To register and connect a Built-In Authenticator:
  1. Go to your Salesforce product’s login screen in a supported browser and enter a username and password.
  2. For products built on the Salesforce Platform: Click Choose Another Verification Method in the bottom left corner of the Connect Salesforce Authenticator screen, then select Built-In Authenticator. Select Built-In Authenticator from the list of verification methods for all other products that support this method. 
  3. Click Register.
  4. When prompted, enter the identifier for the built-in authenticator, such as a fingerprint, facial scan, or PIN, to finish logging in.

To log in using a Built-In Authenticator:

  1. In a supported browser, go to your Salesforce product’s login screen and enter a username and password, as usual.
  2. On the identity verification screen, click Verify.
  3. When prompted, enter the identifier for the built-in authenticator, such as a fingerprint, facial scan, or PIN, to finish logging in.

Requirements:
  • The device, OS, and browser must support the FIDO2 WebAuthn standard.
  • The built-in authenticator service must be enabled and set up ahead of time to verify a user’s identity.
  • The user’s device must include a supported fingerprint, iris, or facial scanner for biometric authentication.
  • Works only for logins to the device where the built-in authenticator exists.

Additional notes:
  • Built-in authenticators are supported in Heroku, Marketing Cloud-Datorama, Marketing Cloud-Social, and MuleSoft Anypoint Platform. Additionally, products built on the Salesforce Platform are available as a Beta feature.
  • For products built on the Salesforce Platform: an admin must enable built-in authenticators before users can select this option for MFA.