Newer Version Available
Set Two-Factor Authentication Login Requirements for Single Sign-On, Social Sign-On, and Communities
| Available in: Both Salesforce Classic and Lightning Experience |
| Available in: Enterprise, Performance, Unlimited, and Developer Editions |
| User Permissions Needed | |
|---|---|
| To edit profiles and permission sets: | “Manage Profiles and Permission Sets” |
To require two-factor authentication for users assigned to a particular profile, edit the Session security level required at login profile setting. Then set session security levels in your org’s session settings to apply the policy for particular login methods.
By default, the session security requirement at login for all profiles is None. You can edit a profile’s Session Settings to change the requirement to High Assurance. When profile users with this requirement use a login method that grants standard-level security instead of high assurance, such as username and password, they’re prompted to verify their identity with two-factor authentication. After users authenticate successfully, they’re logged in to Salesforce.
You can edit the security level assigned to a login method in your org’s Session Settings.
Users with mobile devices can use the Salesforce Authenticator mobile app or another authenticator app for two-factor authentication. Internal users can connect the app to their account in the Advanced User Details page of their personal settings. If you set the High Assurance requirement on a profile, any profile user who doesn’t already have Salesforce Authenticator or another authenticator app connected to their account is prompted to connect the app before they can log in. After they connect the app, they’re prompted to use the app to verify their identity.
Community members with the High Assurance profile requirement are prompted to connect an authenticator app during login.
- From Setup, enter Profiles in the Quick Find box, then select Profiles.
- Select a profile.
- Scroll to Session Settings and find the Session security level required at login setting.
- Click Edit.
- For Session security level required at login, select High Assurance.
- Click Save.
- From Setup, enter Session Settings in the Quick Find box, then select Session Settings.
-
In Session Security Levels, make sure that Two-Factor Authentication is in the High
Assurance column.
If Two-Factor Authentication is in the Standard column, users get an error when they log in with a method that grants standard-level security.
- Save your changes.