Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
Full Identity Verification Settings entry
How-to guide

Configure Identity Verification Settings

Configuring Identity Verification Settings is a tuning exercise: pick allowed methods, set the trust window, configure user populations, and confirm interaction with related security features. The steps below cover the full setup.

By Dipojjal Chakrabarti · Founder & Editor, Salesforce DictionaryLast updated May 19, 2026

Configuring Identity Verification Settings is a tuning exercise: pick allowed methods, set the trust window, configure user populations, and confirm interaction with related security features. The steps below cover the full setup.

  1. Open the settings

    Setup > Identity > Identity Verification Settings. The page shows allowed methods, trust window, and population controls.

  2. Review allowed methods

    Check which verification methods are enabled. For most orgs: enable Salesforce Authenticator, SMS, and email; consider FIDO for high-security needs.

  3. Decide on email-only restriction

    For tighter security, disable email-only verification. Users must register Authenticator or another stronger method. Communicate this change before disabling.

  4. Set trust window

    Tune the trust window. Default 7 days suits most B2B orgs; regulated industries may set 1 day; user-friendly orgs may extend up to the maximum.

  5. Configure user population

    Confirm verification applies to all users by default. Tightening to specific profiles is uncommon and usually only a transitional state during MFA rollout.

  6. Cross-check Login IP Ranges

    Review per-profile Login IP Ranges. Trusted office networks should be listed; misconfigured ranges produce too-frequent verification prompts.

  7. Verify MFA enforcement separately

    Confirm MFA is also configured. The two features are separate; one without the other leaves gaps.

Key options
Allowed methodsremember

Email, SMS, Authenticator, FIDO, TOTP. Pick the methods available to users.

Trust window durationremember

How long a verified device stays trusted. Configurable; 7-day default.

User populationremember

Which users are subject to verification. Default org-wide.

Email-only restrictionremember

Disable email-only verification to require stronger methods.

Login IP Range integrationremember

Per-profile IP allow-lists that skip verification on trusted networks.

Gotchas
  • Settings here do not include MFA configuration. MFA lives under Multi-Factor Authentication Assistant; ensure both are enabled for full coverage.
  • Disabling email-only verification can lock out users who only registered email. Plan the change with a communication window for users to register additional methods.
  • Trust window applies per-device-per-browser. Users clearing cookies or switching browsers see frequent prompts despite the trust window setting.
  • Login IP Range misconfiguration is the most common cause of "too many verification prompts" complaints. Audit IP Ranges before adjusting Settings.
  • Admin reset of verification is the recovery path. Document the process; an undocumented reset path leaves help desk teams stranded.

See the full Identity Verification Settings entry

Identity Verification Settings includes the definition, worked example, deep dive, related terms, and a quiz.