#MFA - Getting Started1 discussing

When our automation scripts are executed in Azure devops, they are failing because of verification code. In my local machine I was able to bypass verification code step by adding my local IP in Salesforce network access settings. I am aware that we can disable it at profile level but I am looking for a solution to disable verification code at user level. Please suggest what could be the best approach here.

Hi - In our Sandbox (running Summer '22) Session Settings there is an info pop-up that references the user permission "Waive MFA for exempt users". It sounds like a good idea to assign to our External Identity users to ensure that MFA isn't required when Salesforce eventually enforces MFA globally. (Note: I do understand that MFA is not required for external users, I just want to be extra cautious.)

Does anyone know where this "Waive MFA" permission is? I assume it's Summer '22, but I can't find it in our Sandbox where I expected in either Sessions Settings or in Permission Sets-->System Permissions. Thank you!

How to allow Admin users to bypass SSO to log in directly to Salesforce with a username and password

Hi, we have set up SSO/MFA on our Org, using Azure AD as our Identity provider. Doing this has removed the native Salesforce login for all users.  BUT we want to allow for Admin users to bypass SSO and have the option to log in directly to Salesforce with a username and password in case of a problem with SSO login and for other Admin tasks like Sandbox set up and maintenance.  Any help or tips on how to allow for this kind of setup?  Azure SSO works fine but when attempting to browse to the URL - http://login.salesforce.com/ we are not able to login with our usual SysAdmin username and password.    The suggested solution in MyDomain settings to "Keep 'Login Policy' unchecked "  seems to me to be an insecure workaround rather than a stable and secure solution for allowing the option of a separate local Salesforce login for our Admin users?    Do Salesforce have any official guidelines for a separate local logon in an enforced / compliant SSO-MFA environment?  Seems a major omission if not? 

We are using Microsoft Authenticator. One of my users followed the prompts and scanned the QR code but then for some reason, it's not showing up. It worked the very first time she used it but then didn't the second/future attempts. How can she go back to access the QR code to get it set up properly? 

I've implemented MFA in our Sandbox using the Salesforce Authenticator app and have everything setup for myself to test.  When I attempt to login to Salesforce I get the message "Use Salesforce Authenticator to approve the request to Log In to Salesforce." stating they've pushed the notification for me to Approve/Deny it to my phone.  However, I never seem to get those push notifications.  I always have to click Having Trouble and using other verification methods for logging in and use the code from the authenticator app.  After doing that I'm able to get in.  Has anyone else been experiencing this issue?  Thanks

Hi, we have implemented SSO / MFA using Okta and all SF users have downloaded the Okta verify app.  One user (in addition to me, the admin) has access to Dataloader but they can't log in to it since we set up MFA.  She keeps getting the 'invalid password' error, even though the correct password is being used. We've tried adding the security token to the end of the password, clearing cookies and cache, uninstalling and reinstalling Dataloader and switching her to use the SF verification app instead of Okta. Nothing works, the login history just keeps returning 'invalid password'.

It feels like we are stuck in a loop and I don't know how to break it. I can use Dataloader fine so we know it SHOULD work, it just doesn't.

Has anyone got any suggestions of things we can try?

One of our vendors, who has had "Account Login Access" for the past few weeks is unable to login this morning with the following error:

Can't Log In to Subscriber Org

Multi-factor authentication (MFA) is required to log into subscriber orgs from the Subscriber Support Console. To request permission to access the Subscriber Support Console, or to set up MFA for your License Management Org (LMO), contact your salesforce admin.

My user currently has the permission set for Multi-Factor Authentication for User Interface Logins.

Kennt jemand eine Lösung, wie Salesforce User (Innendienst) die kein mobil-Phone haben, eingerichtet werden müssen, damit MFA erfüllt wird? Bislang habe ich keine kostenlose, aktzeptierte Lösung seitens Salesforce erhalten.

I need the Metadata for my Salesforce Org (Sandbox for Testing, then Productive) to setup Single Sign-On.

The Description here:

https://help.salesforce.com/s/articleView?id=sf.identity_provider_examples_3p_adfs.htm&type=5

says in the section "Configure Salesforce" :

"Salesforce metadata is downloaded as an XML file that AD FS 2.0 can consume."

However, I find no way to download the metadata file in the saleforce setup.

Under "SAML Single Sign-On Settings" I find the option to import a metadata file, but nowhere a way to export the salesforce metadata.

Any hint how this can be done is highly appreciated.