TwoFactorMethodsInfo is a Salesforce object that tracks registered identity verification methods for users. Important access and usage caveats make it essential for admins and developers to understand.
What is TwoFactorMethodsInfo?
The TwoFactorMethodsInfo object stores information about the identity verification methods (MFA methods) that users have registered in Salesforce. It provides visibility into which methods are available for a user, helping administrators manage MFA and audit user verification settings.
Access and permission
Only users with the system permission Manage MFA in API can access this object via API. Without this permission, queries or DML against TwoFactorMethodsInfo will be blocked.
Important limitation
Performing a DML operation and a query on TwoFactorMethodsInfo within the same API call leads to an error. Treat read and write operations separately when interacting with this object to avoid runtime failures.
Practical recommendations
- Grant the Manage MFA in API permission to service accounts or admins only when required.
- Separate read and write logic into distinct transactions or API calls — do not mix a SOQL query and DML for TwoFactorMethodsInfo in the same call.
- Use this object for audits, reporting on registered verification methods, and building admin tools that help diagnose MFA issues.
Use cases
TwoFactorMethodsInfo is useful for:
- MFA audits and compliance reporting
- Admin tools that display user-registered verification methods
- Automated checks that validate expected MFA enrollment across users (run as separate read-only jobs)
Reference
Official documentation: TwoFactorMethodsInfo (Salesforce Object Reference)
Why this matters: Understanding TwoFactorMethodsInfo helps Salesforce admins and developers manage MFA more effectively, avoid API errors, and build safer automation around user verification data.