You are here:

Changes to Salesforce Identity Confirmation

Posted Apr 04, 2013 01:45 PM
All you need to know to weather the upcoming changes to the Salesforce Identity Confirmation.

If your organization uses Salesforce.com, chances are you have recently received an email (such as the one pictured below) with the subject, "[Action requested]: Changes to Identity Confirmation". Similar to other services, Salesforce.com attempts to notify users as they roll-out changes to their system, and as is often the case, it can be confusing to know if the changes are actually relevant to you, and if the action is actually required. In this case, it may well be.

salesforce-ident-email

The good news is that the change, while involuntary, is easy to roll back, and is no cause for panic! For many users, it will require either a one-time dismissal of a prompt asking for a phone number, or simply adopting the change and handling your authentication process via your phone.

The nature of the change is to communicate authentication-related information - verification codes, password and email change notifications, and the like - to users via their mobile phones instead of email. While this can be more secure, it's likely to cause difficulty in cases where a single login is shared between users, such as a "board member" or "volunteers" login. While it's easy to share access to email between users, it is more difficult to share a mobile phone number.

What to expect

The changes are involuntary, and at some point will be activated. Some system administrators will have already seen notifications prompting them to activate the change.

Salesforce-activate-changes

It may be easiest to grab the bull by the horns. To activate the update, browse to Setup->App Setup->Deploy-Critical Updates, and click on the "Activate" link next to the "SMS Identity Confirmation" update. If you don't chose to activate it, it will automatically deploy at some point in the future.

Immediately after the update is activated, users will begin seeing a prompt asking for phone number after they log in:

Salesforce-phone-prompt

Users sharing a login, such as a "board member" or "volunteers" login, should click the "No Thanks" link in this display! Other users may enable it or not depending on their preference for how they want to interact with the salesforce authentication system. Adding a phone number into this box will cause Salesforce to communicate authentication information by phone instead of email in the future.

Rolling Back the Changes

Some users and administrators (I am sympathetic to this group) may not want to have to think about the changes, and simply wish to go back to the old way. After activating the update, you can return to the default option of using email verification by browsing to Setup->Security Controls->Session Settings, DE-selecting the checkbox that is labelled "Enable SMS-based identity confirmation", and then hit the "Save" button at the bottom of the page.

Salesforce-disable-change

If your organization uses shared logins, or has other reason to avoid phone-based authentication, this may be the safe choice, and prevent the need to caution each individual user to dismiss the prompt that asks them for a phone number after they log in.

Feel free to contact 501 Commons for more information about the changes, and identity confirmation in general!