Some time ago, I received some grievances that logging into the Account Manager of Salesforce Commerce Cloud B2C every 15 minutes with Multi-Factor Authentication enabled was not a great experience. Come into life, AutoMaton! This browser extension (currently only Chromium) automatically logs you into your account, even with Multi-Factor Authentication enabled.
In 2020, Salesforce Commerce Cloud B2C announced:
“We will disable local accounts in 2021, and by 2022 everyone has to use Multi-Factor Authentication”.
By any means an excellent decision for ease of use since we would no longer need separate accounts for each environment. And it didn’t affect us as we had already switched entirely to Account Manager (or at least 95%).
The second decision, however, did blow up some dust in the Salesforce B2C Commerce Community. You would have to add a secondary device to your account to log into all environments securely. And again, this is a great decision to secure the Salesforce Commerce Cloud B2C environments that handle sensitive data.
But as it goes, security and usability hardly go hand in hand. Some people may not want to add a company-related application to their device, or in some cases, are banned from bringing any mobile device inside of the office!
Now, looking back, this was not the original reason we created the extension. Some developers (including myself) had to log in to multiple environments more than once an hour, and having to wait for a popup to appear to allow you to log in on your mobile device took more than a few minutes of our day. Coincidentally we also had to start our pre-work for the PWA & Managed Runtime BETA training, in which we had to brush up on our React.JS knowledge.
A new project was born
Rather than doing random training, we decided to do a mini-project that would make our lives a little easier. It will act as your TOTP (Time Base One Time Password) application (e.g., Google Authenticator). So your secondary “device” becomes your browser.
How exactly does it work?
You can also find all documentation on Github!
- Is this secure? Yes, it is. But never as safe as a separate device on your mobile phone. And never leave your computer unlocked when you leave your desk (which you should always be doing).
- This only works for Salesforce Commerce Cloud Account Manager accounts.