How should an Architect force user to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?
A.
Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
B.
Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
C.
Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
D.
Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.
Using Custom Login Flows with Apex is the best option to force users to authenticatewith 2FA for Salesforce only when not connected to an internal company network. Custom Login Flows allow admins to customize the login process for different scenarios and user types2. Apex code can be used to detect the user’sIP address and prompt for 2FA if it is not within the company’s network range3. The other options are not suitable because they either do not support 2FA or do not allow conditional logic based on the user’s IP address.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit