Once users have been notified that they are a users in Lumary DC, to log in, the users must have at least one registered identity verification method that they provide in addition to their username and password. If they haven't set up a verification method, they will be prompted to register one for MFA when they log in.
The registration process connects a verification method to a user's Lumary DC account.
Note: Each user must complete this step themselves — admins cannot do it for them. You can head off confusion and support tickets by making sure your users understand what they must do.
Required packages and permissions
Available with: Lumary 2.10 and later
Updated in: Lumary DC
Supported in: Lumary DC
Permission: System administrator
Before users register a verification method, make sure they understand the verification options available to them. Then refer them to the relevant topics for step-by-step guidance as they complete the in-app registration prompts.
Head to the following Salesforce articles to learn how to:
- Register a Built-In Authenticator as an Identity Verification Method
- Register a Security Key as an Identity Verification Method
- Register Salesforce Authenticator as an Identity Verification Method and
- Register a Third-Party Authenticator App as an Identity Verification Method.
Disconnect identity verification methods that are lost, replaced or not working
As an admin, you may have to disconnect a user’s current verification method from their Lumary DC Salesforce account. This step is necessary if a user has lost their method, or has acquired a replacement method that they want to use instead of their current one. If a user’s method stops working, disconnecting it allows the user to re-register the method and restore its connection to their account.
Important: It’s also best practice to remove all of a user’s verification methods when they leave the company.
Follow the Salesforce articles to:
- Disconnect Salesforce Authenticator from a User’s Account
- Disconnect a Built-In Authenticator from a User’s Account
- Disconnect a Security Key from a User’s Account and
- Disconnect a Third-Party Authenticator App from a User’s Account.
Best practice for security requires users to use phishing-resistant verification methods: built-in authenticators or physical security keys. For more information about the security benefits of these methods, see the WebAuthn guide.
Check out the downloadable MFA Rollout Pack. It provides customisable onboarding templates for each of the verification methods that are supported by Salesforce products.
For more information, you can also head to the Salesforce Multi-Factor Authentication FAQ page.