Apto & Rethink are built on the Salesforce platform, which provides enterprise level security for your account and data. However, usernames and passwords alone don’t provide sufficient safeguards against unauthorized account access. Multi-factor authentication (MFA) adds an extra layer of protection against threats like phishing attacks, credential stuffing, and account takeovers.
MFA requires users to prove they’re who they say they are by providing two or more pieces of evidence – or factors – when they log in. Salesforce's Security team has assembled a complete overview of MFA and the new login process, which will soon be mandatory.
As of February 1, 2022, Salesforce is requiring MFA for all users (including all Apto users) who log in to the Salesforce UI. For more information about this Salesforce requirement, see Announcement of the Future Requirement to Enable Multi-Factor Authentication (MFA) and Salesforce Multi-Factor Authentication FAQ.
Enabling MFA is a two step process:
As an admin, you enable MFA through permissions or profile settings.
Users register verification methods for MFA through their own personal settings.
Salesforce offers several types of strong verification methods for users to choose from:
Salesforce Authenticator Mobile App: A fast, frictionless solution that makes MFA verification easy via simple push notifications that integrate into your Salesforce login process. Use this app in your MFA implementation to increase security while driving a better user experience.
Third-Party Authenticator Apps: Authenticate with apps that generate temporary codes based on the OATH time-based one-time password (TOTP) algorithm. There are many apps available, including Google Authenticator, Microsoft Authenticator, and Authy.
More details on these Salesforce MFA Verification Methods can be found at the Salesforce Help site.
Admin Steps: Create and Assign a Permission Set
Click on the gear icon located in the top right corner and click on Setup.
In the Quick Find search in the top left corner of your screen, type and click on “Permission Sets”. Click New. Provide a name for your new permission set - be sure to put MFA in this name for easy identification. The API Name field autofills when you finish naming the permission set - click Save to add the new permission set.
**Note: Be sure to leave the License drop down menu set to None.
Scroll down and click System Permissions. Click Edit. Scroll down to Multi-Factor Authentication for User Interface Logins, check the box, then scroll back to the top and click Save. You will be prompted to confirm your permissions - click Save.
Finally, assign the permission. Click Manage Assignments. Click Add Assignments. Select all Apto users from your team (including your user account). Click Assign.
NOTE: Do not select the Admin, Apto account when assigning this permission.
User Steps: Register a Verification Method
Once the MFA permission set has been assigned to a user, that user will be prompted to set up a verification method the next time they log in to Apto.
The simplest method is to use Salesforce Authenticator. This is the primary option presented when a user logins in for the first time after MFA is enabled for them.
Click on one of the provided links to download the Salesforce Authenticator app for your device from the Apple App Store, or for Android users, the Google Play app store.
Once installed, follow the prompts in the Salesforce app to receive the two-word phrase. Input this phrase and click Connect.
(Not Required) Alternative User Verification Method
If you do not wish to use the Salesforce Authenticator app, you can click Choose Another Verification Method to use a different authentication app. Many different apps are available on mobile and computer platforms. Salesforce MFA is compatible with any authenticator that generates temporary codes based on the OATH time-based one-time password (TOTP) algorithm. This includes Google Authenticator, Microsoft Authenticator, and many others.
Select Use verification codes from an authenticator app and click Continue.
If your authenticator doesn't allow you to input a QR code or requests a text Key instead, click I Can't Scan the QR Code to set up the key and verification code manually. Enter the Key in your authenticator, and then input the Verification Code provided and click Connect.
ALL USERS will authenticate with their chosen verification method each time they log in to Apto after this setup process is complete.
For more detailed information about configuring MFA, see the Admin Guide to Multi-Factor Authentication, and the Trailhead Module Secure Your Users’ Identity.