Salesforce Login Flows

Notes on the tools used to customize the login experience in Salesforce

What is it?

• A Login Flow is simply a Screen flow that will run right after the user authenticates to the Org, but before they have access to the full application
  • Note: I don’t know if it HAS to be a Screen Flow, but I’m assuming that it does
• Works with all methods of authentication into Salesforce
  • UN/PW
  • SSO via SAML
  • SSO via Social / OpenID Connect
• Works with all Salesforce platforms
  • Salesforce Web App
  • Salesforce Mobile App
  • Communities
• When the Login Flow runs, and before the user has completed it, they are in a sort of interstitial state that will not allow them to proceed to the actual application until they have completed the Flow
  • Great way to keep users captive till they fill out some info or do something

Setup

• Create a Screen Flow that will perform the logic that you’d like
  • E.g., request that they give you their updated phone number and update their user record each time they authenticate
• Create a new Login Flow record (found in Setup > Login Flows) associating the specific Screen Flow to a given User Profile
• Once that record is created, users of that Profile will always see that Flow upon authenticating to Salesforce.

Potential Use Cases

• Require that users refresh certain data every so often when they log in
• Require Acceptance of Terms of Service for external users
• Enforce 2FA with Yubikey or other hardware-based device
  • Requires the Yubikey Apex plugin to authenticate this OTP against the YubiCloud
• Utilize some information scraped from the User Agent (might have to roll this yourself to gather this data…) in order to dynamically adjust what 2FA method will be enforced depending on if you’re logging in from a mobile device or desktop

Misc. Notes

• You can build a custom Login Flow via Visualforce