Multi-factor Authentication (MFA) for Marketo

There are several ways to harden your instance:

• Marketo does use 2 factor login authentication by default.
• Increase to High Password security [everyone will have to re-set passwords, including API Users if you had one with a login like Kapost]
• Separate Marketo User login for SFDC (don't use a person's login).
• Refine Roles and Permissions ( I have 20+ now)
• Use Workspaces/Partitions to minimize access to sensitive information like Customers by Region or Country.
• SSO - just installed this and it works very well, very easy to setup.
  • One caveat is that some integrations will have to bypass it and you will likely want to let admins bypass (default) which can create some holes.
  • Another that isn't clean in the docs: You must setup a new user + Role manually with the same email address they have in SSO service. Then they can use the SSO to login directly.
  • Sandbox users will have to have a separate login still with a different SSO Setup.
• IP Authentication - VPN Only - this will drive everyone nuts because it will mean you can only login from your onsite locations or force remote employees to VPN in.
• Pay for Encrypted Instance on a secure pod. Little known fact: your DB is NOT encrypted!! Only the connections are.
  • You must ask your Account Manager for details and it's not cheap. It will take at least a weekend to transfer over. I would personally recommend this if you can afford it to minimize risk further.
  • Don't do something stupid like sync SSN and PCI data - Marketo is not the place for that data.