Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Passwordless Login Coding Considerations

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Passwordless Login Coding Considerations

            Review these tips and suggestions before implementing passwordless login.

            Check whether the user is verified

            Users must be registered and verified before they can log in without a password. They must have a verified phone number to log in with an SMS one-time password. Or, they must have a verified email address to log in with an email one-time password.

            You can determine identity verification from the user interface or API. See View Your Users' Identity Verification Methods.

            View the verification methods that the user has registered
            Determine the user’s verification methods with TwoFactorMethodsInfo.
            Handle errors returned by system.site.passwordlessLogin
            If the system.site.passwordlessLogin method returns an error because the user can’t be verified, handle the error. For example, redirect the user to an IdP, or use an alternate page to collect the password and invoke the site.login method.
            Get more identity information after a user logs in
            Set up a login flow to kick off after the user logs in, for example, to register a phone number. Use the System.UserManagement register and deregister methods to manage user verification registration.
            Make sure a user’s email address and mobile phone number are unique
            The User object stores the email address and phone number in User.Mobilephone and User.Email, respectively. But these fields aren’t unique. To ensure uniqueness, store a copy of the email and phone in a unique field, such as User.CommunityNickname. Or create a custom field to store the values.
            Get two verification methods for each user (for recovery)
            We recommend that your users have two verification methods, for example, a phone number and password, or phone number and email address. You can collect this information when users sign up. Or you can collect the information on subsequent logins using a login flow.
            Make sure that the phone number is in a format that Salesforce expects
            Use the System.UserManagement.formatPhoneNumber method to ensure that the phone number is formatted correctly.
            Determine how the login controller logs in the user
            When implementing passwordless login, build the login controller to locate the user based on the identifier entered on the login page. Then check which verification methods the user has registered. Set up the controller to invoke the login process by whichever mechanism is configured, for example, passwordless login, SSO, or social sign-on.
            You can completely remove passwords
            Assign users the Is Single Sign-On Enabled user permission. This user permission is available when your org is enabled for delegated authentication—contact Salesforce to enable it. After you enable the feature, you can assign users the permission.
             
            Loading
            Salesforce Help | Article