Set Up MFA in Salesforce with Fingerprint

What Is MFA and Why Is It Important?

As data security is one of the most important agendas for every organization, it’s important to implement strong security measures to protect your business and customers.

Usernames and passwords alone are not sufficient protection against unauthorized account access. Multi-factor authentication (MFA) provides an extra layer of security apart from user name and password against threats like phishing attacks, credential stuffing, and account takeovers.

Multi-factor authentication is one of the easiest, most effective ways to help prevent unwanted or account access and protect your Salesforce data. MFA from Salesforce is available at no extra cost!

From February 1, 2022, Salesforce will require all users to use MFA to access Salesforce products.

There are 4 types of Verification Methods available for implementation of MFA.

Salesforce Authenticator - A simple and smart mobile app that users can easily connect to their Salesforce accounts. It is free, Users can simply download it from Playstore and App store for iOS and Android.

Third-Party Authenticator Apps - Apps generate unique, temporary verification codes based on the OATH TOTP algorithm. Apps like Google Authenticator, Microsoft Authenticator and Authy, Users can simply download it from Playstore or App store. Its free and paid versions are available. Apps available for multiple operating systems.

Security Keys - Physical devices that use public-key cryptography.USB, Lightning, and NFC* devices that support the WebAuthn** and U2F standards

Built-In Authenticators - Verify identity with fingerprint, iris, or facial recognition scan, or a PIN or password. Available via a device’s built-in authenticator service (Windows Hello, Touch ID, Face ID, etc)

If due to some specific reason, the user doesn't want to install a mobile app in his mobile device, there is inbuilt authentication available.

System requirement for Built-In Authenticators

  • User’s device, OS, and browser must support the FIDO2 WebAuthn standard.
  • The built-in authenticator service must be enabled and set up ahead of time to verify a user’s identity.
  • For biometric authentication, the user’s device must include a supported fingerprint, iris, or facial scanner.
  • Works only for logins to the device where the built-in authenticator exists

Steps to Set Up MFA with Fingerprint

  • Step 1 - Click on Setup, search Identity Verification in quick find
  • Step 2 – Check on Let users verify their identity with a built-in authenticator such as Touch ID or Windows Hello (Beta)

    prompted to veryfy

Steps for User

Step – 1 User will login using their username and password – Click on their profile pick or Avatar, click on Settings, Click on Advanced User Details and in the Built-in Authenticators section (highlighted) click on Add

Steps For User

System will again ask you to login salesforce. Login again and to register Register a Built-In Authenticator, click on Register and Scan your fingerprint and give it a name.

Log out and login again using your user name and password. After that, click on Verify and touch your fingerprint scanner.


Built-In Authentication is one of the easiest ways to authenticate salesforce login. You can simply touch your finger print scanner or scan your Iris or put your pin to authenticate login.