Salesforce MFA switch over

1st Feb 2022

As a customer of XCD, you’re using the software to manage your HR and/or Payroll data. This kind of data is very sensitive and should be protected to the highest possible standards. The platform XCD is built on (Salesforce) is introducing additional protective steps by requiring all user logins to the system to utilise Multi-Factor Authentication (MFA). These changes will come into effect imminently, so you will need to take steps to make sure your organisation is ready. 

What is Multi-Factor Authentication? 

MFA is a secure authentication method that requires users to prove their identity by supplying two or more pieces of evidence (or “factors”) when they log in. One factor is something the user knows, such as their username and password. Other factors are verification methods that the user has in their possession, such as an authenticator app or security key. By tying user access to multiple factors, MFA makes it much harder for common threats like phishing attacks and account takeovers to succeed. 

Why is MFA important? 

The global threat landscape is constantly evolving, and the types of attacks that can damage an organisation and exploit consumers are on the rise.

As organisations transition to support remote work environments, it’s more important than ever to implement stronger security measures. MFA is one of the easiest, most effective tools for enhancing login security, and safeguarding your organisation’s data against security threats.  

When is it going to happen? 

1st February 2022, so you will need to have completed your tasks and internal comms in advance of this date. 

What will the impact be on my users? 

Once MFA is enabled, they will experience the same kind of process you see when you log into your banking app, when you’re asked to register a phone number so you can receive a One Time Password in order to log in. This applies to all people logging into XCD, whether that be from a desktop, tablet or the mobile app.  

End User Guide & Video: 

The only type of user this change does not apply to are candidates submitting applications to XCD’s Recruitment module via your website. Unless the business wants them to use MFA they will not experience any changes and will continue being able to submit applications as normal. 

What do I need to do?  

Speak with your IT team to confirm which of the below scenarios best describes you, and then take the corresponding action.  

Scenario One– You have enabled Single Sign on (SSO) in your XCD org. 
If you are in this category, then the impact on you and your employees should be relatively minor. There are some things that your IT/HR Admins should check to ensure Salesforce MFA is not applied for logins through SSO. 

System Admin – Single Sign On (SSO) Preparing for MFA

Scenario Two– Your users log in with a Username and Password but you have already enabled MFA. 
In this category you may be comfortable continuing with MFA for your users – however, you may want to consider moving to Single Sign-On and a simpler alternative - see Set Up Single-Sign On for Your Internal Users. 

Scenario Three– Your users log in with Username and Passwords and you don’t yet use MFA. 
If you are in this category your users are likely to see the biggest change which you will need to plan for to avoid disruption. The simplest way forwards will be to implement Single Sign-On before the 1st of February 2022 deadline. However, if you are unable to do this we recommend deploying MFA to your users in phases in advance of the deadline. Steps to get setup can be found here:  

Preparing For and Deploying MFA – Admins Guide 

Preparing For and Deploying MFA – Admins Video 

I have questions I think I need XCD’s help with, what should I do?  

Please log into the XCD Community Portal and raise a case using the subject line “MFA Questions” and provide as much info about the nature of your queries. A member of the XCD team will review and come back to you. 

What is the impact of doing nothing?  

Salesforce will push out Multi-Factor Authentication on the 1st February 2022. If you have not taken the steps above and completed any required internal communications to your users, they are likely to experience difficulty logging in with the new process which may result in a large number of queries to your HR or IT helpdesk. We advise putting the recommended steps in place to avoid that situation. 

Is there any other information about Salesforce MFA that you can point me to? 

Yes, please see the links below: 


Back to the top

Join thousands of HR and Payroll professionals and get news, thoughts and advice direct to your inbox