As Salesforce’s February 2022 deadline for Multi-Factor Authentication (MFA) quickly approaches, many companies are still working towards implementing MFA for their orgs. Red Argyle was able to implement MFA internally back in August. We thought with the deadline approaching, it would be a good time to look back and reflect on the process with the hope in mind that our experience might help you in your MFA planning and enablement.
Amelia Pestillo our internal MFA expert, and CTO, and founder Tom Patros, recently got together for a Q&A to reflect on the process of implementing MFA with a special guest appearance from CEO Garry Polmateer.
- Amelia: Tom, how does implementing MFA support Red Argyle as a business and its clients?
Tom: “MFA is a key pillar of cyber security and data protection. Salesforce recognizes this, which is why they are enforcing MFA in all orgs early next year. As a Salesforce consultancy, we always seek to stay ahead of the curve so we can wield the Salesforce platform as experts on behalf of our clients. As a business, we want to protect our Salesforce org as well, which has become our system of record in many ways.”
- Amelia: When we initially decided to begin the process of implementing MFA, what was your greatest concern or hesitation?
Tom: “My only hesitation was making sure we could be thorough in our analysis of how MFA would be applied not only to Salesforce, but to as many SSO-enabled applications in our organization as possible. We use Google Workspace as our identity provider, which ultimately allows us to manage identities for Google, Slack, Salesforce, and many, many other systems in our landscape. All of these platforms now benefit from MFA through our identity provider (Google).”
- Amelia: Did you feel like the way in which we mapped out our implementation process was well defined? Is there a part of the process you would have wanted to improve from a business standpoint?
Tom: “Our team was very thorough. We validated configuration steps multiple times against Salesforce’s documented recommendations. We inventoried all existing Connected Apps and API integrations to ensure no automations would break (most were using OAuth already). We piloted an MFA rollout with a smaller group of users (highly recommended), and we had contingencies in place in the event that there were access issues (which were minimal – typically due to minor configuration issues). In the end, the rollout was transparent to most end users.
- Amelia: What is one thing you would want to say to other Administrators who are hesitant to enable MFA?
- Be thorough in your analysis (to update or deny access to applications connecting to Salesforce).
- Lean on your company’s standard identity provider if possible (Google, Active Directory, Okta, Auth0, etc).
- Run a pilot with a small group of users (permission set assignments make this easy).
- Over-communicate the rollout plan and have contingencies in place if users face issues.
- Amelia: Garry, what were your key takeaways from the process of implementing MFA?
Garry: “With the number of systems now requiring MFA, most users were able to adopt pretty easily. Planning was critical and necessary to make the project successful. Having support available on demand during the rollout was important as well. Even the best plans can have unintended consequences, so again support online is critical in case something stops working that wasn’t planned for. Communication is critical as I can expect most users are not prepared or have no interest in turning on additional steps required to log in (however proper SSO can avoid this completely).”
MFA takes a lot of careful planning, and we can help. Reach out to us at email@example.com with any questions about MFA, how it could impact your company and how to prepare. We’d love to hear from you!
In the meantime, check out our previous MFA articles. They’ll give more insight on what MFA is, why it is important, and steps on how to implement it.