A Step by Step Guide on using Login Flow
Occasionally you may want to disallow users to login to Salesforce. For example, if you are deploying new features or functionalities, or performing system maintenance or data migration or because of any other reason. You may want to disallow all the users or only a group of users or just some specific users. What will be the best way to do this? There are a few options to achieve this. For example, you can
- Freeze the user
- Make the user inactive
- Set the login hours on user’s profile to same value
Each of these options have their own pros and cons. In this blog post, I want to show you step by step how you can achieve the same using “Login Flows”. With login flow, there is going to be a one-time setup effort, but after that allowing / disallowing users will become a piece of cake.
This worked really well and I had no idea it was possible. Well done and thank you!
(We have discontinued our premium membership offering. If you are an existing premium member, you can still download the guides by clicking on “DOWNLOAD PDF [PREMIUM MEMBERS]” button. If you are not a premium member and want to download the guides, please sign up for our “All Access” pass. Complete details about this pass is available at this URL.)
| Liked this guide? We are now offering a complete course (self-paced) on Mastering Salesforce Flows. For more details and free preview please click here. |
This just gets you started on Login Flow. You can use this feature for other things like
- Enhance or customize the login experience. For example, add a logo or login message.
- Collect and update user data. For example, request an email address, phone number, or mailing address.
- Interact with users, and ask them to perform an action. For example, complete a survey or accept terms of service.
- Connect to an external identity service or geo-fencing service, and collect or verify user information.
- Enforce strong authentication. For example, implement a two-factor authentication method using hardware, SMS, biometric, or another authentication technique.
- Run a confirmation process. For example, have a user define a secret question, and validate the answer during login.
- Create more granular policies. For example, set up a policy that sends a notification every time a user logs in during non-standard working hours.
- Etc…..
References & Useful URLs
- Help Article (10 mins read) – Custom Login Flows
- Salesforce Security Guide (20 mins read) – Login Flow Examples
- YouTube Video (40 Mts) – Customizing User Authentication with Login Flows
Will this also block the portal users from logging in?
Hi Sindhu, it should work for the community users also as long as you associate the login flow to community user profiles. But please test this out.
Very cool feature. Thanks for sharing useful and powerful feature Ashish.
My pleasure Sivarama!
Hi Ashish,
This is very well presented. Thank you!
Can the flow be used to somehow disable standard profile from logging in without SSO ?
ie. if loginHistory.LoginUrl =’login.salesforce.com’ then disallow login else if loginHistory.LoginUrl=’companyname.my.salesforce.com’ then allow.
I saw your article for the solution using delegated administration to achieve this but that will remove sso for admins as well.
Hi, thank you very much for this tutorial. Very helpful and well written !
But what if user is already logged in ? From what I saw, he stay connected. Do you have any solution regarding this issue ?
Best regards
Hi Ashish,
This worked really well and I had no idea it was possible. Well done and thank you!
You’re welcome Pablo!