Definition
Identity Verification Settings is a configuration area in Salesforce Setup where administrators manage the behavior and parameters of a particular platform feature. Adjusting these settings allows organizations to fine-tune how Salesforce operates without writing code.
Real-World Example
a Salesforce administrator at Coastal Health uses Identity Verification Settings to maintain data quality and enforce organizational policies across the platform. By properly setting up Identity Verification Settings, they prevent common data entry errors and ensure that users follow established business processes, which saves the support team hours of cleanup work each week.
Why Identity Verification Settings Matters
Identity Verification Settings is a configuration area in Salesforce Setup where administrators define the policies and parameters that govern how identity verification behaves across the organization. From this page, admins can enable or disable specific verification methods (Salesforce Authenticator, TOTP apps, SMS, email, security keys), set session security levels, configure which actions require elevated verification, and manage device registration policies. These settings determine the balance between security and user convenience, allowing organizations to enforce strong authentication without creating excessive friction. For example, admins can allow trusted devices to skip verification for a defined period while still requiring fresh verification for sensitive operations.
As security requirements evolve and organizations respond to new threats, Identity Verification Settings provides the flexibility to adapt policies without code changes. A company that initially deployed SMS verification can progressively tighten security by enabling Salesforce Authenticator as the primary method and deprecating SMS, all through settings changes. Organizations that do not regularly review and update these settings risk running outdated policies that either provide inadequate security or create unnecessary friction. Best practice includes quarterly reviews of verification settings, removing deprecated methods, adjusting trusted device windows, and ensuring that high-assurance actions like export, modify all, and admin operations require the strongest available verification method.
How Organizations Use Identity Verification Settings
- Coastal Health Systems — Coastal Health configured Identity Verification Settings to require Salesforce Authenticator as the primary method for all users and disabled SMS verification after a security audit flagged it as insufficient. They set the trusted device window to 7 days for clinical staff, meaning nurses only need to verify once per week from their assigned workstation, reducing daily friction while maintaining HIPAA compliance.
- PrecisionTech Manufacturing — PrecisionTech updated their Identity Verification Settings to require security key verification for any user accessing the Setup menu or performing bulk data operations. Standard users continue using TOTP apps for daily login. This tiered approach protects the most sensitive admin operations with the strongest verification while keeping daily workflows efficient.
- MetroCity Government — MetroCity Government uses Identity Verification Settings to enforce strict verification policies for their public safety department while applying lighter policies to parks and recreation staff. Public safety users must verify with a security key every login, while parks staff can use email verification with a 14-day trusted device window, matching the security profile of each department's data sensitivity.