The purpose of this article is to explain what Multi Factor Authentication (MFA) is and how it benefits the Dealership as added security 

By the end of 2023 Multi Factor Authentication (MFA) will become mandatory for all Blackpurl user logins

We would suggest that this is a good time for you to discuss with your IT which Authenticator is best for your Dealership and get their assistance if required

What is Multi Factor Authentication (MFA) and what is it used for

The simple way to think of it is as additional protection that helps stop all sorts of malicious attackers from getting into systems

To do that, MFA makes you prove that you are who you say you are in more ways than one

Typically, the first proof is by providing the correct username and password

After that, you will be prompted to supply a second type of proof that is different than the first (ie not just another saved password - after all, if your first password was compromised, your second one might have been too!)

That second proof can be a scanned fingerprint or a time-sensitive code to type in or even a physical device you plug into your computer like a key.  Each of these different forms of proof are a factor, which is why this security feature is called MFA

You may have heard of two-factor authentication (2FA) and are wondering if that’s different than MFA - understandably, a lot of people confuse the two:

  • 2FA is simply - two forms of proof

  • MFA is - two or more forms of proof

MFA tends to be a bit stricter about what counts as a different form of proof.  A code texted to you after you’ve supplied a username and password is one of the most typical ways to handle 2FA, but a lot of MFA implementations doesn’t consider text messages secure enough to count as a valid second form of proof. That’s why you won’t see text messages mentioned anywhere else in this document

In essence, MFA is the cyber-security version of two pieces of ID please

Why do we need MFA in Blackpurl

Salesforce, which is the platform that Blackpurl operates on, is now mandating that everyone who logs into a Salesforce organization MUST use multi factor authentication

This mandate will lead to Salesforce auto-enabling MFA for users with full enforcement to be fully rolled out from September 2023

We need to make sure we have full MFA support in Blackpurl before then, especially since this can be quite a different experience for some users.  We don’t want them feeling backed into a corner or surprised at the last moment

Additionally, MFA is a great feature to have and there’s a good reason why all sorts of business, including Salesforce, are mandating it

MFA keeps customer data safe and that’s something we all definitely want

Enabling MFA for a user in Blackpurl

Dealerships now have the ability to start enabling MFA for your users from System Settings > Users 

There is a banner that will indicate that MFA is now available on your system but at the moment you still have the option of enabling or disabling per user

However there will come a time where the option will be removed due to the full enforcement being rolled out by SalesForce

To enable MFA for one of your users simply select the pencil icon to access the Edit licensed user screen and move the toggle from NO to YES 

Don't forget to

Which Authenticator to use

We would suggest that your Dealership (or your IT) have your selected Authenticator organised prior to switching on the MFA in Blackpurl 

Your Dealership can use any of the authentication methods that are supported by your Salesforce products MFA functionality and whilst we do not recommend any particular Authenticator, these are a few that the Dealership (or your IT) can select from:

  • Salesforce Authenticator mobile app (available on the App Store or Google Play)

  • Time-based one-time passcode (TOTP) authenticator apps like Google Authenticator, Microsoft Authenticator or Authy

  • Security keys that support WebAuthn or U2F, such as Ybico's Yubikey or Googles Titan Security Key

  • Built-in authenticators such as Touch IF, Face ID or Windows Hello

Keep in mind that Blackpurl will be unable to support and/or assist with your setup and /or any issues with the Authenticator that your Dealership elects to use

If the Dealership is running into issues with the Authenticator then they will need to contact their IT

Please contact Blackpurl Support if you need a one off Temporary Code 

Salesforce Authenticator App

If you wish to use the Salesforce Authenticator App as your method of authentication the instructions below describe the user experience, please pass this information to your IT person:

Regular login screen:

Next the user will be prompted about the Salesforce Authenticator:

If the user has a smart device (phone or tablet) that they’re allowed to use at work, they can follow the instructions here to install the Salesforce Authenticator App.  This is going to provide the most hassle-free experience for the user.

After installing the Salesforce Authenticator App, it should look like this:

After selecting "Add an Account"

Type the two word code from the app into the login screen (or use the Scan QR Code option by hitting “Choose Another Verification Method” at the bottom of the login screen):

After hitting connect, in the app, you should see something like this:

For all future logins now, after the user provides their username and password, they’ll get prompted with:

The notification they will receive on their  device from the Salesforce Authenticator App and, tapping on it, they’ll see something like:

After a couple of approvals from the same location, assuming the Authenticator has been given the permission to see the user’s location, it will prompt the user with the “Always approve from this location” action

If the user toggles that on and hits ‘Approve’ one last time, the Authenticator will now auto-approve any login the user makes as long as they have they have the device with their Authenticator with them and they are at the location in question