What options are available to reduce the additional friction introduced by MFA?
Use Salesforce Authenticator app as your verification method to simplify your MFA experience.
The app can automate the extra authentication step when a user works from a trusted place, like the office or home, which means users don't have to touch their phones when they log in from these locations. Users can set this option for themselves:
First, register Salesforce Authenticator as your MFA verification method. Ensure that the app is allowed to use location services.
Automated verification works best when Salesforce Authenticator always has access to your precise location and is allowed to run in the background. Your mobile device's location data doesn't leave the app. Allowing access to your location lets you automate MFA logins when you're working at your office, home, or other trusted location.
When you log in to Heroku and respond to a notification from Salesforce Authenticator by opening the app on your mobile device, the app shows your current location.
If you recognize the details, and you're in a location you trust, switch on Always verify from here and tap Approve.
When you log in to Heroku again from the same location, the Salesforce Authenticator app automatically verifies the activity for you. You need your mobile device with you, but you don't receive an app notification.