Salesforce SMS Identify Confirmation

Salesforce has recently rolled out a change that affects the default identity confirmation setting and user confirmation process for your org(s). They began this change in March, issuing a new CRUC (CRitical Update Console - ) that automatically applied May 1st.

Identity Confirmation comes into play when you are logging into an org for the first time either from a new device or from a new location. When doing so, you'll be prompted with this screen after putting in your password:

Receiving this verification code by email was the default setting. After the critical update, the default method for receiving the code was by SMS. After the update was applied, upon logging in again, you may have been prompted with this screen:

That screen will only appear for users that don't have a verified mobile phone listed on their user record. After providing it and clicking on the "Send me a text message," the user will receive a short numeric code via text message. If a user doesn't have a mobile phone, they can decline, using the "No thanks..." link and continue to use email verification.

After receiving your code, return to your Salesforce login and enter the code. You won't have to do this again unless you log in using a new device or from a new location.

Take note that there is a new System Permission that will allow you to enable email-based identity confirmation for users (those w/ verified phone numbers). This is useful in those scenarios where a user suddenly does not have access to their text messages. This can be applied within a profile or within a permission set (recommended):

More details from Salesforce here: