S-Docs with Multi-Factor Authentication (MFA)

Introduction

Salesforce's MFA requirement and upcoming enforcements applies specifically to User Interface logins. You can read their full guide here: Make sure you’re ready for MFA auto-enablement

Additional security settings can be enabled, but Salesforce cautions that setting Session Security Level Required at Login on the user’s Profile to High Assurance can break your integrations, as asynchronous processes - REST or SOAP API calls - run by a User with this configuration will also be included in the MFA requirement. This includes any Users running S-Doc Jobs - including your S-Sign Integration User - via Mass merge, Flow, Apex, or by generating documents that include JOB_SPLITTERS. Instead of setting High Assurance in the Profile of any Users running asynchronous processing, keep MFA in the "High Assurance" section under Setup > Session Settings > Session Security Levels (default setting).

Salesforce help article: "Impact of "Session Security Level Required at Login" set to "High Assurance" on asynchronous processing"

Learn when "Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org" will be turned on for your org: Using the Salesforce Trust site

Fix user Profiles blocked from S-Doc Jobs

Navigate to the Setup menu, type "Profiles" into the QuickFind bar, and click Profiles in the dropdown menu. Then, click Edit next to the appropriate profile name.

Scroll down to the Session Settings section, and ensure the Session Security Level Required at Login is set to None (not High Assurance).

Note: All profiles initiating S-Docs Jobs must have the Session Security Level Required at Login set to None.

Setting Up MFA in Session Settings

Setting up MFA in Setup > Security > Session Settings (as shown below) will not impact S-Docs.

Was this helpful?