Product & Engineering

October 12, 2021 Ganesh Umapathy

Top 5 Considerations When Enabling MFA for Tableau Online and Other Salesforce Products

Customer trust is essential for businesses to succeed, which Salesforce is putting into practice with a future requirement for all customers to enable multi-factor authentication (MFA). Beginning February 1, 2022, Salesforce customers will be contractually required to use MFA when accessing Tableau Online (and many other Salesforce products).

What Does This Announcement Mean for Salesforce Customers?

With this announcement, Salesforce has recognized the importance and value of MFA when establishing and verifying trust every time a customer accesses their broad portfolio of cloud-based services. 

How Does Salesforce Recommend Customers Get Started to Enable MFA?

Salesforce’s announcement is very clear about what customers can do today to enable MFA as quickly as possible. According to the Salesforce Multi-Factor Authentication FAQ, “MFA is one of the simplest, most effective ways to prevent unauthorized account access and safeguard your data and your customers’ data. We’re requiring customers to implement MFA to help mitigate the risks stemming from threats like phishing attacks, credential stuffing, and compromised devices.”

Customers who already authenticate their users via single sign-on (SSO), or who want to move to SSO, can enable MFA for their SSO identity provider when accessing their Tableau Online sites. Additionally, TableauID with MFA is available for customers who do not use SSO or have admins or other site users hosted by TableauID.

“Deploying Duo is the easiest and fastest way to comply with the Salesforce MFA requirement to protect access to Tableau and other cloud-based applications.”

What Is the Most Efficient Way to Meet Compliance With This Requirement? 

Because the runway is rather short, time is of the essence. We recommend following these five tips to accelerate the rollout of MFA for Tableau (as well as any of your other applications):

1. Prioritize interoperability and ease of integration. Chances are, Tableau is just the first of several cloud-based applications you may want to protect with MFA. For example, you may have on-premises apps that could also benefit from MFA. Legacy MFA solutions traditionally fail to integrate across disparate applications in an on-premises and cloud environment, causing inconsistencies and user confusion. 
   
   Duo MFA protects apps wherever they are — on-premises or in the cloud.
   
   

2. Meet your users where they are, securely. Remote work has led to a rise in the usage of bring your own device (BYOD) and unmanaged devices, which increases the risk of compromised devices. And legacy MFA products often can’t accommodate broad sets of users located outside of the corporate network — including remote workers, third-party vendors, contractors and more. These limitations impact business resiliency and often lead to users bypassing any security controls that get in the way of their work. 
   
   Duo Device Trust protects access to apps from unmanaged devices as well as managed devices.
   
   

3. Avoid the need for additional form factors. Traditional MFA solutions require additional security tokens and hardware that don't support all use cases (offline, no cell service, etc.), which results in decreased user adoption and gaps in your organization’s security posture. 
   
   Duo Push does not require additional tokens or hardware, and it works within your existing ecosystem (especially the device you carry in your pocket). 
   
   

4. Make it easy for admins to roll out MFA quickly and for users to adopt quickly. Older MFA solutions often require extensive admin management to enroll users, manage authentication devices, and remediate lost or stolen devices. Because Duo MFA is Duo-hosted and delivered from the cloud, there’s no need to spin up servers. Automated sign-up options, such as user self-enrollment and Active Directory sync, allow for scalable user provisioning. Duo MFA easily integrates with thousands of applications, services and identity providers. With the easiest multi-factor authentication, users can tap a button to approve Duo Push, a push notification on their phones to verify their identity.
   
   Duo combines the best of both worlds: easy for admins and users; secure and scalable for businesses.
   
   

5. Consider a consolidated approach with a long-term view. This is a great time to evaluate long-term projects and requirements, such as ensuring support for new applications being onboarded, enabling SSO, and tightening access policies with a centralized access management tool. Duo is more than a leader in the MFA market — we also offer functionality that goes beyond authentication to protect and secure access to your business’ critical applications. For example, Duo Access edition enables our customers to verify device trust before gaining access to their applications, and empowers users to remediate device issues on their own. Plus, Duo SSO can ease the transition to MFA by providing a place for users to log in once to access all the apps they need to get business done.
   
   Duo simplifies trusted access by consolidating MFA, SSO, device trust and deep visibility into a single solution. With Duo’s Passwordless Authentication capabilities, it’s even easier to protect access to the apps that drive your business.

Deploying Duo is easy and fast to deploy. Whether you’re interested in protecting access to Salesforce, Tableau Online or other applications, each of our editions satisfies the MFA requirement. 

Resources

• Salesforce Multi-Factor Authentication FAQ

• Multi-Factor Authentication and Tableau Online

• Cisco - A Duo Customer Story: How Cisco onboarded more than 100,000 users with Duo MFA

Try Duo for Free

Want to test it out before you buy? Try Duo for free using our 30-day trial and get used to being secure from anywhere at any time.