A Step by Step Guide on using Login Flow

Occasionally you may want to disallow users to login to Salesforce. For example, if you are deploying new features or functionalities, or performing system maintenance or data migration or because of any other reason. You may want to disallow all the users or only a group of users or just some specific users. What will be the best way to do this? There are a few options to achieve this. For example, you can
- Freeze the user
- Make the user inactive
- Set the login hours on user’s profile to same value
Each of these options have their own pros and cons. In this blog post, I want to show you step by step how you can achieve the same using “Login Flows”. With login flow, there is going to be a one-time setup effort, but after that allowing / disallowing users will become a piece of cake.
NOTE: Certain sections of the guide will appear as locked in the free preview. You can download the unlocked version of the guide in PDF format by subscribing to our “All Access” Pass through the link below.
This worked really well and I had no idea it was possible. Well done and thank you!
Introducing Mastering Salesforce Flows Training Course
Liked this post? We are now offering a complete self-paced, video-based training course on Mastering Salesforce Flows. The course comes with downloadable step-by-step PDF guides, unlimited access, free upgrades, community discussion area, free preview and more. For more details, please click here.
Need Help with Flows?
Need advice on Flows? I also offer advisory & consulting services on Salesforce Flows. So, whether you want to create new Flows or migrate existing automations (Workflow Rules, Process Builder, Triggers) to Flows, I can help you analyze, design, plan & review. To initiate a discussion, please submit the contact form here stating your requirement or schedule a discussion at this URL.
This just gets you started on Login Flow. You can use this feature for other things like
- Enhance or customize the login experience. For example, add a logo or login message.
- Collect and update user data. For example, request an email address, phone number, or mailing address.
- Interact with users, and ask them to perform an action. For example, complete a survey or accept terms of service.
- Connect to an external identity service or geo-fencing service, and collect or verify user information.
- Enforce strong authentication. For example, implement a two-factor authentication method using hardware, SMS, biometric, or another authentication technique.
- Run a confirmation process. For example, have a user define a secret question, and validate the answer during login.
- Create more granular policies. For example, set up a policy that sends a notification every time a user logs in during non-standard working hours.
- Etc…..
References & Useful URLs
- Help Article (10 mins read) – Custom Login Flows
- Salesforce Security Guide (20 mins read) – Login Flow Examples
- YouTube Video (40 Mts) – Customizing User Authentication with Login Flows
Will this also block the portal users from logging in?
Hi Sindhu, it should work for the community users also as long as you associate the login flow to community user profiles. But please test this out.
Very cool feature. Thanks for sharing useful and powerful feature Ashish.
My pleasure Sivarama!
Hi Ashish,
This is very well presented. Thank you!
Can the flow be used to somehow disable standard profile from logging in without SSO ?
ie. if loginHistory.LoginUrl =’login.salesforce.com’ then disallow login else if loginHistory.LoginUrl=’companyname.my.salesforce.com’ then allow.
I saw your article for the solution using delegated administration to achieve this but that will remove sso for admins as well.
Hi, thank you very much for this tutorial. Very helpful and well written !
But what if user is already logged in ? From what I saw, he stay connected. Do you have any solution regarding this issue ?
Best regards
Hi Ashish,
This worked really well and I had no idea it was possible. Well done and thank you!
You’re welcome Pablo!