Use this link to share with your colleagues:
Connecting an MFA Authenticator App to Salesforce: https://help.pm.leapevent.tech/a/1497656
Your organization is enabling multi-factor authentication, or MFA for short, in PatronManager. What does that mean for you?
It means you'll need to provide multiple authentication methods (factors) in order to log in to PatronManager. This is important for security, to ensure that if someone's email is hacked or their password stolen, your organization's vital patron data stays safe and secure.
In this article, we'll walk through setting up an authenticator app for use with your PatronManager login, so that you can get connected easily and securely to PatronManager. We'll go over:
- What do I need to have with me?
- Salesforce Authenticator vs third-party options: which is right for you?
- Setting up an authenticator in advance (before MFA is enabled)
- Connecting an authenticator if you're prompted upon login
- Getting help if you lost or forgot your phone
Ready? Let's go!
What do I need to have with me to use MFA?
MFA authentication is is similar to how you may have received email verification codes in the past, but it's more secure: instead of using email (which can be hacked) or text messages (which can be intercepted), MFA typically uses a special app that you install on your phone. That means you'll need to have your phone with you every time you log in to PatronManager.
Some organizations may use other methods, like a password manager or a physical USB key; if you'd like to learn more about this, talk to the PatronManager admin at your organization.
Salesforce Authenticator vs third-party apps
There are a few different apps you can use on your phone to authenticate your PatronManager login.
The first, Salesforce Authenticator, is made (clearly) by Salesforce; it's the quickest and easiest to use.
Then there are a variety of other options made by other companies, like Google Authenticator and Authy. Many of those will work as well, and you may prefer to keep one you already use for other login purposes. Here's a quick overview of the two options (click to expand):
You'll download this app to your phone from the Google Play Store (Android) or the App Store (iOS) and connect it to your PatronManager login. It's very easy to set up - When connecting it to PatronManager you'll just enter a temporary passphrase provided by the app, and that takes care of everything. You only have to do that once.
Once it's connected, anytime you log in and need MFA verification, your phone will automatically show a message asking if you're trying to log in to Salesforce. All you'll have to do is tap a button to approve the login, and that's it! Nothing extra to type in, very quick and easy.
Older phones sometimes have a short delay between the login attempt and the approval option appearing on the phone, while with newer devices it's pretty much instant.
If you enable location services on your phone, the app will allow you to set a trusted location (like the box office, for example). This will allow it to automatically authenticate your login much of the time, as long as your phone is in that physical location when you're trying to log in to PatronManager.
These apps are simple to set up and use. Google Authenticator and Authy are approved by Salesforce; if you want to use a different app, talk to your admin.
Configuration typically involves scanning a QR code with the device when prompted by the app to link the app to your PatronManager login. You'll only need to do that part once.
Once it's connected, when you log in and are prompted to authenticate, you'll open the app on your device to find a short numeric code. You'll then type in that code on your computer to authenticate your login (similar to how email verification codes worked before, just in an app on your phone instead of in your email).
The code you'll need to type in changes every 20-30 seconds, so if you type slowly, you may not like this option (use the Salesforce Authenticator app instead).
On the other hand, if you have an older phone, opening a third-party app and typing in the code may be faster than waiting for the Salesforce Authenticator app to register that you're trying to log in.
How to set up an authenticator in advance
Your admin has told you to prepare for MFA, but you're already logged in to PatronManager. Here's how to connect one of the above apps in advance, so you're all set when MFA is enabled.
1. Download the app you wish you use on your phone
For Android, find your app in the Google Play Store; for iOS, find it in the App Store. Download either the Salesforce Authenticator app, or the third-party app your admin has approved. If you're not sure which app to use, talk to your admin.
2. Log in to PatronManager, click on your picture, then click Settings
3. Click "Advanced User Details"
4. Scroll down a little and click "Connect" by the authenticator option of your choice
You can connect more than one authenticator app if you want to (though it's typically not necessary) - just repeat the steps below for each.
If you downloaded the Salesforce Authenticator app, click "Connect" next to "App Registration: Salesforce Authenticator".
If you downloaded a third-party app like Google Authenticator or Authy, click "Connect" next to "App Registration: One-Time Password Authenticator".
5. Check your email for a verification code if prompted
At this point you will most likely be asked to enter in a verification code that has been emailed to you. Note that this is not something to do with an authenticator app but simply Salesforce verifying your identity with existing methods before allowing you to move forward with the process of configuring a new, more secure method.
6. Follow the on-screen instructions and the prompts in the app on your phone
The system will walk you through a short and simple connection process, which varies a little by app. If you get stuck, talk to your PatronManager admin.
How to connect an authenticator if prompted at login
Your organization has already enabled MFA, and now you're trying to log in and being asked to set up an authentication method. Here's how to do that.
1. Start by entering your username and password normally
No pictures to show here, just a normal everyday PatronManager login!
2. You'll see a prompt like this:
3. Download the app you wish you use on your phone
If you haven't done this already, now's the time!
For Android, find your app in the Google Play Store; for iOS, find it in the App Store. Download either the Salesforce Authenticator app, or the third-party app your admin has approved. If you're not sure which app to use, talk to your admin.
4. Click below to see the steps based on the app you chose
Whichever app you choose, make sure that your phone is connected to WiFi or is using cellular data to connect to the internet!
The system will walk you through entering a unique two-word phrase from the phone app onto your computer, which will connect the app to your PatronManager login. That's it, you're done!
To use another third-party app like Google Authenticator or Authy, click "Choose another verification method"
Then select "Use verification codes from an authenticator app" and click Continue
Follow the on-screen instructions to connect the app to your PatronManager login
The system will walk you through scanning the code that appears on the screen in the app, which will connect the app to your login once you scan and click Connect.
If you're not able to scan the code, you can click "I Can't Scan the QR Code", which will give you a string of text you can type into the app instead.
What if I forget or lose my phone?
As inconvenient as it is, these things happen! Here's how the reset process works.
1. Talk to your admin
You'll need help from an admin user at your organization. They can make sure that it's really you (not someone calling or emailing and pretending to be you!), and help you regain access.
If you lose your device or if you suspect your login details were compromised, be sure to let your admin know right away! Securing your organization's data and sensitive patron information is an important part of everyone's job.
Admin users at your organization will either be Users with the System Administrator Profile or your certified PatronManager Admin!
Because the PatronManager Client Support team is not there in-person, our team will be able to provide instructions, but will not be able to take the steps to help you regain access.
2. If you forgot your phone but you know it's in a safe place:
In this case, your admin will be able to provide you with a temporary verification code, which you can type in to verify your login. As soon as you have your phone back in hand, let your admin know so they can disable that temporary code.
To generate a temporary verification code for you to get logged in, your admin will click the Generate link for your User for a Temporary Verification Code (Expires in 1 to 24 Hours).
3. If your phone was lost or stolen:
Tell your admin right away! They'll disconnect the authentication app that you had connected on your phone, to ensure that if your phone was stolen, no one will be able to use it to access PatronManager.
They can then provide you with a temporary verification code as outlined above. Once you have a new phone, you'll go through the steps outlined above to connect a fresh authenticator.
Your admin will click the Disconnect link next to your User's verification method to disconnect your authentication app as a verification method.
4. If you're getting a new phone:
Congratulations! Try to coordinate with your admin in advance so that the process is smooth. As above, they'll disconnect your authenticator app that was used on the old phone, and then you'll be able to follow the steps outlined earlier to connect a fresh authenticator.
Note: if you're using the Salesforce Authenticator app and if you verify your phone number in the app, you may be able to download the app onto your new phone and re-verify the same login connection using your phone number (assuming you're keeping the same number).
I need help with something else related to MFA!
Talk to the PatronManager admin at your organization! They have a wealth of information and resources to help you.