As an Account Administrator, you can edit an organization to specify a password
policy, allow your users to link their Account Manager account to an existing account in your
organization in the Salesforce Platform, and specify the multi-factor authentication (MFA)
settings for your organization to add an extra layer of protection beyond a single password
and decrease the risk of account compromise.
To edit an organization:
-
Log into Account Manager.
-
Click Organization.
-
Click the organization you want to edit.
The organization detail page opens.
-
(Optional) In the Organization Name field, modify the
name.
-
(Optional) In the Password Policy section, set the values
for the following fields:
Option |
Description |
Minimum Password Length |
Specifies the minimum length allowed for passwords. In general, the longer
the password, the more secure it is. |
Length of Password History |
Specifies the length of the password history. Passwords that have been
used already are not allowed, and the password history determines how many past
passwords are remembered by Account Manager. |
Days Until Password Expires |
Specifies how long passwords are retained before they expire and must be
reset. |
In addition to the Password Policy settings that you can specify. the following
policies apply:
- Minimum number of alphabetic characters in a password: 1
- Minimum number of digits in a password: 1
- Number of password policy categories that are cross-checked: 2
- Maximum number of failed login attempts until an account is locked for 30
minutes: 6
-
(Optional) In the Identity Federation with Salesforce
Identity section, you can allow your users to link their Account
Manager accounts with their Salesforce accounts in your Salesforce organization to
provide Single-Sign-On (SSO) across your Salesforce products:
- Allowed: Users can choose to link their Account Manager account to Salesforce
Identity
- Enforced: Users are forced to link their Account Manager account to
Salesforce Identity
- Disabled: Users cannot link their Account Manager account to Salesforce
Identity. Already linked accounts cannot login to Account Manager. (Linked users
can be unlinked by resetting their accounts)
- The My Domain Subdomain Name of your organization in Salesforce Core needs to
be specified
- The IP Relaxation for the Connected App Commerce Cloud Account Manager in
your Salesforce Core organization might need to be changed to Relax IP
restrictions.
-
(Optional) In the MFA Verification Method Settings section,
define if you want to allow Salesforce Authenticator as multi-factor authentication
(MFA) method only or if your users can choose between Salesforce Authenticator, TOTP
authenticator apps, and FIDO2-compliant U2F security keys that support web
authentication (WebAuthn).
-
Salesforce recommends that you select MFA enabled for all users in the
organization to enforce multi-factor authentication (MFA) for all
users in your organization. Alternatively, you can enable multi-factor authentication
(MFA) for each role individually.
To enable MFA for a role:
-
Click Add next to MFA User
Settings.
-
Search and select the roles that require multi-factor authentication.
-
To enable multi-factor authentication for the selected roles, click
Add.
To disable MFA for a role, click the trash bin icon next to the role.
-
Click Save.