Apprentice Hoots: Authenticator apps that work when setting up Multi-Factor Authentication (MFA) in China
Salesforce has introduced a feature called MFA that is mandatory from 1st February 2022. We were aware this was a significant change for our customers and wanted to make sure we offered our support to help set this up for them.
One of our customers has an office in China which proved to be trickier than the usual MFA implementation. In this week’s Apprentice Hoots blog, I wanted to pull together a handy guide of everything you need to know when setting up this new security method for Salesforce users in China.
What is MFA?
Multi-factor authentication is an extra layer of security which is used when logging into your Salesforce system. Instead of requiring only a username and password to login, Salesforce now requires a physical item to verify your identity. This could be verified from an app on your phone or a security key that you plug into your laptop. You can only connect one app and security key per Salesforce user to verify your identity.
Salesforce Authenticator app in China
The most commonly chosen solution when setting up MFA for Salesforce is the Salesforce Authenticator app which is available on the Apple app store and the Google Play store. This is an app that you connect to your Salesforce user account and each time you log in, it will pop up a notification on your phone for you to approve or reject this login.
However, both Google and the Salesforce Authenticator app are not available in China so we had to find alternative options to set up MFA for our customers located in China. With a significant number of users and security keys costing £30 or more per key, we needed to find an app solution.
Alternative app options for MFA in China
There are many authentication apps listed that work in China – many at a cost. We decided to trial the Microsoft Authenticator free app. This can be installed from the Lenovo, Huawei or Samsung Galaxy app store.
How we set up MFA in China
To setup MFA in China, we followed this simple 8 step process:
- Install the Microsoft Authenticator app, sometimes known as just “Authenticator” on your phone.
- Next, click add account and choose “Other (Google, Facebook, etc.)”
- The app will open your mobile’s camera ready to scan a QR code – leave your phone in the state (the camera setting) ready to scan a QR code.
- Using your desktop, log into your Salesforce account.
- The following image should pop up. Click “Choose Another Verification Method” as shown below.
- Click “Use verification codes from an authenticator app” to be able to connect your Microsoft authenticator as shown below:
- Scan the QR code on your desktop using your mobile device that has been left on the camera setting.
- Enter the one-time password code from your Microsoft Authenticator app on your phone into Salesforce on your desktop as shown below:
Microsoft authenticator app Salesforce
Your phone will now generate a code every time you login to Salesforce that you will need to type in to access your user account. You will only need to complete step 8 when logging in in future.
This was an interesting implementation where we had to trial and setup the Microsoft authenticator app to access Salesforce alongside the customer, whilst we were in the UK.
Luckily, the first app we tried (Microsoft authenticator) was a success. When rolling out an implementation, the importance of checking where all users are based and any regulations that may get in the way of the implementation are key takeaways.
Owl see you later,