Embedded Login Meta Tag Reference

You are here:

Embedded Login Meta Tag Reference

You use these Embedded Login meta tags when adding login capabilities to your website.

Warning In Summer ’24, Salesforce made Embedded Login disabled by default. We recommend that you use the web server flow, the user-agent flow, or another redirect-based OAuth 2.0 flow instead of Embedded Login.

Embedded Login relies on third-party cookies, which are blocked or restricted in most browsers. And Embedded Login works only on Google Chrome and only as long as third-party cookies are allowed there by default.

salesforce-allowed-domains

Specifies domains that can access the access token and user information. Use this meta tag only on callback. The callback must be located in the same domain as the Embedded Login web page. String.

<meta name="salesforce-allowed-domains"
       content="embeddedlogin.herokuapp.com">

salesforce-cache-max-age

Sets the cache control maximum age header. Optional. The browser uses this header to determine whether the cached content is fresh or must be refreshed from the server after the specified number of seconds. Integer. By default, the cache is cleared every 24 hours. To improve performance, increase the cache maximum age. However, as a result, you receive JavaScript updates from Salesforce less frequently because updates occur when the cache is cleared. In this example, the cache is cleared every minute.

<meta name="salesforce-cache-max-age"
       content="60">

salesforce-client-id

The Embedded Login external client app’s consumer key, which is the unique identifier for the external client app. When the Salesforce admin creates the Embedded Login external client app, the app generates a unique identifier in the consumer key field. String.

<meta name="salesforce-client-id"
       content="3MVG9Iu66FKeHhIPrRneLTDFdiuLfgLjycFpg6SbLpZAJScEXuD.oRdaWnJE7QGNFWHxunp0ut1">

salesforce-community

Community URL of the Salesforce community hosting your identity services. String.

<meta name="salesforce-community"
       content="https://embeddedlogin-dev-ed.my.site.com/demo">

salesforce-expid

Specifies the value of the experience ID for the current user session. Use this tag to support dynamic branding on your login page. String.

<meta name="salesforce-expid"
      content="coffee">

salesforce-forgot-password-enabled

Indicates whether to show the forgot password link on the login form. Optional. Boolean, false by default. If your community enabled the forgot password link, set this link to true.

<meta name="salesforce-forgot-password-enabled"
       content="true">

salesforce-login-handler

JavaScript function to call on a successful login event. Optional. You have full control over what happens when users log in successfully. For example, you can replace the login button with the user’s name and profile picture. String.

<meta name="salesforce-login-handler"
       content="onlogin">

salesforce-logout-handler

JavaScript function to call on a successful logout event. Optional. You have full control over what happens when users log out successfully. For example, you can clear the user’s session and reload the login button. String.

<meta name="salesforce-logout-handler"
       content="onlogout">

salesforce-logout-on-browser-close

Deletes the user’s Embedded Login session after they close their browser window. Optional. Boolean, true by default. Set to false if you want users to remain logged in even after they close the browser.

<meta name="salesforce-logout-on-browser-close"
       content="true">

salesforce-mask-redirects

Controls whether login redirects are visible on the website or hidden inside an iframe. Embedded Login uses a simple authentication process that’s completed inside an iframe and hidden from the user with a mask redirect. Boolean, true by default.

However, if one of these scenarios applies to your org, set the salesforce-mask-redirects metatag to false:

Your org uses a login flow that requires extra steps within the website, such as multi-factor authentication (MFA) or a custom login flow.
Your org uses a login page that requires extra steps within the website, such as a Login Discovery Page or custom login page.
Your org sets the OAuth Permitted Users policy for the Embedded Login external client app to All users may self-authorize,

Work with your Salesforce admin to integrate the custom login flow with Embedded Login.

<meta name="salesforce-mask-redirects"
       content="true">

salesforce-mode

Add this meta tag to the Embedded Login web page to determine whether to display the login form inline or as a modal or popup. With modal and popup modes, the page initially displays a login button. When clicked, the login form appears. With inline mode, the login form appears when the user navigates to the web page. Modal and inline modes render the login form from the website. Popup mode loads your community’s login page.

<meta name="salesforce-mode"
      content="inline">

Add this meta tag to the server-side callback to determine how the callback displays the login form on the web page. Values can be modal-callback, inline-callback, or popup-callback. This value must match the mode specified on the web page. For example, if your web page mode is modal, the callback value must be modal-callback.

<meta name="salesforce-mode"
       content="inline-callback">

salesforce-redirect-uri

URL of your callback. This URL is the same as the URL that you specify in the callback URL field of the Embedded Login external client app. The external client app requires the callback URL to connect Salesforce to your website. String.

<meta name="salesforce-redirect-uri"
       content="https://embeddedlogin.heroku.com/_callback.php">

salesforce-save-access-token

Indicates whether to save the user’s access token after the initial login process. Boolean, false by default, which doesn’t save the access token. Set to true to continue interacting with Salesforce during the active user session.

<meta name="salesforce-save-access-token"
       content="true">

salesforce-self-register-enabled

Indicates whether to show the self-register link on the login form. Boolean, false by default. If your community enabled the self-registration link, set this link to true.

<meta name="salesforce-self-register-enabled"
       content="true">

salesforce-self-register-starturl-enabled

Indicates whether to redirect a user after completing self-registration to your website’s page that is associated with the Embedded Login’s start URL. Boolean, true by default. If enabled, the start URL is auto-generated and appended to the self-registration endpoint. When a user self-registers on your website, the auto-generated start URL initiates the OAuth user-agent flow, redirecting the user to your website’s page.

<meta name="salesforce-self-register-starturl-enabled"
       content="true">

salesforce-server-callback

Indicates that the Embedded Login callback is on the server. Boolean, false by default. If you’re using a server-side callback, this value must be set to true.

<meta name="salesforce-server-callback"
       content="true">

salesforce-server-response

The HTML response of the server-side callback. String. It returns a base-64 encoded response from the user info endpoint.

<meta name="salesforce-server-response"
       content="base64EncodedJSON">

salesforce-server-starturl

The Embedded Login external client app start URL. Specify this meta tag to add your Embedded Login–enabled web page to your App Launcher. String. It returns the state parameter.

<meta name="salesforce-server-starturl"
       content="https://embeddedlogin-dev-ed.my.site.com/demo/services/oauth2/authorize?response_type=token&
       client_id=3MVG9Iu66FKeHhIPrRneLTDFdiuLfgLjycFpg6SbLpZAJScEXuD.oRdaWnJE7QGNFWHxunp0ut1&
       redirect_uri=https%3A%2F%2Fembeddedlogin.herokuapp.com%2F_callback.html&state=%2F">

Note If the Block Redirect to Unknown URL setting is enabled for the site, Salesforce blocks redirects to unknown URLs that are provided in the state parameter of the OAuth response. Redirects are allowed when the URL is in the same host or domain as the site, or is allow-listed in the Embedded Login salesforce-allowed-domains meta tag.

salesforce-target

Identifier of the visible HTML element, such as a button or link, which executes a JavaScript function when clicked. For example, to use a login button as a target, #salesforce-login refers to a <div> in the body of the web page, div id=salesforce-login. String.

<meta name="salesforce-target"
       content="#salesforce-login">

salesforce-use-login-page-background-color

Determines the background color of the Embedded Login login form. Boolean, true by default. If true, it uses the background color specified on the Experience Workspaces Administration | Login & Registration page. If false, the color specified in the local CSS is used.

<meta name="salesforce-use-login-page-background-color"
       content="false">

salesforce-use-login-page-button-color

Determines the color of the login button on the Embedded Login login form. Boolean, true by default. If true, it uses the button color specified on the Experience Workspaces Administration | Login & Registration page. If false, the color specified in the local CSS is used.

<meta name="salesforce-use-login-button-color"
       content="false">

salesforce-use-min-js

Indicates whether to generate JavaScript in a readable or minimized lightweight version. Boolean, true by default. Set to false to generate readable JavaScript.

<meta name="salesforce-use-min-js"
       content="false">

Did this article solve your issue?

Let us know so we can improve!

Embedded Login Meta Tag Reference

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List

Product Area

Feature Impact

Edition

Experience

Embedded Login Meta Tag Reference