Salesforce Security Guide

Salesforce Security Guide
Salesforce Security Basics
Authenticate Users
The Elements of User Authentication
Passwords
Cookies
Single Sign-On
My Domain
Two-Factor Authentication
Network-Based Security
Session Security
Custom Login Flows
Single Sign-On
Connected Apps
Desktop Client Access
Configure User Authentication
Give Users Access to Data
Share Objects and Fields
Strengthen Your Data's Security with Shield Platform Encryption
Monitoring Your Organization’s Security
Security Guidelines for Apex and Visualforce Development
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Custom Login Flows

Login flows allow admins to build post-authentication processes to match their business practices, associate the flow with a user profile, and send the user through that flow when logging in. Salesforce directs users to the login flow after they authenticate but before they access your org or community. After users complete the login flow, they’re logged in to your Salesforce org or community. The login process can also log out users immediately if necessary.
Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
Available in: Essentials, Professional, Enterprise, Performance, Unlimited, and Developer Editions

What can you do with a login flow?

  • Enhance or customize the login experience. For example, add a logo or login message.
  • Collect and update user data. For example, request an email address, phone number, or mailing address.
  • Interact with users, and ask them to perform an action. For example, complete a survey or accept terms of service.
  • Connect to an external identity service or geo-fencing service, and collect or verify user information.
  • Enforce strong authentication. For example, implement a two-factor authentication method using hardware, SMS, biometric, or another authentication technique.
  • Run a confirmation process. For example, have a user define a secret question, and validate the answer during login.
  • Create more granular policies. For example, set up a policy that sends a notification every time a user logs in during non-standard working hours.

The first step is to create a flow using either the Cloud Flow Designer or Visualforce. The Cloud Flow Designer is a point-and-click tool that you can use to design a simple flow that users execute when logging in. Use Visualforce to have complete control over how the login page looks and behaves.

Next, you designate the flow as a login flow and associate it with specific profiles in your org. You can create multiple login flows and associate each one with a different user profile. Users assigned to one profile, like sales reps, experience a particular login process as they log in. Users assigned to a different profile like service reps, experience a different login process.

After you associate a login flow with a profile, it is applied each time a user with that profile logs in to Salesforce, communities, the Salesforce app, and even Salesforce client applications that use OAuth. You can apply login flows to Salesforce orgs and communities, including external identity communities.

Login flows support all Salesforce authentication methods: standard username and password, delegated authentication, SAML single sign-on, and social sign-on through a third-party authentication provider. For example, users logging in with a LinkedIn account can go through a login flow specific for LinkedIn users.

You can’t apply login flows to API logins or when sessions are passed to the UI through frontdoor.jsp from a non-UI login process.

Note