Ensuring MFA is enabled on your Salesforce account
After April 2024 it is expected that MFA will be enabled by default on all user accounts, however if your user account does not currently require MFA authentication then MFA may be enabled using the following procedure;
- Log in to your Salesforce account and click Settings from the drop-down menu next to your profile picture in the upper right corner.
- Find and click on: "Advanced User Details" then next to the App Registration One-Time Password Authenticator click Continue
Logging in to Salesforce when asked to connect to Saleforce Authenticator
After a user logs in to Salesforce (with MFA enabled), it is possible the user will initially be asked to connect to Salesforce Authenticator;
If you have been presented with this request then use the following procedure to change verification method to connect by an authentication app;
Scroll down to the end of the form then click on the option "Choose Another Verification Method";
You will then be presented with the available MFA authentication options, select "Use verification codes from any authentication app (such as Google Authenticator or Authy");
Once this option has been selected, and after clicking on "Continue", you will presented with the form headed "Verify your Identity", and a QR code will be shown (example below);
Logging in to Salesforce when asked to connect an Authentication App
If you are presented with a request to connect to Salesforce using an Authentication App, you will be presented with a screen similar to the following;
The requested code may be produced using your programmable token, but first you will need to burn the token with the details provided in the Supplied QR code.
(Please Note: Do not scan the demo image shown above)
Burning the programmable token using the Salesforce QR Code
You can use the QR code that is displayed in the connection request to burn your programmable token.
Salesforce OTP codes use 30 second tine windows using the SHA1 algorithm so use the following procedure with these settings to burn your token (using the QR code they supplied);
- To program a SafeID/Diamond token with a QR code, launch the SafeID/Diamond programming tool.
Click the Scan QR Code button
Select Scan Screen.
If succeeded, the Seed box should be filled with the token's seed data.
Now, select your smart card reader from the Reader drop-down list, e.g. "HID OMNIKEY 5427 CK"
Press the Connect button
Now, switch on a SafeID token and place it on the reader.
The tool will read out the token's serial number and time, and display them:
If you want to correct the clock on the token, then leave the "Sync Token Clock" checked, but first ensure the time on your pc is set correctly.
Switch off the token and switch it on again to generate a new code
Related Articles
Once the programmable token has been burned with the seed data in the QR code you should reset the device (power it off then on), then at the salesforce prompt copy the 6 digit OTP code into the field prompted "Verification Code";
Your Saesforce account is now ready to be accessed using the OTP codes generated by your programmable token..
Salesforce User Logon Experience using the programmable token
When you log in to your Salesforce account you will be asked to verify your identity.
The following screenshots show the screens that you should expect to see when authenticating using the programmable token;
Turn on your programmable token and copy the 6 digit code displayed on the token into the field "Verification Code";
You will now be granted access to the your salesforce account.