Some important security changes will take place in Salesforce instances after Summer’26 version upgrade. You will find below a focus on MFA (Multi-Factor Authentication) topic.
This change will take place in Salesforce instances :
- Sandbox : Starting as of June 22nd, 2026
- Production : Starting as of July 20th, 2026
MFA Enforcement for all users
First, MFA will now be enforced for all users. This security change will affect all users logging into Salesforce (via direct UI and SSO logins) both in Production and sandboxes.
- Standard users, already using MFA, will keep on logging with the same MFA experience, and confirming their login in the same Authenticator mobile application that they already use.
- Users logging through SSO, holding a MFA capacity, will keep the same login experience.
However, as MFA will be definitively enforced, System Admin will not be allowed anymore to deactivate MFA, from setup, for certain users. This option will be grayed out in setup.
Resistant MFA Activation for all users
Then, the big news come from a second type of MFA, that will be enforced, for powerful users, in a stricter way after Summer’26 Release.
This more secure « Phishing-resistant MFA » method will concern every « System Admin »-like users, i.e. System Administrator themselves, and users granted with one of the following permissions : Modify All Data, View All Data, Customize Application, or Author Apex.
These powerful users will need to use one of the secure methods to confirm their login :
- Security Keys (WebAuthn / FIDO2), like Yubico’s YubiKey, or Google’s Titan Security Key
- Built-in Authenticators, like Touch ID, FaceID, or Windows Hello.
To correctly handle this change, and avoid service interruption for your users, please follow some practical rules :
- Monitor all users, through setup or login history information, and identify those who do not login through MFA.
- Inform and encourage all concerned users to properly register their MFA configuration, before the security changes are deployed.
- Anticipate the Security Key test / purchase process before Summer vacation. Test and support your Admin-like users with this specific change.
- In case of SSO / MFA configurations / login flow changes, please test all your configurations first in sandbox, before doing it in Production.
To read more on the subject
- Help Article – Prepare for MFA Enforcement for All Employee Users : https://help.salesforce.com/s/articleView?id=005321561&type=1
- Platform’s security-related roadmap : https://help.salesforce.com/s/articleView?id=005317465&type=1