Enable / Disable Users to Login to Salesforce Using Login Flow

A Step by Step Guide on using Login Flow

Salesforce Login Flow

Occasionally you may want to disallow users to login to Salesforce. For example, if you are deploying new features or functionalities, or performing system maintenance or data migration or because of any other reason. You may want to disallow all the users or only a group of users or just some specific users. What will be the best way to do this? There are a few options to achieve this. For example, you can

  • Freeze the user
  • Make the user inactive
  • Set the login hours on user’s profile to same value

Each of these options have their own pros and cons. In this blog post, I want to show you step by step how you can achieve the same using “Login Flows”. With login flow, there is going to be a one-time setup effort, but after that allowing / disallowing users will become a piece of cake.

(We have discontinued our premium membership offering. If you are an existing premium member, you can still download the guides by clicking on “DOWNLOAD PDF [PREMIUM MEMBERS]” button. If you are not a premium member and want to download the guides, please sign up for our “All Access” pass. Complete details about this pass is available at this URL.)

Liked this guide? We are now offering a complete course (self-paced) on Mastering Salesforce Flows. For more details and free preview please click here.

This just gets you started on Login Flow. You can use this feature for other things like

  • Enhance or customize the login experience. For example, add a logo or login message.
  • Collect and update user data. For example, request an email address, phone number, or mailing address.
  • Interact with users, and ask them to perform an action. For example, complete a survey or accept terms of service.
  • Connect to an external identity service or geo-fencing service, and collect or verify user information.
  • Enforce strong authentication. For example, implement a two-factor authentication method using hardware, SMS, biometric, or another authentication technique.
  • Run a confirmation process. For example, have a user define a secret question, and validate the answer during login.
  • Create more granular policies. For example, set up a policy that sends a notification every time a user logs in during non-standard working hours.
  • Etc…..

References & Useful URLs

8 thoughts on “Enable / Disable Users to Login to Salesforce Using Login Flow”

  1. Hi Ashish,

    This is very well presented. Thank you!
    Can the flow be used to somehow disable standard profile from logging in without SSO ?
    ie. if loginHistory.LoginUrl =’login.salesforce.com’ then disallow login else if loginHistory.LoginUrl=’companyname.my.salesforce.com’ then allow.

    I saw your article for the solution using delegated administration to achieve this but that will remove sso for admins as well.

  2. Hi, thank you very much for this tutorial. Very helpful and well written !

    But what if user is already logged in ? From what I saw, he stay connected. Do you have any solution regarding this issue ?

    Best regards

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top