Newer Version Available

This content describes an older version of this product. View Latest

Set Multi-Factor Authentication Login Requirements for API Access

You can set the Multi-Factor Authentication for API Logins permission to use a second authentication challenge for API access to Salesforce. API access includes the use of applications, like the Data Loader, and developer tools for customizing an organization or building client apps.
Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
Available in: Essentials, Contact Manager, Database.com, Developer, Enterprise, Group, Performance, Professional, and Unlimited Editions

User Permissions Needed
To edit system permissions in profiles: Manage Profiles and Permission Sets
To enable this feature: Multi-Factor Authentication for User Interface Logins

Multi-factor authentication (MFA) was formerly called two-factor authentication or 2FA.

Note

The Multi-Factor Authentication for User Interface Logins permission is a prerequisite for the Multi-Factor Authentication for API Logins permission. Users with these permissions must complete multi-factor authentication when they log in to Salesforce through the UI. Users with mobile devices can use the Salesforce Authenticator mobile app or a third-party authenticator app as a verification method for MFA. Then they can use verification codes (time-based one-time passwords, or TOTP) from the app for multi-factor authentication.

For developer tools that use API logins, users log in with a security token or TOTP instead of Salesforce Authenticator when multi-factor authentication is enabled.

API Only users can access the UI to register for MFA only. After a successful registration, API Only users can no longer access the UI.

Note