TwoFactorMethodsInfo

Stores information about which identity verification methods a user has registered. This object is available in API version 37.0 and later.

Supported Calls

describeSObjects(), query()

Special Access Rules

You need the Manage MFA in API user permission to access this object. Note that multi-factor authentication (MFA) was formerly called two-factor authentication.

If you try to use Apex DML operations and then query this object in the same call, you get an UncommittedWork error with this description.

A callout was unsuccessful because of pending uncommitted work related to a process, flow, or Apex operation.
Commit or roll back the work, and then try again.

To avoid this error, execute DML operations and queries in separate, asynchronous calls.

Fields

Field Name Details
ExternalId
Type
string
Properties
Filter, Group, Nillable, Sort
Description
A unique system-generated numerical identifier for the user.
HasBuiltInAuthenticator
Type
boolean
Properties
Defaulted on create, Filter, Group, Sort
Description
If true, the user has registered a built-in authenticator on their device, such as Touch ID or Windows Hello. The user can verify their identity by using the built-in authenticator.
This field is available in API version 53.0 and later.
HasSalesforceAuthenticator
Type
boolean
Properties
Defaulted on create, Filter, Group, Sort
Description
If true, the user has connected the Salesforce Authenticator mobile app. The user can verify identity by approving a notification sent to the app. If the user sets a trusted location in the app, Salesforce Authenticator verifies automatically when the user is in the trusted location.
HasSecurityKey
Type
boolean
Properties
Defaulted on create, Filter, Group, Sort
Description
If true, the user has registered a WebAuthn-compatible security key. This field includes all security keys registered or used after Summer ’22. The user can verify their identity by inserting the security key into a USB port to generate credentials.
HasTempCode
Type
boolean
Properties
Defaulted on create, Filter, Group, Sort
Description
If true, the user has a temporary verification code generated by a Salesforce admin or user with Manage Multi-Factor Authentication in User Interface permission.
HasTotp
Type
boolean
Properties
Defaulted on create, Filter, Group, Sort
Description
If true, the user has connected an authenticator app that generates verification codes, also known as time-based one-time passwords (TOTP). The user can verify identity by entering a code generated by the app.
HasU2F
Type
boolean
Properties
Defaulted on create, Filter, Group, Sort
Description
If true, the user has registered a U2F security key. The user can verify identity by inserting the security key into a USB port to generate credentials.

For U2F security keys registered or used after Summer ’22, use HasSecurityKey instead.

Note

HasUserVerifiedEmailAddress
Type
boolean
Properties
Defaulted on create, Filter, Group, Sort
Description
If true, the user's email address is verified.

This parameter is available in API version 43.0 and later.

HasUserVerifiedMobileNumber
Type
boolean
Properties
Defaulted on create, Filter, Group, Sort
Description
If true, the user has self-registered and verified a mobile phone number. Salesforce can text a verification code to the user at that number.

This parameter is available in API version 43.0 and later.

HasVerifiedMobileNumber
Type
boolean
Properties
Defaulted on create, Filter, Group, Sort
Description
If true, the user has a mobile phone number that was added by an administrator or self-registered by the user. Salesforce can text a verification code to the user at that number.
UserId
Type
reference
Properties
Filter, Group, Nillable, Sort
Description
ID of the user who’s associated with the identity verification methods.

Usage

In API version 34.0 and later, this object was enhanced to help manage high instance counts. A query() call returns up to 500 rows. A queryMore()call returns 500 more, up to 2500 total. No more records are returned after 2500.

To make sure that you don’t miss any records, issue a COUNT() query in a SELECT clause for TwoFactorMethodInfo. This query gives you the total number of records. If there are more than 2500 records, use these options to manage your results.
  • Divide queries by filtering on fields like UserId to return subsets of less than 2500 records.
  • Use OFFSET to get batches of 2500 records. Start with an OFFSET of 0 and then increment by 2500. If you use this option, we recommend that you also use LIMIT to limit each query to 2500.

    For example, use an initial query with this structure.

    SELECT <desired fields> FROM TwoFactorMethodsInfo LIMIT 2500 OFFSET 0

    Then, run another query with an offset of 2500.

    SELECT <desired fields> FROM TwoFactorMethodsInfo LIMIT 2500 OFFSET 2500
    Continue to increase the offset by 2500 until you have results for all records.