Salesforce Security Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Salesforce Security Guide
Salesforce Security Basics
Authenticate Users
Give Users Access to Data
Share Objects and Fields
Strengthen Your Data’s Security with Shield Platform Encryption
What You Can Encrypt
Platform Encryption Q&A
How Encryption Works
Set Up Your Encryption Policy
Filter Encrypted Data with Deterministic Encryption
Key Management and Rotation
Work with Salesforce Key Material
Rotate Keys
Back Up Your Tenant Secrets
Destroy a Key
Require Multi-Factor Authentication for Key Management
Get Statistics About Your Encryption Coverage
Synchronize Your Data Encryption
Work with External Key Material
Shield Platform Encryption Customizations
Encryption Trade-Offs
Audit and Monitor Your Organization’s Security
Real-Time Event Monitoring
Security Guidelines for Apex and Visualforce Development
API End-of-Life Policy
PDF

Require Multi-Factor Authentication for Key Management

Multi-factor authentication (MFA) is a powerful tool for securing access to data and resources. Salesforce requires the use of MFA for all logins to your org's user interface. In addition, you can add extra security by also requiring MFA for Shield Platform Encryption key management tasks like generating, rotating, or uploading key material and certificates.
Available in: Enterprise, Performance, Unlimited, and Developer Editions

User Permissions Needed
To assign identity verification for key management tasks: Manage Encryption Keys

Make sure that you provide security administrators a way to get a time-based, one-time password. This password is their second authentication factor (in addition to their Salesforce username and password). Otherwise, they can’t complete encryption key-related tasks.

Important

  1. From Setup, in the Quick Find box, enter Identity Verification, and then select Identity Verification.
  2. Select Raise session to high-assurance from the Manage Encryption Keys dropdown.
    All admins with the Manage Encryption Keys permission must use an additional verification method to complete key management tasks through Setup and the API.