With new support for biometric methods, verifying your identity in Salesforce just got even easier. Users can register biometric built-in authenticators, such as Touch ID, Face ID, and Windows Hello. Anytime users are challenged to verify their identity, including multi-factor authentication and device activations, they’re prompted to use their built-in authenticator.
Where: This change applies to Lightning Experience and Salesforce Classic in all editions.
Why: There are a few great reasons to let your users verify their identity with built-in authenticators.
- They’re convenient. Users can breeze through identity verification without needing a second device, such as a security key or a mobile device with an authenticator app.
- They’re secure. Built-in authenticators are based on the FIDO2 Web Authentication (WebAuthn) Platform standard, making them extra resistant to security threats, like phishing.
- They ensure privacy. The user’s biometric data never leaves their device.
Before you enable built-in authenticators, it’s important to keep these things in mind.
- The user’s device, browser, and operating system must support the FIDO2 WebAuthn Platform standard.
- To use a built-in authenticator, the user must have access to the device where it’s enrolled. Users who access Salesforce from multiple devices must register a built-in authenticator on each device. We also recommend that users register another verification method, such as Salesforce Authenticator.
Streamline Identity Verification with Built-In Authenticators (Beta) (salesforce.com)