Does the sync user comply with Salesforce's MFA requirements for System Administrators?

Yes. Our integration is fully compatible with Salesforce's MFA requirements, including the Summer '26 standard requiring phishing-resistant MFA for privileged users such as System Administrators. The sync user never logs in to Salesforce interactively, so there is no login event for MFA to protect.

Why the sync user has no login history: The primary sync is a scheduled Apex job that runs natively inside your Salesforce org. It makes outbound callouts to the Emma API using API keys stored in a protected setting within Salesforce. No username, password, or browser session is involved, which is why you won't see regular entries in the sync user's login history.

Why it doesn't appear as a Connected App: Connected Apps represent external software logging into Salesforce via the API. Our integration is a native managed package. It never authenticates into Salesforce from the outside, so no Connected App entry or Salesforce OAuth token exists for it.

Where MFA does apply: Salesforce's MFA requirements cover interactive logins. The administrator who manages the integration logs in to Salesforce as normal, with their own MFA, to access the general settings. When you first connect Emma, or change the connected account, the administrator enters the Emma account ID and API keys in the setup wizard. There is no separate Emma login step during the sync itself.

Note: You can keep MFA registered on the sync user's account. It simply isn't exercised by the sync, because the sync performs no login.

Related Articles

In this article

Contact us