the slide deck you have further questions, please contact the SFCOE via this form
Additional Information
Salesforce has published numerous resources about this requirement, including a Salesforce Multi-Factor Authentication FAQ.
Need additional information or assistance? Contact the ITS Service Center.