Salesforce B2C Commerce 24.7 > B2C Commerce Release Notes

Get Ready for Multi-Factor Authentication Enforcement in May

The requirement to use multi-factor authentication (MFA) when accessing Salesforce products went into effect on February 1, 2022. To help customers satisfy this requirement, MFA will soon be a permanent part of the B2C Commerce login experience. Starting May 1, 2022 and continuing on a rolling basis through the end of May, Salesforce is enabling and enforcing MFA for all users who log in directly to B2C Commerce applications.

Where: This change applies to Business Manager, Account Manager, Log Center, Control Center, and On-Demand Sandboxes for Salesforce B2C Commerce.

When: May 1 through 31, 2022

How: Here's what to expect:
  • On behalf of customers, Salesforce will automatically enable MFA for all users who log in directly to B2C Commerce. Users already logging in with MFA won’t be affected.
  • To enforce MFA, we’ll remove the option for admins to turn off or modify MFA settings for their organizations.
  • After MFA is enforced, all users must use MFA each time they log in. If a user hasn’t already registered for MFA, they’ll be prompted to do so before they can get access to their account.
Note: If you use SSO to access B2C Commerce, Salesforce won't enable or enforce MFA for your SSO identity provider. However, you are contractually required to implement MFA for all your users who access B2C Commerce through SSO. To satisfy this requirement, you can use your SSO provider’s MFA service.
There are some use cases that are exempt from the MFA requirement. If any of these situations apply to your implementation, take the following steps before MFA is enforced to avoid potential disruption to your business.
  • If you use the ROPC grant type, you may need to change to the client credential grant type or authorization grant type. See Password Grant Type Changes for Salesforce B2C Commerce for more information.
  • If you use automated user interface testing tools, see β€œHow do I use MFA with system users/automated processes?” in the B2C Commerce Multi-Factor Authentication FAQ.
  • If you’re planning to use a combination of trusted devices and trusted networks to satisfy the MFA requirement, contact your Salesforce representative.

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.