Login flow in Salesforce is a great tool that could be used to introduce business processes during login, such as to prompt for device activation, accept terms of service, or collect information about the user.
After Salesforce authenticates a user, the login flow directs the user through a process, such as enforcing strong authentication, displaying messages or collecting user information. When users complete the login flow successfully, they’re redirected to their Salesforce org or site. If unsuccessful, the flow can log out users immediately.
Most of you know this message, right? It is a great example of login flow that Salesforce uses.
To create a login flow, use either Flow Builder or Visualforce.
Flow Builder can be used to design a simple (you can make it complex too) flow that users execute when logging in. If you need to have complete control over how the login page looks and behaves, then use Visualforce.
After creating a flow, navigate to Login Flows under Identity in Setup. Click New to create a new Login Flow and select the type (Flow or Visualforce Page). Give it a name and select an existing flow. Even though it shows all the flow definitions including process builders, you can select only a screen flow. Otherwise you will get an error like this: "Error: Select a flow of type Flow". To associate the login flow with specific profiles in your org, select the user license and profile. If you want the login flow to resemble the Lightning Experience UI, select Render Flow in Lightning Runtime. If you don’t select this option, the login flow resembles Salesforce Classic. You can set a login flow to resemble Lightning Experience even if users log in to Salesforce Classic.
You can create multiple login flows and associate each one with a different user profile. Users assigned to one profile, like sales reps, experience a particular login process as they log in. Users assigned to a different profile like service reps, experience a different login process. There can be only one Login Flow assigned to a profile.
When you associate a login flow with a profile, it’s applied each time a user with that profile logs in to an org or site. The flow is also applied when a user logs in to the Salesforce mobile app and even Salesforce client apps that use OAuth. You can apply login flows to Salesforce orgs and Experience Cloud sites. Login flows support all Salesforce authentication methods: standard username and password, delegated authentication, SAML single sign-on (SSO), and SSO through a third-party authentication provider.
Avoid associating a login flow with the administrator profile until you are sure that the login flow works properly. Otherwise, if something is wrong in the flow, you (admins) cannot log in to your org and it will be hard to fix the issue.
If you want to run the actions in your flow only once for a user, mark a checkbox on the user and use a decision element in the beginning of the flow. If the checkbox is unmarked, continue the login flow's actions, otherwise exit the flow. This way, users will see your login flow only once and they won't complain.
Here is a simple login flow that can be used to collect user's phone and mobile phone numbers only if they are blank. Otherwise, you can skip displaying this screen and let the user log in to the org.
Login Flow Samples Package
The Login Flow Samples Package is an unmanaged package that installs different login flow samples into your Salesforce org. It contains the following examples.
- Email Confirmation–Send email with a verification code.
- SF-TOTP–Enable TOTP multi-factor authentication.
- Conditional Multi–Factor–Skip multi-factor authentication for users who come from a trusted IP address.
- Device Activation–Confirm the user identity using email or multi-factor authentication.
- Accept Terms of Service–Ask the user to agree to terms before continuing.