Configuring Salesforce Authenticator for identity verification

ADSelfService Plus supports custom time-based one-time password (TOTP) authenticators for MFA. Below are the steps to set up Salesforce Authenticator as one of the MFA methods for identity verification.

1. Navigate to Configuration > Self-Service > Multi-factor Authentication > Authenticators Setup.
2. From the Choose the Policy drop-down, select a policy.
   Note: ADSelfService Plus allows you to create OU- and group-based policies. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy. Click Select OUs/Groups, and make a selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.
3. Click Custom TOTP Authenticator.
4. Enter the Authenticator Name, Passcode Length, Passcode Expiration Time, Passcode Hashing Algorithm, and Account Name Format.
   Note: All the values provided as options in the fields mentioned above are supported by Salesforce.
5. Upload the Salesforce Authenticator logo image file in the Authenticator logo field.
   Note: If the Authenticator logo is not uploaded, a default logo will be used.
6. Click Save.

To configure Salesforce authenticator as an MFA method for password reset and account unlock:

1. Navigate to the MFA for Reset/Unlock tab.
2. Choose the number of authenticators you wish to enable in the drop-down field.
3. In Select the authenticators required field, check the box next to Salesforce Authenticator.
4. Click Save Settings.

To configure Salesforce Authenticator as an MFA method for endpoints:

1. Navigate to the MFA for Endpoints tab.
2. To enable Salesforce Authenticator as a method of verification during machine login, check the box to enable the required number of factors for machine login and choose Salesforce Authenticator from the list of authenticators.
3. To enable Salesforce Authenticator as a method of verification during OWA login, check the box to enable the required number of factors for OWA login and choose Salesforce Authenticator from the list of authenticators.
4. To enable Salesforce Authenticator as a method of verification during VPN login, check the box to enable the required number of factors for VPN login and choose Salesforce Authenticator from the list of authenticators.
5. Click Save Settings.

To configure Salesforce Authenticator as an MFA method for applications:

1. Navigate to the MFA for Applications tab.
2. Choose the number of authenticators you wish to enable in the drop-down field.
3. In Select the authenticators required field, check the box next to Salesforce Authenticator.
4. Click Save Settings.

To modify the configuration:

1. Navigate to Configuration > Self-Service > Multi-factor Authentication > Authenticators Setup.
2. Click Custom TOTP Authenticator.
3. Click Modify and change the information provided wherever necessary.
4. If the configuration has to be removed, click Remove Configuration.
5. Click Save.

Enrollment using Salesforce Authenticator

1. In the ADSelfService Plus’ user portal, go to the Enrollment tab > Salesforce Authenticator. A QR code will be displayed. If forced enrollment has been configured, the user registration page will be displayed on logging in to the user portal.

   

2. Open the Salesforce Authenticator application on your device.
3. Click Add an Account.
4. Select the Scan QR Code option and scan the displayed QR code.
5. If the operation is successful, your account will be automatically added to the dashboard.
   

   

For successful identity verification, enter the passcode displayed in the Salesforce Authenticator application in the passcode field.