Generic Third party OTP for Salesforce MFA

Key:

One-time Password

Updating in "

To get awareness about MFA, just read this page.

Why another authenticator?

Using this authenticator

Login with Salesforce

Salesforce login screen Prerequisites : your user must be enabled MFA. Create a permission set with perm "Multi-Factor Authentication for User Interface Logins" and assign it to the user.
If any existing authenticator already configured for the user, remove it (settings | My Personal Information | Advanced User Details | App Registration: One-Time Password Authenticator)
Go to Salesforce login page and authenticate yourself. If the user is configured with SSO, first authenticate with SSO. Else use standard credentials on the login screen.

 

Salesforce authenticator connect screen

 

Choose another verification method

As the user is configured with MFA and no authenticator is associated, the "Connect Salesforce Authenticator" screen pops up. Don't use it and click on the link at the bottom of the form: "Choose Another Verification Method"

 

Choose a verification method

Click on "Use verification codes from an authenticator app" then click on Continue
Choice of verification method

Connect an Authenticator App

We will not use the QR code. Click on the link "I Can't Scan the QR Code"
QR code for authenticator app

Connect an Authenticator App

Now you can see a key in the middle of the screen (long string in capital letters). Copy/paste it into the form at the top of this screen, this will generate a 6-digit number. Copy/paste this number into the Salesforce formular (Verification Code) then click on the "Connect" button.
Connect an authenticator app
This authenticator is now connected to your user; each time you want to login, you will have to use it as a second authentication factor. The key that has been entered is very important; if you lose it, you will not be allowed to login. Keep it in a secure location.
Each time you need to login, use this tool to get a verification code.

Using a webService

Do you prefer a custom automation using an OTP WebService? You can use it to retrieve the TOTP as text plain or JSON.
REST API usage:
https://jla.ovh/mfa?key=thekey
where thekey is used for initialization
Ex: https://jla.ovh/mfa?key=6RRKHT2VFCL3A3HHSOGUKCRJKBLF64BZ
Use in the http headers application/json or text/plain
example 1: curl https://jla.ovh/mfa?key=6RRKHT2VFCL3A3HHSOGUKCRJKBLF64BZ
example 2: curl -H "Content-Type: application/json" https://jla.ovh/mfa?key=6RRKHT2VFCL3A3HHSOGUKCRJKBLF64BZ

Using a bookmarklet

As a developer, if you prefer an automated way to enter your TOTP in the Salesforce login wizard, you can use this MFA bookmarklet.. It will work both for initializing the authenticator (use it on all the wizard pages), and later for authentication. The key will be stored per login in the salesforce mydomain local storage (inside the browser).
This site uses cookies. Find out more.