Definition
Identity Verification History is a Setup page that maintains a log of all identity verification attempts in the org, including the verification method used, the result (success or failure), the user involved, and the activity that triggered the verification. This helps administrators monitor MFA compliance and troubleshoot access issues.
Real-World Example
The security team at TechNova reviews Identity Verification History and notices that a user had 15 failed verification attempts in one hour using SMS codes. The security admin contacts the user and discovers their phone was stolen. She immediately revokes the user's sessions, disables SMS as a verification method for that user, and resets their credentials.
Why Identity Verification History Matters
Identity Verification History is a Setup page in Salesforce that maintains a comprehensive log of all identity verification attempts across the organization. Each entry records the user, the timestamp, the verification method used (Salesforce Authenticator, TOTP, SMS, email, or security key), the outcome (success or failure), and the specific activity that triggered the verification, such as login from a new device or a high-assurance action. This audit trail is essential for security teams monitoring MFA adoption and compliance, as it reveals which users are successfully authenticating, which are experiencing failures, and which methods are most commonly used. The log provides granular visibility into the verification landscape that aggregate dashboards cannot offer.
As MFA compliance becomes mandatory and security audits grow more stringent, Identity Verification History becomes a critical resource for both incident response and compliance reporting. When a security incident occurs, the history log enables investigators to trace the exact sequence of verification events, identifying whether an account was compromised, when the breach occurred, and what method was used. For compliance frameworks, the log serves as evidence that MFA is actively enforced and functioning. Organizations should proactively monitor the history for anomalies like a surge in failed attempts for a specific user, which could indicate a stolen device or active attack. The TechNova example of detecting 15 failed attempts that led to discovering a stolen phone demonstrates how this log can trigger rapid incident response.
How Organizations Use Identity Verification History
- TechNova Security — TechNova's security team reviewed Identity Verification History and discovered a user had 15 failed SMS verification attempts in one hour. Contacting the user revealed their phone was stolen. The security admin immediately revoked all active sessions, disabled SMS as a verification method for that user, reset their credentials, and registered a new device, preventing any unauthorized access.
- ComplianceFirst Bank — ComplianceFirst Bank exports Identity Verification History monthly to satisfy regulatory audits that require evidence of MFA enforcement. The reports show 99.7% MFA success rates, with the 0.3% failures attributed to expired TOTP tokens and network timeouts. The consistent high success rate demonstrates effective MFA adoption across the organization.
- ShieldCorp Defense — ShieldCorp Defense uses Identity Verification History to track MFA adoption metrics by department. When the marketing department showed only 60% MFA registration compared to 95% in engineering, the security team targeted marketing with additional training. Within 2 weeks, marketing's MFA adoption reached 93%, identified through the history log's verification attempts for newly registered devices.