Multi-factor authentication for Anypoint Platform

Varun Krovvidi (00:08):
Hello, folks. My name Varun Krovvidi and I'm a product marketing manager here at MuleSoft. Today, I'm going to provide a quick demonstration of multi-factor authentication. What is multifactor authentication? Basically, it is a mechanism to enhance security with additional verification at login. Multifactor authentication requires users to enter two or more factors of evidence to authenticate accounts.

Varun Krovvidi (00:33):
One factor is something that a user already knows, such as a username and a password combination. The other factor is a verification method that a user has, like a code from the Salesforce Authenticator app or TOTP Authenticator, security key, or a built-in authenticator like a Touch ID. When you have both these verification methods, you will be able to get into your account. Now, who is this feature relevant to?

Varun Krovvidi (00:58):
Multi-factor authentication or MFA, is relevant for two key personas. Firstly, for all the administrators. They want to ensure security, but do not want to spend a lot of time managing authentication methods. And they do not want to enable new methods that can break an existing integration flow. Second is for end users. They want to secure their accounts, even if that organization might or might not require it.

Varun Krovvidi (01:23):
But at the same time, they want a log into Anypoint Platform with as few impediments as possible. So let us get into a quick demonstration of this feature. Here I am, logged into Anypoint Platform as an Org Administrator. With the release of this new feature, Org Administrators will be able to see multi-factor authentication on the left-hand side bar in the access management section of Anypoint Platform.

Varun Krovvidi (01:48):
As an Org Administrator, once I click on multi-factor authentication, I move into this section and I can see two settings. By default, multi-factor authentication is optional, but I can require multi-factor authentication to be enabled for my organization, which means all users will be required to enable MFA upon their login from the next time. As an Org Administrator, I also have the ability to exempt some accounts from MFA.

Varun Krovvidi (02:16):
Now, why is this required? Some of our users create user accounts to build integrations for the platform. For example, they might create a user account to call Anypoint Platform from Jenkins. As an Org Administrator, I can quickly exclude those accounts so that it won't break the existing service integrations. Now, I'm logged in as a user. I'm going to go ahead and log out. On the next login, you can see that Anypoint Platform secures my login with MFA.

Varun Krovvidi (02:50):
I'm required to login by providing a verifier, one among the four options provided here. I can set up a standard TOTP application like a Google Authenticator. I can use the Touch ID built into my Mac. If I have a USB key, I can set that up as well. And finally, I have the option of connecting the Salesforce Authenticator. I'm going to select the Salesforce Authenticator to log into the platform.

Varun Krovvidi (03:15):
I'm going to provide the two-word phrase required to add my account to the Salesforce Authenticator. And with the notification from the Salesforce Authenticator on my mobile device, I'm logged in to Anypoint Platform. And as simple as that, my account is secured by MFA. This is for Org Administrators. One of the features we wanted to ensure was to not make it burdensome for end users to enable MFA.

Varun Krovvidi (03:46):
Now, let us pretend that I'm an end user. I can go into my account and go into my profile page here. Here, I have the ability to configure MFA. I can add additional verification methods, delete verification methods, or configure MFA myself from scratch. With that, that is a demonstration of multi-factor authentication for Org Administrators and end users.

Varun Krovvidi (04:13):
In summary, the feature provides the Org Administrators with the ability to enable MFA for their organizations, while excluding service users in order to not break existing integrations. For end users, the feature provides the ability to manage multi-factor authentications from their profile page. At Salesforce, trust is our number one value and multi-factor authentication is going to make our customers and their user accounts more secure. Thank you.