How to Add Account in Salesforce Authenticator

You open Salesforce. There’s a new login prompt asking you to verify your identity. You scramble for your phone, realise the Authenticator app isn’t set up yet, and suddenly a 2-minute login turns into a 20-minute panic.

Sound familiar?

Adding your account to Salesforce Authenticator takes less than five minutes — but only if you know exactly what to do. This guide walks you through every step, every screen, and every gotcha so you never get locked out again.

What Is Salesforce Authenticator?

Salesforce Authenticator is Salesforce’s official two-factor authentication (2FA) mobile app. It adds a second layer of security on top of your username and password — so even if someone steals your credentials, they still can’t get in without your phone.

It works by sending a push notification or generating a time-based one-time password (TOTP) every time you log in.

Why does this matter?

• 81% of data breaches are caused by weak or stolen passwords (Verizon Data Breach Investigations Report)
• Two-factor authentication blocks 99.9% of automated account attacks, according to Microsoft
• Salesforce itself reports that accounts with MFA enabled are significantly less likely to be compromised
• As of February 2022, Salesforce mandated MFA for all customers accessing its products

If you’re using Salesforce — as a sales rep, a manager, an ops lead, or an admin — setting up Salesforce Authenticator isn’t optional anymore. It’s required.

What You Need Before You Start

Before diving in, make sure you have:

• A Salesforce account (any edition)
• A smartphone — iOS or Android
• The Salesforce Authenticator app installed (free on App Store and Google Play)
• Internet access on both your phone and your computer
• Admin permissions (only needed if setting this up for another user)

That’s it. No special hardware, no IT ticket required.

How to Add Your Account in Salesforce Authenticator

Step One — Download the App

Head to the App Store (iOS) or Google Play Store (Android) and search for “Salesforce Authenticator.” Download and install the free app from Salesforce.com, Inc.

Open the app once it’s installed. You’ll land on a clean welcome screen.

Step Two — Go to Your Salesforce Security Settings

On your desktop or laptop, log into your Salesforce org.

Navigate to:

Your Name / Avatar (top right) → Settings → My Personal Information → Advanced User Details

Scroll down until you see the section labelled “App Registration: Salesforce Authenticator.”

Click “Add” next to it.

Step Three — Get Your Two-Word Phrase

After clicking Add, Salesforce will display a two-word phrase on your screen — something like “cloud orbit” or “river stone.”

This phrase is your unique pairing code. It expires within a short window, so move quickly to the next step.

Step Four — Add Account in the App

On your phone, open the Salesforce Authenticator app.

Tap “Add an Account.”

You’ll be prompted to enter the two-word phrase shown on your Salesforce screen. Type it in carefully — the words are case-insensitive but must match exactly.

Tap “Add.”

Step Five — Approve the Connection

The app will now show a confirmation screen with your username, company name, and location.

On your Salesforce browser window, click “Connect.”

The app will push a notification asking you to approve. Tap “Approve” on your phone.

Done. Your account is now linked.

Verify It Worked

After connecting, Salesforce will ask you to verify the setup by completing a test login. You’ll receive a push notification on your phone — tap “Approve” one more time.

You should see a success message in Salesforce confirming that the Authenticator is now connected to your account.

From this point forward, every login will send a push notification to your phone for you to approve.

Enabling Automated Approvals (Optional but Useful)

Once you’re set up, Salesforce Authenticator offers an Automated Approvals feature. This uses your phone’s location to automatically approve logins from trusted locations — like your office or home network — without requiring you to manually tap every time.

To enable it:

1. In the Salesforce Authenticator app, tap the account you just added
2. Tap “Automated Approvals”
3. Tap “Add a Trusted Location”
4. Allow location access when prompted
5. Confirm your current location as trusted

Important: Automated Approvals only work if your phone’s location services are enabled. Salesforce does not store or share your location data — it’s processed locally on your device.

How to Add Multiple Accounts

Working across more than one Salesforce org? You can add multiple accounts to a single Salesforce Authenticator app.

Simply repeat the process above for each org. The app supports multiple accounts and displays them in a list so you can manage approvals separately.

Each account shows its username and instance URL, so you’ll always know which org you’re approving access to.

What to Do If the Two-Word Phrase Doesn’t Work

If you type the two-word phrase and get an error, here’s what to check:

Phrase expired — The phrase has a short lifespan. Go back to Salesforce, click Remove next to the Authenticator registration, then click Add again to generate a fresh phrase.

Typo in the phrase — Double-check each word. One wrong letter and it won’t connect. The words appear clearly on screen — copy them carefully.

App version outdated — Make sure you’re running the latest version of Salesforce Authenticator from your app store.

Wrong account in the app — Ensure you’re adding to the right Salesforce environment (production vs. sandbox). Sandboxes and production orgs need separate registrations.

How to Remove or Reset Salesforce Authenticator

Changing phones? Lost your device? Need to reset?

An admin can disconnect your Authenticator by navigating to:

Setup → Users → [Your Name] → App Registration: Salesforce Authenticator → Disconnect

Once disconnected, you can reconnect using the same steps above on your new device.

If you are the admin and have locked yourself out, contact Salesforce Support directly to verify your identity and regain access.

Setting Up Salesforce Authenticator for Another User (Admin Guide)

If you’re an admin configuring this for someone on your team:

1. Go to Setup → Users
2. Click the user’s name
3. Scroll to App Registration: Salesforce Authenticator
4. Click Add — a two-word phrase will appear
5. Share this phrase securely with the user
6. Have them open their Salesforce Authenticator app and enter the phrase
7. They approve from their device, you confirm from the admin panel

This process keeps the account secure — only the person with the physical phone can complete the connection.

Salesforce Authenticator vs. Other MFA Methods

Salesforce supports several MFA methods. Here’s how they compare:

Salesforce’s own recommendation is the Salesforce Authenticator app for standard users due to its push notification convenience and deep integration with Salesforce’s trust infrastructure.

According to NIST guidelines, app-based authenticators are considerably more secure than SMS-based OTPs, which remain vulnerable to SIM-swapping attacks — a threat that has affected over 2,000 telecom customers in documented cases.

Key Security Stats That Make MFA Non-Negotiable

The numbers don’t lie:

• 63% of confirmed data breaches involve leveraging weak, default, or stolen passwords
• MFA can prevent up to 99.9% of account compromise attacks (Microsoft Security)
• Only 28% of people used MFA in 2019 — by 2023, adoption surpassed 57% among enterprise users
• The average cost of a data breach reached $4.45 million in 2023 (IBM Cost of a Data Breach Report)
• Salesforce’s Trust & Safety team reports that enforcing MFA cut phishing-related account takeovers by a significant margin

Setting up Salesforce Authenticator isn’t just a technical task. It’s protecting your pipeline, your contacts, your deals — everything living inside your CRM.