While studying for the Identity and Access Manager certification, I wanted to dive into Login Flows. Here are my notes on this topic.
Custom login flows are incredibly useful for enforcing business processes when a user authenticates to login to a Salesforce org or Experience Cloud site. The flow kicks in as soon as the initial authentication is complete. If the login flow completes successfully (with or without interaction with the user) the user continues to the Salesforce org or Experience Cloud site. If unsuccessful, the flow can log the user out then and there.
It’s important to add here that a login flow does not replace the Salesforce authentication process – it can extend it. When a login flow is being executed, it cannot be bypassed and must be completed before the user can access Salesforce or the Experience Cloud Site.
What are the use cases for login flows?
Use cases vary from using Visualforce to enhance the login experience with a branded page or login experience, to collecting data from the user or interacting with them for actions to be completed such as completing a survey or accepting the latest internal policy. They could be used for providing users with a seasonal or maintenance message.
Login Flows can also be used for connecting to a Salesforce Customer Identity service, enforcing strong authentication, running a confirmation process, or simply notifying relevant people every time a user logs in during their holiday.
Are they easy to set up?
I’d say yes and no to this. It depends on how comfortable you are with Salesforce flows. Let’s start with setting a Login Flow up with Flow Builder which is the declarative way to set it up:
Let’s ask our Users to determine what their favourite colour is.
To collect the information against the User’s profile. I created a Picklist on the User Object in Salesforce. The picklist is called Favourite Colour and has the values Red, Orange, Yellow, Green, Blue, Indigo, and Violet.
- Go to Flows in Setup, click on New Flow and then choose to create a Screen Flow.
- Add a Screen Element to the Flow:
- I added Display Text to greet the User by their full name
- I added a picklist pulling the values from the Favourite Colour field I created on the User object.
- I then added an Update Element to update the User’s profile with their favourite colour.
- However, we only want to ask the user this once, so we need to add a decision element to the flow so that the User record is queried to see if we have a value in the User’s Favourite Colour field.
- I added a final Screen Element to thank the User for providing the information:
- The final flow looks like this:
The image in this flow was sourced through Wikicommons.
- Save, Name, and Activate the flow
- Then to make the flow a login flow, Go to Login Flows under Identity in the Setup menu.
- Click New to create a new login flow
- Choose the Type to be Flow, Name the Login Flow and select the active flow from the Flow Drop Down. You can choose a User Licence (Salesforce or Experience Cloud) and Profile to assign it to if not all users should be prompted to complete the login flow. You must select a User Licence and a Profile to save the login flow.
- Now test!
How to set up a Visualforce Login Flow experience:
To set up a Visualforce-based login flow, you will need to create a Visualforce page and an Apex controller. This is not declarative – it is code-based. I am using the example set out on the Create a Custom Login Flow with Visualforce in Salesforce Help. The business process is dealt with by the Apex controller and the look and feel is dealt with in the Visualforce page.
- Create the Apex controller first. As mentioned above, I have used the Salesforce Help’s example Apex Controller – it uses the Auth.SessionManagement.finishLoginFlow() method that indicates the end of the login flow and redirects to either Home (if nothing is put in the parenthesis) or a specific URL (if a URL is put in the parenthesis).
- Then create the Visualforce page.
- Now that our Visualforce page is created, we need to go to Security on the VisualForce page listing.
- Assign the Profiles that should have access to this page.
- Now go to Login Flows in the Setup Menu. This time choose the login flow type as Visualforce page. Note you cannot have more than one login flow per profile.
- Add some styling to your Visualforce Login Page to make it more visually appealing.
I have added a basic background and text colour only, using a custom CSS file uploaded to static resources:
A very basic Visualforce page to start! 🙂
Some additional Login Flow examples are here and an example of how to limit the number of concurrent login sessions by one user here.