Newer Version Available

This content describes an older version of this product. View Latest

Set Two-Factor Authentication Requirements for API Access

Salesforce admins can set the “Two-Factor Authentication for API Logins” permission to allow using a second authentication challenge for API access to Salesforce. API access includes the use of applications like the Data Loader and developer tools for customizing an organization or building client applications.
Available in: Both Salesforce Classic and Lightning Experience
Available in: Contact Manager, Database.com, Developer, Enterprise, Group, Performance, Professional, and Unlimited Editions

User Permissions Needed
To edit system permissions in profiles: “Manage Profiles and Permission Sets”
To enable this feature: “Two-Factor Authentication for User Interface Logins”

The “Two-Factor Authentication for User Interface Logins” permission is a prerequisite for “Two-Factor Authentication for API Logins”. So, once these permissions are enabled, users must enter a second authentication value when logging in to Salesforce through the user interface. This second factor of authentication is also called a “time-based one-time password” (TOTP) or “time-based token.”

Users can connect an authenticator app to their account to generate the time-based one-time password.