Why does Bullhorn need to implement another login method for their Support User?

At the moment, the Connexys Admin user which is used for Support purposes is stored in a highly-secure password manager accessible to restricted Bullhorn employees only. We will be transitioning to a different MFA-compliant authentication mechanism which aligns with all our Salesforce products.  Password managers do not provide the enhanced login security that MFA requires. In order to secure the Connexys Admin user, we will adjust our login method before February 1 2022.

How will Bullhorn adhere to Salesforce’s MFA requirements?

Bullhorn will set up a SSO connection including MFA on all known Production and Sandbox environments. This SSO connection will be used by the Connexys Admin user only.

Is there anything I need to assist with to complete this setup?

Setting up the SSO connection will be carried out by the Bullhorn team and may require assistance from your side. This is only the case if you set up MFA before we carry out the steps on our end. MFA would have to be disabled for our Connexys Support User temporarily to carry out the setup.

SSO is based on temporary certificates, what happens when a certificate expires?

If this happens, Bullhorn will make sure to refresh the certificate and regain access to your environment. Please do note that you need to Grant Login Access to the Connexys Support team if the certificate needs to be updated.

Will this solution keep the Support User password from expiring?

Setting up this solution will not keep the Connexys Support User password from expiring. If this happens, we will kindly ask you to temporarily disable the MFA solution you have in place for our Connexys Support User to reset the password.