Lessons Learned: Identity Verification and Two-Factor Authentication

Has this happened to you yet?

  • A user can’t log into Salesforce because they set up an authenticator app, then changed phones.
  • A user can’t log into Salesforce because verification was sent to their phone, but they don’t have it with them/don’t have that phone number anymore.

For some reason, this month has been verification/authentication hell for me. As a fairly advanced admin, I was shocked to discover how little I really knew about how to troubleshoot user login issues! Some things I learned…

Not all authenticator apps are created equal.

There is a Salesforce Authenticator app available in Google Play or the App Store – you can find supported devices and org requirements here. Salesforce Authenticator has some really powerful features, especially version 2 – but is only designed for Salesforce account authentication.

Google authenticator is another commonly used app for Salesforce authentication, but there are many others available. Salesforce allows other authentication app usage, but obviously they are not able to provide support for any issues you may have with those apps. Other authenticator apps can be used for pretty much anything – email accounts, Facebook, Twitter, etc. – and with the danger of account hacking growing every day, I highly recommend using two-factor authentication for everything that you possibly can.

To sever the connection between an authentication app and a user account, the two-factor authentication must be disabled on the User record.

There are two places to do this, depending on the type of authenticator the user has chosen. Look for a link that says Disconnect and click that.

Note: if the user is required to have two-factor authentication, they will be prompted to set it up again the next time that they attempt to log in. To disable this, find the profile or permission set that has “Two-Factor Authentication for User Interface Logins” checked (in System Permissions), and uncheck it.

That “Temporary Verification Code” isn’t a magic unicorn.

Ever try to use this code to solve an identity verification or authentication issue?

That code is a temporary substitute for an authentication code, but will only work if the user is logging in on a recognized device. It will not work on a new device or an unrecognized browser. Now we all know.

As of Spring ‘16, users will be prompted to verify their identity on unrecognized devices even if they log in from an IP address that was authenticated prior to the Spring ‘16 release.

To avoid this situation, follow the steps in this knowledge article.

But what if a user doesn’t have their phone handy? They are trying to log in or reset their password, but they can’t get the verification codes that are being texted to them! Don’t panic. This is easier than you’d think (so I won’t tell you how long it took me to figure it out). Here is the quick & dirty three-step process:

  • Delete the number in the Mobile field on the User record.
  • Make sure that the user has email verification enabled. This will be in their profile, or in a permission set, in System Permissions, and it is called “Email-Based Identity Verification Option.”
  • Make sure that the user is not required to use two-factor authentication. This will also be in System Permissions, in a profile or permission set, and is called “Two-Factor Authentication for User Interface Logins.”

Choose authentication and verification requirements wisely.

As an admin, there are many ways to secure your org with identity verification and/or two-factor authentication, some that your company might not even know are possible. How long has it been since you reviewed your security settings? Is it time for an overhaul? The requirements will vary based on the sensitivity of your data, compliance regulations, etc., but if you have not given serious thought to this lately, it may be worth a discussion.

And if you aren’t sure where to start, there is always this tweetfrom Mark Burnett…

Dreamforce ProTips: Know Before You Go

Dreamforce is almost here – can you believe it? At our last user group meetup, we talked about Dreamforce preparation. (Add that to the list of things I love about my local Salesforce community!) We do this every year, and every year the list grows. Dreamforce is huge and overwhelming, and if you aren’t ready for it, you may not get as much out of the week as you hoped.

Here are some of the best tried-and-true Dreamforce tips, courtesy of the Portland Salesforce community. Enjoy!

COMMUNITY/SOCIAL

  • Join the Dreamforce group in the Success Community to stay in the loop on all things Dreamforce. Are you a first-time attendee? Join the New to Dreamforce group for even more info, specific to newbies!
  • The agenda builder is rumored to be going live on September 7th, and it is much easier to register for sessions if you add them to your favorites ahead of time.
  • Sign up for every event, every night of the week. Note: I did not just say “GO to every event.” Just RSVP yes to everything, even if you are double- or triple-booking yourself. During the conference, your plans will be constantly changing, especially as you meet people and hear about different things. If you’ve already signed up for all of the parties, you won’t have to worry about signing up last-minute. You can also join this Community group for Dreamforce events.
  • Are you on Twitter? Follow @dreamforce, and tweet using the hashtag #DF16 during the week. Many Dreamforce sponsors will also be leveraging Twitter for prize giveaways and contests, so watch for those as well.
  • Have you uploaded a picture to your Chatter profile (the one that you used to register for Dreamforce)? FYI, your Chatter picture will be the picture that is used on your Dreamforce badge. Just so ya know.

GETTING AROUND

  • Watch the Dreamforce community group for a campus map, and keep distance in mind when you schedule your sessions. Some locations are a good hike from the Moscone Center – plan accordingly!
  • Wear comfortable shoes. As in, the most comfortable shoes you own.
  • The streets will be extremely congested – walking or taking a pedicab is actually faster than shuttles or taxis!
  • Don’t carry more than you need. Make sure you have a tote bag or backpack that you can haul around all day.
  • Is your hotel too far to walk to and from the Moscone Center each day? Get a visitor Muni Pass so that you will have easy access to public transportation.

PREPARATION

  • Watch the Road to Dreamforce each week. Missed an episode? You can watch the recordings afterward!
  • Get the Dreamforce Trailhead badges – Dreamforce ‘16 Ready and Dreamforce & Beyond – to be extra prepared. And hey, who doesn’t want more badges?
  • Make a list. It can be a short list – maybe there are just two questions that you really want to get answered at Dreamforce. Maybe it’s a long list of people you want to meet. Whatever it is, have at least one goal for the week. You will get so much more out of Dreamforce if you approach it with a plan and a sense of purpose.
  • Have you been thinking about getting certified? Dreamforce is the best place to do it, because the exams cost half the normal price. You may also want to consider taking one of the many classes that are offered right before the conference – this can save a lot of money, since you are already going to be there! If certification is part of your plan, start studying ahead of time so that you don’t have to cram at the last minute.

WHAT TO PACK

  • Pack light! Make sure to leave room in your suitcase for the Dreamforce backpack and all of the amazing swag you’ll be collecting throughout the week.
  • Pack and wear layers! Temperatures will fluctuate from day to night, indoor to outdoor. Check the weather forecast the night before you leave, and be prepared.
  • I said it before, and I’ll say it again – comfortable shoes. I will be in sneakers or flat-heeled boots all week.
  • Do you tweet a lot, or use your phone for notes and reminders? Carry a charger with you at all times, or bring a battery pack, which I just got for my iPhone – so that you don’t run out of juice before the day is done!
  • Bring a refillable water bottle, and stay hydrated! There are plenty of water fountains and water coolers for refills.
  • Planning on networking? Bring lots of business cards. Bring more than you think you will need – once you start meeting people and attending events, you will be handing them out faster than candy on Halloween.
  • Do you tend to get “hangry” if you haven’t eaten in a while? Bring snacks with you. Have you booked out most of your week from dawn till bedtime? Bring instant oatmeal or protein bars so that you can have a quick breakfast every morning while you get ready.

DURING DREAMFORCE

  • Check in on Monday if possible, and as early as possible. The check-in lines can be huge – and they only get worse as the week progresses.
  • Does your hotel offer free coffee? Grab a cup as you are leaving each morning – the lines at Starbucks can be far too time-consuming.
  • Were you unable to register for a session that you really wanted to attend because it was full? Good news – they are not really full! Some seats are set aside for walk-ins, so if you really want to be in a particular session, show up at least 20 minutes early and wait in the walk-in line.
  • Are you a note-taker? Well, you don’t need to write down everything – most sessions are recorded, and the slides will be posted to the session’s Chatter feed in the weeks following Dreamforce. I used to try to write down everything, and take pictures of the slides, until I realized that it was truly unnecessary! Now I tend to only write down a few key points from my favorite sessions, to remind myself what I wanted to take from them.
  • Are you attending Dreamforce with a group of co-workers? Abandon them. Seriously, get out there and mingle. Hang out after a session and ask the presenter some follow-up questions. Sit down at a random table for lunch and talk to strangers. You can see your co-workers every day at work – Dreamforce is a great place to meet different people from different places, to network, start new friendships, and get inspired!
  • Lunch lines too long? The Westfield mall is right up the street from Moscone – their basement food court is my favorite place to grab a quick, cheap lunch.
  • There is more to Dreamforce than just keynotes and sessions. Visit the admin zone and the dev zone to chat with experts and collect tips & tricks. Visit the cloud expo for awesome sponsor swag and in-person demos of hundreds of tools that might be useful to your org. Get out and explore.
  • Wellness is crucial. Take Airborne or Echinacea or Emergen-C every day. Bring hand sanitizer. Don’t drink too much alcohol. Get the sleep that you need. If you normally work out or do yoga, make time for that throughout the week. If you are introverted or don’t like crowds, set aside some quiet time to recharge in your room. It’s easy to get overwhelmed, but it’s far worse if you aren’t feeling your best.

GOT MORE TIPS? Did I forget anything? Leave a comment with your favorite Dreamforce tip! See you there!

Reporting Snapshot Pitfalls to Avoid

Reporting Snapshots are pretty high on my list of all-time favorite features in Salesforce. They allow me to capture records at a particular moment in time, repeatedly, for super-accurate trend reporting. They are similar to the Historical Trending feature, but with less limitations.

Creating a Reporting Snapshot is easy – so easy, in fact, that I’m not writing about that today! If you’ve never created a Reporting Snapshot, these instructions will walk you through the following steps:

  • Creating a Source Report
  • Creating a Target Object and custom fields
  • Creating a Reporting Snapshot
  • Mapping fields from the Source Report to the Target Object
  • Scheduling the Reporting Snapshot

As with most things in the Salesforce universe, there are lessons that can only be learned through experience – or avoided, if someone warns us! So here are my warnings to you… the what-not-to-do’s of Reporting Snapshots.

Pitfall #1: The over-filtered source report

The source report should include all records that need to be captured in the snapshot. I’ve seen a lot of emphasis placed on how often a snapshot is taken – but what I find far more important is, which records are included in the snapshot? The more records you include, the more ways you can slice and dice the historical data however you like. But if you place too many restrictions on the initial data capture, you cannot go back and retrieve it.

Here is an example of an over-filtered source report:

Sure, maybe this was fine when the snapshot request first came to me… but what happens when someone comes back and says that they also want to see closed won and/or lost opportunities in the snapshot, or deals that are further out than the current quarter? I highly recommend not filtering by opportunity stage, case status, etc., and using a date range such as “Current and Next 3 FQ” or “Current and Next FY.” Pull as much data as you can into the source report, because you can filter things out when you run snapshot reports or list views – much like cropping a photo – but you cannot add things that were not there to begin with.

Pitfall #2: Not enough fields

You can create up to 100 fields on the source object for your reporting snapshot. One hundred fields! So… do I even need to say what is wrong with this picture of my field mappings?

What if, at some point, we wanted to sort our opportunity snapshots by Lead Source? Or by some other field that I never added or mapped? It’s all fine and good to add fields later, but that data won’t exist in your historical records. Save yourself the headache now – talk to your users who will be reporting on the snapshots, and make sure to include every field that has even a slight chance of being used in future reporting.

Note: Lookup fields cannot be pulled into the source object for a reporting snapshot. If you want something like Record Type included in your snapshot, you will need to create a formula field on the original object (in my example, the opportunity) that displays the ID of the record referenced in the lookup. Then create a text field in your target object, and map the record type ID to that field.

Pitfall #3: No way to compare record IDs

At some point, you may want to compare snapshot records with actual records. Or you may have a snapshot report that you compare against an opportunity (or other object) report, but some records are missing from one of the reports.

Note: If you find discrepancies, or you suspect that the snapshot is not capturing all data, go directly to the snapshot and scroll down to Run History – this will show you if there were any failures during the scheduled snapshot.

Do yourself a favor, and add the 18-character record ID to your reporting snapshot. It will enable you to pull snapshot records and records from your source object, and compare them in Excel with a V-lookup to quickly locate discrepancies.

If you have not created an 18-character record ID before, here are instructions for adding it to any object. You will then want to:

  • Add it to the object in your source report, and add it as a column in the report.
  • Add it to your target object as a text field.
  • Go to the reporting snapshot, and map it in your field mappings.

Whether you are creating your first Reporting Snapshot or managing existing snapshots, these best practices will save you some trouble down the road as different people in your organization find different ways to look at the data you are capturing in those snapshots. Implement them now, not later. Happy reporting!

Why I Love My Local Community

In case you haven’t heard, Forcelandia is almost here! What is Forcelandia? For those who don’t know yet, Forcelandia is a one-of-a-kind conference put on by the Portland Developer User Group and the Portland Salesforce Women in Tech group. The first Forcelandia was just last summer, was held at a small local brewery, and was booked to capacity. This year there is a slightly larger venue, but it will still be an intimate event in a cool local spot.

With Forcelandia almost here, I’ve been reflecting on my local community and how amazing it is. Most of my blog posts are about pieces of Salesforce functionality that inspire me, but the local Salesforce community inspires me just as much – so I wanted to share what makes it so great!

It’s a connection.

I am a huge fan of the Salesforce Success Community because it connects me with other Salesforce admins/developers/users all over the world. Local user groups are a piece of the Success Community pie, but in person! I began attending the Portland User Group about five years ago, as a solo admin. I didn’t have other admins in the office, my boss worked remotely, and I just wanted to geek out about Salesforce with other people. I’m still attending, and still geeking out! Two of my favorite admin jobs that I’ve ever had would not have been possible without the people I met at my very first few user group meetups (shout-out to Angela and John!).

It’s a safe place.

We all love Dreamforce, right? I really do love it, and this year will be my 9th Dreamforce in a row! But I’m going to let you in on a little secret – I’m an introvert. I get anxious in huge crowds. This is one of the reasons I love my local community groups. I may never speak publicly to hundreds of people – but my User Group and my Women in Tech group have really built up my confidence, and I have presented at both groups. (If you knew me five years ago, you know that this is a bit of a miracle.) Local user groups are such a great place to ask questions, build your skills, and voice your opinions without judgment.

It’s SO MUCH INSPIRATION.

One of the reasons I have worked with Salesforce so long – and still love it – is because it is constantly evolving. One of the things I love about my community groups is, it’s way more fun than reading release notes by myself! We demo our own personal tips & tricks. We talk about new features. We tell each other about our favorite tools and AppExchange apps. We share workarounds for common problems. We inspire each other, live and in person, and there is simply no substitute for that.

If you have not attended a local User Group, it’s never too late to start! Look for your local User Group, Developer User Group, or Women in Tech User Group in the Success Community – and if you don’t see one, ask around. If your area does not have a user group, reach out to the Success Community to start one. Because no one should miss out on the connections, inspiration, and feeling of family that comes from a strong local community.

Want to get more involved in the online Success Community? Check out this blog post.

Want to meet the Portland Salesforce community in person? Register for Forcelandia here!