Generic Third party OTP for Salesforce MFA

Key:

To get awareness about MFA, just read this page.

Why another authenticator?

• MFA will be inforced by Salesforce on Feb. 2022. Most orgs will have to use it (Production, Developer Sandbox, Partner community...). It can be complex for a developer to:
  • Connect multiple times to an org everyday, having to access the mobile phone to use a standard authenticator
  • Manage access to multiple orgs, each one having a different key
  • Install a professional app on his personal mobile phone, or install an app not approved by the IT on a desktop
• This is why we need a tool with following properties:
  • Run in the browser, without having to install anything
  • Very quick to run, through a simple bookmark. Boosting the productivity
  • Very light to manage network bandwidth
  • Very standard, based on OATH time-based one-time password (TOTP) algorithm (RFC 6238)
  • Free to use - no billing - no registration
  • Secure - nothing sent to the server

Using this authenticator

Login with Salesforce

Prerequisites : your user must be enabled MFA. Create a permission set with perm "Multi-Factor Authentication for User Interface Logins" and assign it to the user.
If any existing authenticator already configured for the user, remove it (settings | My Personal Information | Advanced User Details | App Registration: One-Time Password Authenticator)
Go to Salesforce login page and authenticate yourself. If the user is configured with SSO, first authenticate with SSO. Else use standard credentials on the login screen.

 

 

Choose another verification method

As the user is configured with MFA and no authenticator is associated, the "Connect Salesforce Authenticator" screen pops up. Don't use it and click on the link at the bottom of the form: "Choose Another Verification Method"

 

Choose a verification method

Click on "Use verification codes from an authenticator app" then click on Continue

Connect an Authenticator App

We will not use the QR code. Click on the link "I Can't Scan the QR Code"

Connect an Authenticator App

Now you can see a key in the middle of the screen (long string in capital letters). Copy/paste it into the form at the top of this screen, this will generate a 6-digit number. Copy/paste this number into the Salesforce formular (Verification Code) then click on the "Connect" button.

This authenticator is now connected to your user; each time you want to login, you will have to use it as a second authentication factor. The key that has been entered is very important; if you lose it, you will not be allowed to login. Keep it in a secure location.
Each time you need to login, use this tool to get a verification code.

Using a webService

Do you prefer a custom automation using an OTP WebService? You can use it to retrieve the TOTP as text plain or JSON.
REST API usage:
https://jla.ovh/mfa?key=thekey
where thekey is used for initialization
Ex: https://jla.ovh/mfa?key=6RRKHT2VFCL3A3HHSOGUKCRJKBLF64BZ
Use in the http headers application/json or text/plain
example 1: curl https://jla.ovh/mfa?key=6RRKHT2VFCL3A3HHSOGUKCRJKBLF64BZ
example 2: curl -H "Content-Type: application/json" https://jla.ovh/mfa?key=6RRKHT2VFCL3A3HHSOGUKCRJKBLF64BZ

Using a bookmarklet

As a developer, if you prefer an automated way to enter your TOTP in the Salesforce login wizard, you can use this MFA bookmarklet.. It will work both for initializing the authenticator (use it on all the wizard pages), and later for authentication. The key will be stored per login in the salesforce mydomain local storage (inside the browser).

This site uses cookies. Find out more.   Decline   Accept