in implementation guides ~ read.
Mc Overview Security Implementation Guide

Mc Overview Security Implementation Guide

DOWNLOAD

First things first !
To download this implementation guide, click the download button below.
If you need more information about the implementation guide, you can read the Table of Contents below.

Download

Security Implementation Guide
Salesforce Spring

salesforcedocs
Last updated November

Copyright Salesforce Inc All rights reserved Salesforce is a registered trademark of Salesforce Inc as are other

names and marks Other marks appearing herein may be trademarks of their respective owners

CONTENTS

Security Implementation Guide
Set Up Security in Marketing Cloud
Security Best Practices for Marketing Cloud

SECURITY IMPLEMENTATION GUIDE

Trust is Salesforces number one value and Marketing Cloud provides a wide variety of security tools and best practices to protect
customer data and preserve that trust Use these security tools to maintain the safety of your data within Marketing Cloud We provide
these tools to mitigate security risks but you must correctly utilize these tools and implement best practices to ensure the safety and
security of your account

Who This Guide Is For
This guide is for Marketing Cloud admins to implement Marketing Cloud security tools and configure specific features This guide also

applies to IT security personnel who are responsible for overseeing the security of a Marketing Cloud implementation

Before You Start
Most of the security settings in this guide are included with all Marketing Cloud accounts Some features such as FieldLevel Encryption
and Tokenized Sending require additional enablement and services Contact your Marketing Cloud account representative for more
information about these additional security features
Set Up Security in Marketing Cloud
Marketing Cloud provides several tools and controls to mitigate security risks This section helps you configure those tools to best
secure your Marketing Cloud account
Security Best Practices for Marketing Cloud
Follow these guidelines to better secure your Marketing Cloud account and data

Set Up Security in Marketing Cloud
Marketing Cloud provides several tools and controls to mitigate security risks This section helps you configure those tools to best secure
your Marketing Cloud account
MultiFactor Authentication for Marketing Cloud

Multifactor authentication MFA enhances your Marketing Cloud login process by adding another layer of protection against

common security threats including phishing attacks credential stuffing and account takeovers With MFA a user must provide two

factors to prove their identity their username and password combination plus a supported verification method before they
can log in to their Marketing Cloud account Even if a users credentials wind up compromised the additional factor helps prevent
unauthorized access
Identity Verification in Marketing Cloud

The Identity Verification IDV security setting in Marketing Cloud requires you to authenticate the browser or app used to access

the application When you attempt to log in the system sends an email with a verification code to the email address associated with
your account Enter the code in the Verification Code field to log in Ensure that all users in your account use valid email addresses
in their user profile

Security Implementation Guide

MultiFactor Authentication for Marketing Cloud

Marketing Cloud Security Settings
Marketing Cloud Security Settings include parameters for session timeout username and password conventions and lockout logic
These features help improve the overall security of your account

Marketing Cloud FTP Accounts

Use FTP accounts to assign FTP privileges to users in your Marketing Cloud account

Login IP Allowlist

A Login IP Allowlist includes a range of IP addresses you define that indicates what IP addresses can access your account to prevent

unauthorized IP addresses from logging into your account Allowlisted IP addresses ranges can access the application

Single SignOn Authentication Via SAML for Marketing Cloud

This feature enables a thirdparty identity provider to authenticate your users to both your internal systems and Marketing Cloud

Currently you can enable a single SAML key per Marketing Cloud account

MultiFactor Authentication for Marketing Cloud

Multifactor authentication MFA enhances your Marketing Cloud login process by adding another layer of protection against common

security threats including phishing attacks credential stuffing and account takeovers With MFA a user must provide two factors to

prove their identity their username and password combination plus a supported verification method before they can log in to
their Marketing Cloud account Even if a users credentials wind up compromised the additional factor helps prevent unauthorized
access

Important Starting with Summer MFA is part of the Marketing Cloud login experience and cant be turned off Each time

users log in with their Marketing Cloud username and password they must also provide a registered verification method See

Register a Verification Method in Your Marketing Cloud Account for details To learn more about the requirement to use MFA see

the Salesforce MFA FAQ

If MFA hasnt been enforced for your tenant yet Salesforce strongly recommends that you enable it on your own as soon as

possible See Enable and Require MFA for Your Marketing Cloud Tenant for details

MFA requires that you add several new IP addresses to your allowlist Review this list for the correct values

MFA for Marketing Cloud supports several types of verification methods

The Salesforce Authenticator mobile app

Security keys that support WebAuthn or UF such as Yubicos YubiKey and Googles Titan Security Key

Timebased onetime passcode TOTP authenticator apps like Google Authenticator Microsoft Authenticator and Authy

Enterprise accounts allow MFA enablement and settings changes at the toplevel account in the tenant Business units can only view

MFA settings in their accounts

Note Marketing Cloud Single SignOn SSO isnt compatible with MFA To satisfy the MFA requirement if you use SSO ensure

that your SSO providers MFA service is enabled for your Marketing Cloud users

Changes to Marketing Cloud Account with MultiFactor Authentication

As of Summer MFA replaces the current Identity Verification feature in Marketing Cloud All users except for SSO users must

authenticate via username password and MFA verification method This setting applies to all users and all physical locations Previously

used Identity Verification allowlists dont apply to MFA login attempts

These settings are inactive in Setup when MFA is turned on The functionality doesnt impact how MFA functions in your tenant

Identity Verification
Business Unit Identity Verification

Security Implementation Guide

MultiFactor Authentication for Marketing Cloud

Browser Verification Code Lifetime
Time a browser can be inactive before requiring verification

Allow machines not on Allowlisted IP Addresses access

Dont require Identity Verification for machines inside the allowlist

Dont require Identity Verification for SSO Logins

To learn more about MFA see these topics

Enable and Require MFA for Your Marketing Cloud Tenant

For most tenants multifactor authentication MFA is integrated with the Marketing Cloud login experience and cant be disabled

If Salesforce hasnt made MFA mandatory for your tenant yet you should do so yourself as soon as possible Follow these steps to

transition from Identity Verification IDV to multifactor authentication MFA in your Marketing Cloud tenant

Register an MFA Verification Method in Your Marketing Cloud Account

Multifactor authentication MFA is required for all Marketing Cloud users and cant be turned off The first time you log in to your

Marketing Cloud account you must register a verification method for MFA The registration process connects the method you choose

to your account You must provide a registered verification method each time you log in The registration process varies depending
on the type of method that you select

Manage Your MFA Verification Methods in Marketing Cloud

Follow these steps to manage the multifactor authentication MFA verification methods for your Marketing Cloud user account

Manage Your Users MFA Verification Methods in Marketing Cloud

If a user loses their multifactor authentication MFA verification method Marketing Cloud admins can disconnect it for them Each

user account must have one registered method for access If the user hasnt registered additional methods theyre prompted to set
up a new method the next time they log in

View MFA Events in Marketing Cloud

You can review a log of all multifactor authentication MFA registration and verification attempts for your Marketing Cloud tenant

This log includes enablement and revocation actions and authentication attempts Marketing Cloud admins can view all events in
a tenant Specific users see only those events related to their account

Generate a Temporary MFA Verification Code for Marketing Cloud

Marketing Cloud admins can generate a temporary verification code for a user who forgot or lost their multifactor authentication

MFA verification method This code is effective for hours The user can enter this code multiple times until hours elapses or

you revoke the code

Marketing Cloud MultiFactor Authentication FAQ

Review some answers to common questions about multifactor authentication MFA in Marketing Cloud

Enable and Require MFA for Your Marketing Cloud Tenant

For most tenants multifactor authentication MFA is integrated with the Marketing Cloud login experience and cant be disabled If

Salesforce hasnt made MFA mandatory for your tenant yet you should do so yourself as soon as possible Follow these steps to transition

from Identity Verification IDV to multifactor authentication MFA in your Marketing Cloud tenant

Note This process requires a Marketing Cloud admin account at the toplevel account of a tenant enabled with these permissions
Administration General Access
Administration Account Update Account and Security Settings

MFA requires that you add several new IP addresses to your allowlist Review this list for the correct values

Security Implementation Guide

MultiFactor Authentication for Marketing Cloud

Before making MFA mandatory for your account communicate the time and date of this change to your users Include information

about the benefits of MFA the importance of adoption and the verification method options in your announcement This advance notice

and guidance helps your users obtain and register their MFA verification methods We recommend that users register multiple verification

options to ensure that they maintain access to their account

To require MFA in your tenant

Log in to your Marketing Cloud account
Hover over your name in Marketing Cloud and click Setup
Click Security and select MultiFactor Authentication
Click Edit
Select Require MultiFactor Authentication
Save your changes
Log out

When MFA is mandatory all users in a tenant must register at least one verification method before they can access their account If a

user doesnt have a registered method theyre prompted to set one up the next time they log in They use that verification method to

prove their identity for each subsequent login See Register an MFA Verification Method in Your Marketing Cloud Account for more

guidance

Register an MFA Verification Method in Your Marketing Cloud Account

Multifactor authentication MFA is required for all Marketing Cloud users and cant be turned off The first time you log in to your

Marketing Cloud account you must register a verification method for MFA The registration process connects the method you choose

to your account You must provide a registered verification method each time you log in The registration process varies depending on
the type of method that you select

Note For most tenants Salesforce has integrated MFA into the Marketing Cloud login experience and it cant be disabled If MFA

hasnt been enforced for your tenant yet Salesforce strongly recommends that you enable it on your own as soon as possible See

Enable and Require MFA for Your Marketing Cloud Tenant for more information

Log in to your Marketing Cloud account

At the MFA prompt click Get Started Marketing Cloud sends a verification code to the email address associated with your Marketing

Cloud account
Paste the code from the email message into the field and click Verify
To register Salesforce Authenticator follow these prompts
a On a mobile device download and install the app from the Apple Store or Google Play
b Select Salesforce Authenticator from the list of verification methods
c Open Salesforce Authenticator then tap Add an Account The app displays a twoword phrase
d On the Connect Salesforce Authenticator screen enter the phrase in the TwoWord Phrase field then click Connect
e In Salesforce Authenticator verify that the request details are correct then tap Connect
f In Salesforce Authenticator tap Approve to log in

To register a USB Lightning or NFC device follow these directions

a Select Security Key from the list of verification methods
b Connect the security key to the computer then click Register

Security Implementation Guide

MultiFactor Authentication for Marketing Cloud

c When prompted by the browser press the button on the security key
d Enter a name for your security key
e Click Save
To register a thirdparty authenticator app such as Authy Microsoft Authenticator or Google Authenticator follow these directions

a On a mobile device download and install a timebased onetime password TOTP authenticator app

b Select OneTime Password Generator from the list of verification methods

c Open the TOTP authenticator app and follow any inapp instructions for adding an account

d Use the authenticator app to scan the QR barcode thats displayed on the Connect an Authenticator App screen If scanning the

QR barcode isnt an option select to manually generate your security key Then enter it in the authenticator app

e On the Connect an Authenticator App screen enter a temporary code generated by the authenticator app in the Verification
Code field then click Connect to log in
For all future logins to your Marketing Cloud account provide your username password and your registered verification method

Note If you use a mobile device for MFA verification make sure that its active to receive the MFA prompt and log in

We highly recommend registering two or more methods so you have a backup if you forget or lose your primary method You can
register one method for each of the verification method types that Marketing Cloud supports Marketing Cloud prioritizes registration
methods in this order
Salesforce Authenticator
Security Key

TOTP Generator App

Manage Your MFA Verification Methods in Marketing Cloud

Follow these steps to manage the multifactor authentication MFA verification methods for your Marketing Cloud user account

Note For most tenants Salesforce has integrated MFA into the Marketing Cloud login experience and it cant be disabled If MFA

hasnt been enforced for your tenant yet Salesforce strongly recommends that you enable it on your own as soon as possible See

Enable and Require MFA for Your Marketing Cloud Tenant for more information

Log in to your Marketing Cloud account
Hover over your name and click Cloud Preferences
In the MultiFactor Authentication section click Register to set up a new verification method for your account Follow the instructions
to complete the process

To stop using a method click Revoke next to the method and click OK You must have one registered method to access your

account
When you log in to your account the next time your account prompts you to provide your verification method

Manage Your Users MFA Verification Methods in Marketing Cloud

If a user loses their multifactor authentication MFA verification method Marketing Cloud admins can disconnect it for them Each user

account must have one registered method for access If the user hasnt registered additional methods theyre prompted to set up a new
method the next time they log in

Security Implementation Guide

MultiFactor Authentication for Marketing Cloud

Note For most tenants Salesforce has integrated MFA into the Marketing Cloud login experience and it cant be disabled If MFA

hasnt been enforced for your tenant yet Salesforce strongly recommends that you enable it on your own as soon as possible See

Enable and Require MFA for Your Marketing Cloud Tenant for more information

Log in to your Marketing Cloud account
Hover over your name and click Setup
Click Users then select User
Click the user record to manage

To disconnect a users registered method click Revoke next to the method and click OK

If you disconnect a verification method the user can register the same method again

View MFA Events in Marketing Cloud

You can review a log of all multifactor authentication MFA registration and verification attempts for your Marketing Cloud tenant This

log includes enablement and revocation actions and authentication attempts Marketing Cloud admins can view all events in a tenant
Specific users see only those events related to their account

Note For most tenants Salesforce has integrated MFA into the Marketing Cloud login experience and it cant be disabled If MFA

hasnt been enforced for your tenant yet Salesforce strongly recommends that you enable it on your own as soon as possible See

Enable and Require MFA for Your Marketing Cloud Tenant for more information

Marketing Cloud users can hover over their name and click Cloud Preferences then click View MFA Events

Marketing Cloud admins can follow these steps
a Hover over your name and click Setup
b Click Security
c Click MultiFactor Authentication

d Click View MFA Events

Generate a Temporary MFA Verification Code for Marketing Cloud

Marketing Cloud admins can generate a temporary verification code for a user who forgot or lost their multifactor authentication MFA

verification method This code is effective for hours The user can enter this code multiple times until hours elapses or you revoke
the code

Note For most tenants Salesforce has integrated MFA into the Marketing Cloud login experience and it cant be disabled If MFA

hasnt been enforced for your tenant yet Salesforce strongly recommends that you enable it on your own as soon as possible See

Enable and Require MFA for Your Marketing Cloud Tenant for more information

Hover over your name and click Setup
Click Users then select Users
Click the user record
Click Generate next to Temporary Code
Copy the temporary code shown on the screen and communicate the value to the user via phone email or similar method
To revoke a temporary code click Revoke next to the code in the user record

Security Implementation Guide

MultiFactor Authentication for Marketing Cloud

Marketing Cloud MultiFactor Authentication FAQ

Review some answers to common questions about multifactor authentication MFA in Marketing Cloud

Effective February MFA is required for all users who access your Salesforce products To learn more about this requirement see

the Salesforce MultiFactor Authentication FAQ

Note As of Summer Salesforce has integrated MFA into the Marketing Cloud login experience for most tenants and it cant

be disabled If MFA hasnt been enforced for your tenant yet Salesforce strongly recommends that you enable it on your own as

soon as possible See Enable and Require MFA for Your Marketing Cloud Tenant for more information

Can I Turn Off MFA for Marketing Cloud

As of Summer multifactor authentication MFA is a permanent part of the Marketing Cloud login experience and it cant be disabled

Note If MFA hasnt been enforced for your tenant yet Salesforce strongly recommends that you enable it on your own as soon

as possible See Enable and Require MFA for Your Marketing Cloud Tenant for more information

If necessary you can disable MFA after you turn it on up until the time that Salesforce enforces MFA for your tenant To learn more

about the requirement to enable MFA see the Salesforce MultiFactor Authentication FAQ

My Tenant Authenticates Using SSO So How Does MFA Apply

To satisfy the MFA requirement for your SSO users ensure that MFA is enabled for your SSO identity provider IdP The multifactor

authentication MFA feature in Marketing Cloud doesnt apply to users who log in to their account via SSO

If you have some users who log in directly to Marketing Cloud instead of using SSO Salesforce has integrated MFA into the Marketing

Cloud login experience for most tenants and it cant be disabled If MFA hasnt been enforced for your tenant yet Salesforce strongly

recommends that you enable it on your own as soon as possible See Enable and Require MFA for Your Marketing Cloud Tenant for more

information

Which MFA Verification Methods Does Marketing Cloud Support

Marketing Cloud supports three types of multifactor authentication MFA verification methods

The Salesforce Authenticator mobile app

Security keys that support WebAuthn or UF such as Yubicos YubiKey or Googles Titan Security Key

Timebased onetime passcode TOTP authenticator apps like Google Authenticator Microsoft Authenticator and Authy

Marketing Cloud admins can also send a temporary verification code to any users who forget or lose their verification methods

Can I Register Multiple MFA Verification Methods

Yes In fact we recommend registering at least two methods so you have a backup available if you lose or forget your primary method
You can register all supported verification methods and use them to log in to Marketing Cloud However you can register only one
method per verification method type For example you could register a single authenticator app and a single security key At the
verification prompt choose another verification method to verify using an alternate verification method
Marketing Cloud prioritizes registration methods in this order
Salesforce Authenticator
Security Key

TOTP Generator App

Security Implementation Guide

MultiFactor Authentication for Marketing Cloud

Can I Use Email as an MFA Verification Method

No Salesforce doesnt support the use of email as a verification method for multifactor authentication MFA

See Register an MFA Verification Method in Your Marketing Cloud Account for the methods that are supported for Marketing Cloud

Does MFA Affect Marketing Cloud API Integrations

No multifactor authentication MFA only affects authentication for users who log in to Marketing Cloud via their browser or the

Marketing Cloud mobile app MFA doesnt affect REST or SOAP API requests

Does MFA Affect Identity Verification Setup

Multifactor authentication MFA automatically replaces the Identity Verification security setting in Marketing Cloud As of Summer

MFA is part of the Marketing Cloud login experience and cant be turned off No additional steps are necessary to remove identity

verification IDV from your account If youre new to MFA there are a few differences from IDV to be aware of

Marketing Cloud doesnt allow accounts to bypass MFA even when IP allowlisting is enabled

Marketing Cloud doesnt support email or SMS as MFA verification methods

When Marketing Cloud MFA is enabled it doesnt apply for users logging in using single signon SSO To satisfy the MFA requirement

if you use SSO ensure that your SSO providers MFA service is enabled for your Marketing Cloud users

Does MFA Affect Marketing Cloud Connect or Distributed Marketing

Marketing Cloud Connect and Distributed Marketing require that a user logs in via a browser during initial configuration This interaction

requires multifactor authentication MFA After this setup these applications keep tokens active via REST API which doesnt require

additional MFA verification to run any automated process

We recommend using an API user account for this connection If the person in charge of maintaining this account leaves your company

we recommend resetting the password and reauthenticating the API user account for a new token A Marketing Cloud admin can send

the new person in charge of maintaining this account a temporary token for the MFA verification If you choose to use a specific persons

account to connect Marketing Cloud Connect and that person leaves your company we recommend using a new account and

reauthenticating the connection using a temporary MFA token

How Does MFA Affect the Allow machines not on Allowlisted IP Addresses access Setting

As of Summer multifactor authentication MFA is a permanent part of the Marketing Cloud login experience and it cant be disabled

Note that if your account uses an IP allowlist to restrict logins to specified IP addresses the Allow machines not on Allowlisted IP

Addresses access setting is no longer supported Users wont be able to log in if they try to access Marketing Cloud from an IP address

thats outside the allowlist

To resolve this issue if the Allow machines not on Allowlisted IP Addresses access setting is selected for your account update the IP

allowlist to include all the IP ranges that users are logging in from You can specify a wider range of addresses that apply only to user

interface logins if you want to keep a more limited range for API interactions

How Does MFA Impact the Marketing Cloud Mobile App

Multifactor authentication MFA applies to logins through the Marketing Cloud Mobile App the same as other logins outside the

mobile app We recommend that users register MFA verification methods through a web application login

Security Implementation Guide

Identity Verification in Marketing Cloud

Are MFA Events Logged

Yes multifactor authentication MFA events are logged In Setup click MultiFactor Authentication and select View MFA Events

Users can review MFA events specific to them Admins can review MFA events for the entire tenant

Can I use All Supported Browsers with MFA

If youre using security keys for your multifactor authentication MFA implementation log in to Marketing Cloud from a browser that

is compatible with the WebAuthn or UF standards WebAuthn is supported in the latest versions of Chrome Firefox Microsoft Edge

and Safari UF is supported in the latest version of Chrome only MFA for Marketing Cloud doesnt support the legacy nonChromium

version of Microsoft Edge

Identity Verification in Marketing Cloud

The Identity Verification IDV security setting in Marketing Cloud requires you to authenticate the browser or app used to access the

application When you attempt to log in the system sends an email with a verification code to the email address associated with your
account Enter the code in the Verification Code field to log in Ensure that all users in your account use valid email addresses in their
user profile

Note Marketing Cloud plans to retire IDV for existing users in the future We recommend enabling multifactor authentication

MFA for your account as soon as possible You can choose from several factors including Salesforce Authenticator authenticator

apps such as Authy and Google Authenticator or security keys such as Yubikey and Google Titan Key Review MFA documentation

for more information After you enable MFA we remove IDV functionality from your account

Identity Verification allows flexibility when setting up your security parameters For example you can require browser verification for all
users or only for users not on an allowlist For each setting define how often users perform the verification process
The verification email contains a code to access Marketing Cloud This email includes the subject Verify your identity in Salesforce
Marketing Cloud and contains your name value from Cloud Preferences The From address is noreplyexacttargetcom Configure these
values via your account settings as part of the From name
To select whether the parent account or the business unit determines the identity verification policy use the Business Unit Identity
Verification menu

To indicate how long the verification code remains valid use the Browser Verification Code Lifetime menu A code expires when

you generate a new code
To indicate how long your browser can remain inactive when using Marketing Cloud before requiring another identity verification code
use the Time a browser can be inactive before requiring reverification menu
Select Do not require Identity Verification for machines inside the allowlist to permit access for trusted machines with allowlisted

IP addresses Users on the allowlist do not receive email messages requiring verification

Tip When you select the Do not require Identity Verification for machines inside the allowlist checkbox the Login IP

Allowlist feature does not log these events as violations
Enable Identity Verification

Enable Identity Verification IDV in Marketing Cloud under Security Settings

Review Identity Verification Log

Review the Identity Verification IDV Log in Marketing Cloud under the Security menu

Identity Verification Troubleshooting
Review troubleshooting for Identity Verification in Marketing Cloud

Security Implementation Guide

Identity Verification in Marketing Cloud

Enable Identity Verification

Enable Identity Verification IDV in Marketing Cloud under Security Settings

Marketing Cloud plans to retire IDV for existing users in the future We recommend enabling multifactor authentication MFA for your

account as soon as possible You can choose from several factors including Salesforce Authenticator other authenticator apps such as

Authy or Google Authenticator or security keys such as Yubikey and Google Titan Key Review MFA documentation for more information

After you enable MFA we remove IDV functionality from your account

In the app switcher hover over your name and click Setup
Click Security under the Security heading
Click Security Settings
Click Edit
Enter these settings
a Business Unit Identity Verification Choose whether Identity Verification uses settings inherited from the parent account or
uses settings specific to the business unit
b Browser Verification Code Lifetime Select the time period for the verification code to remain active
c Time a browser can be inactive before requiring reverification Select the time period a browser can go without accessing
Marketing Cloud before requiring a new Identity Verification process This setting applies only to days of inactivity For example
if you set this field to seven days a user only reverifies their identity if that user does not log in for seven days
d Do not require Identity Verification for machines inside the allowlist If you choose this setting and a user attempts to

log in from a allowlisted IP address the system uses the IP address to verify the user browser If you choose this setting and the

user attempts to log in from a nonallowlisted IP address the user must verify their identity via email If you do not choose this

setting the user must verify their identity via email regardless of IP allowlisting status if Allow machines not on Allowlisted

IP Addresses access is selected

Click Save
If you select Use Business Unit Setting the settings apply only to the specified business unit If you select Use Enterprise Setting the
settings inherit from the parent business unit Review identity validation activity by clicking Identity Verification Log under
Security

Review Identity Verification Log

Review the Identity Verification IDV Log in Marketing Cloud under the Security menu

This log contains all activities by users authenticating through the Identity Verification feature

Marketing Cloud plans to retire IDV for existing users in the future We recommend enabling multifactor authentication MFA for your

account as soon as possible You can choose from several factors including Salesforce Authenticator other authenticator apps such as

Authy or Google Authenticator or security keys such as Yubikey and Google Titan Key Review MFA documentation for more information

After you enable MFA we remove IDV functionality from your account

In the app switcher hover over your name and click Setup
Click Security
Select Identity Verification Log to review information

Identity Verification Troubleshooting
Review troubleshooting for Identity Verification in Marketing Cloud

Security Implementation Guide

Marketing Cloud Security Settings

Note Marketing Cloud plans to retire IDV for existing users in the future We recommend enabling multifactor authentication

MFA for your account as soon as possible You can choose from several factors including Salesforce Authenticator other

authenticator apps such as Authy or Google Authenticator or security keys such as Yubikey and Google Titan Key Review MFA

documentation for more information After you enable MFA we remove IDV functionality from your account

Troubleshooting
Follow these steps if a user does not receive an Identity Verification email message when attempting to log in to their account
Check any available spam folder for that message
Confirm that the request uses the correct username and email address
Confirm that your account contains the correct username and email address for that user
If you check these issues and still do not receive the email message submit a case using Salesforce Help

Marketing Cloud Security Settings
Marketing Cloud Security Settings include parameters for session timeout username and password conventions and lockout logic
These features help improve the overall security of your account

Session Settings
Session Timeout controls how long the application remains open in a browser before the system automatically logs out Setting a short
session timeout makes it harder for unauthorized users to access your account For example if you log in and then walk away from the
computer the session times out This step prevents someone else from using that computer to access the account Marketing Cloud
determines user inactivity based on the amount of time elapsed since the user interacted with the user interface
Consider a minute Session Timeout as a best practice

Username and Logins
The Login Expires After Inactivity setting prevents users from logging in after the number of days that you select For example if you
select days and a user tries to log in after days of inactivity theyre disabled To reinstate access reset their login information This
setting helps prevent unauthorized users from exploiting old accounts We recommend a time period of days

We dont recommend this setting for API users Otherwise API users are required to log in via the UI to avoid login expiration To avoid

login expiration for API users adjust your Login Expires After Inactivity policy or ensure that each user has a successful UI login within

your policy timeframe
Note Set the value to days or fewer as a best practice
The Invalid Logins Before Lockout determines how many chances a user gets to enter the correct password for a username Too many
incorrect attempts require the user to reset the password This setting helps prevent unauthorized users from repeatedly guessing a
password
When the application locks an account that user cant access their account or request an activation code until the administrator unlocks
that account
Note Set the value to as a best practice

The Minimum Username Length setting determines how many characters a username must include A longer username makes guessing

the value more difficult

***