Enable / Disable Users to Login to Salesforce Using Login Flow

A Step by Step Guide on using Login Flow

Salesforce Login Flow

Occasionally you may want to disallow users to login to Salesforce. For example, if you are deploying new features or functionalities, or performing system maintenance or data migration or because of any other reason. You may want to disallow all the users or only a group of users or just some specific users. What will be the best way to do this? There are a few options to achieve this. For example, you can

  • Freeze the user
  • Make the user inactive
  • Set the login hours on user’s profile to same value

Each of these options have their own pros and cons. In this blog post, I want to show you step by step how you can achieve the same using “Login Flows”. With login flow, there is going to be a one-time setup effort, but after that allowing / disallowing users will become a piece of cake.



To get the PDF copy of the presentation above (link to download the PDF will be emailed to the email address specified below)

Check to subscribe and get notified for new guides



(You'll never be spammed on my watch and that's a promise)

This just gets you started on Login Flow. You can use this feature for other things like

  • Enhance or customize the login experience. For example, add a logo or login message.
  • Collect and update user data. For example, request an email address, phone number, or mailing address.
  • Interact with users, and ask them to perform an action. For example, complete a survey or accept terms of service.
  • Connect to an external identity service or geo-fencing service, and collect or verify user information.
  • Enforce strong authentication. For example, implement a two-factor authentication method using hardware, SMS, biometric, or another authentication technique.
  • Run a confirmation process. For example, have a user define a secret question, and validate the answer during login.
  • Create more granular policies. For example, set up a policy that sends a notification every time a user logs in during non-standard working hours.
  • Etc…..

References & Useful URLs:

6 thoughts on “Enable / Disable Users to Login to Salesforce Using Login Flow”

  1. Hi Ashish,

    This is very well presented. Thank you!
    Can the flow be used to somehow disable standard profile from logging in without SSO ?
    ie. if loginHistory.LoginUrl =’login.salesforce.com’ then disallow login else if loginHistory.LoginUrl=’companyname.my.salesforce.com’ then allow.

    I saw your article for the solution using delegated administration to achieve this but that will remove sso for admins as well.

  2. Hi, thank you very much for this tutorial. Very helpful and well written !

    But what if user is already logged in ? From what I saw, he stay connected. Do you have any solution regarding this issue ?

    Best regards

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top