Sanjeev Mehta
Recover Salesforce Login Access with Ease: Failsafe Authenticator Setup in Salesforce for Lost or Reset Devices
Multi-factor authentication (MFA) is an authentication mechanism which requires users to verify their identity using username and password along with an additional verification system. This additional verification system could be an authenticator app or a security key.
Salesforce provides support for two types of authenticator apps namely, Salesforce Authenticator and Third Party TOTP (time-based one-time password). Users can register the Salesforce Authenticator app and/or the third-party TOTP authenticator app to connect it to Salesforce account and login securely in Salesforce.
It is highly recommended to register the third-party TOTP authenticator app as a failsafe mechanism due to the following reasons:
Salesforce Authenticator seems to get locked with the device where the authenticator has been installed and configured to approve access to Salesforce orgs. If the device has been lost or reset (or the account has been removed from the Salesforce Authenticator) then you will lose access to the Salesforce Authenticator and will not be able to login into Salesforce even if you re-install the app. This can be an unwanted situation and can typically be recovered if you have another user as System Administrator in Salesforce.
However, if you are the only admin there then it will be difficult or impossible to get back access to org.
It is thus advisable to additionally register Google Authenticator as TOTP app. This is primarily because with Google Authenticator, even if you lose access to the device, you can get back the verification codes once you re-install the Google Authenticator in the new device and login using the same Google account (that was used in Google Authenticator earlier to register with Salesforce).
Steps to register Google Authenticator as TOTP app:
Login to Salesforce and visit the User details page. Click “Connect” link available with “App Registration: One-Time Password Authenticator”
Launch the Google Authenticator app and scan the QR Code from the app. This will register the Salesforce identity and display the verification code along with other identity registrations in the app.
Enter the Verification Code from authenticator and click “Connect” to verify and login into Salesforce instance.
Once the app is registered in Salesforce you can recover access to Salesforce using the Google Authenticator. Even if the device is reset you can reinstall the Google Authenticator app and login using the same Google Account to recover the list of registered apps in it.
Comments