Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Configure Experience Cloud Settings for Headless User Discovery

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Configure Experience Cloud Settings for Headless User Discovery

            With headless user discovery, develop headless authorization flows that don’t require users to enter a username. To use headless user discovery for login, passwordless login, and forgot password flows, configure settings on the Experience Cloud Login & Registration page.

            Required Editions

            Available in: Enterprise, Unlimited, and Developer Editions
            Important
            Important All headless flows use the same headless discovery handler. You can’t use a different handler for each flow.

            To make sure that you complete all setup steps for headless identity, see Headless Identity Implementation Checklists.

            Configure Settings for Login with Any Identifier and a Password

            To configure login with an identifier of your choice and a password, use the Authorization Code and Credentials Flow or the OAuth 2.0 for First-Party Applications login flow. Both flows use the same settings for headless user discovery.

            1. From Setup, in the Quick Find box, enter Sites, and then select All Sites.
            2. To access Experience Workspaces, next to your site name, click Workspaces.
            3. Select Administration, and then select Login & Registration.
            4. Under Headless Username-Password Login, select Use the headless user discovery handler for this flow.
            5. Under Headless User Discovery, click Lookup and select an Apex class that implements the Auth.HeadlessUserDiscoveryHandler interface. Or, to generate a template, click Create a headless user discovery handler template. Edit the template later.
            6. For Run As, click Lookup and select a system user to execute the handler. We recommend that you don’t select a user account that’s associated with a person.
            7. If necessary, configure other settings for the OAuth 2.0 for First-Party Applications login flow. See OAuth 2.0 for First-Party Applications: Configure Experience Cloud Settings.
            8. Save your settings.

            Configure Settings for Login with Any Identifier and One-Time Password

            To configure passwordless login with an identifier of your choice instead of a username, use the Headless Identity API version of the headless passwordless login flow or the OAuth 2.0 for First-Party Applications version. During these flows, users get an email or SMS containing a one-time password (OTP) that they use to complete login. For both flows, headless user discovery is enabled when you add the handler. There’s no extra setting to explicitly enable headless user discovery.

            1. From Setup, in the Quick Find box, enter Sites, and then select All Sites.
            2. To access Experience Workspaces, next to your site name, click Workspaces.
            3. Select Administration, and then select Login & Registration.
            4. Under Headless User Discovery, click Lookup and select an Apex class that implements the Auth.HeadlessUserDiscoveryHandler interface. Or, to generate a template, click Create a headless user discovery handler template. Edit the template later.
            5. For Run As, click Lookup and select a system user to execute the handler. We recommend that you don’t select a user account that’s associated with a person.
            6. If necessary, configure other settings for the flow that you’re using.
            7. Save your settings.

            Configure Settings for Password Reset with Any Identifier

            To configure a password reset process with any identifier instead of a username, use headless user discovery with the Headless Forgot Password Flow. During this flow, users enter the identifier and then receive an email or SMS with a one-time password (OTP). To verify their identity, they enter the OTP and then set their new password.

            1. From Setup, in the Quick Find box, enter Sites, and then select All Sites.
            2. To access Experience Workspaces, next to your site name, click Workspaces.
            3. Select Administration, and then select Login & Registration.
            4. Under Headless Forgot Password, select Use the headless user discovery handler for this flow.
            5. Under Headless User Discovery, click Lookup and select an Apex class that implements the Auth.HeadlessUserDiscoveryHandler interface. Or, to generate a template, click Create a headless user discovery handler template. Edit the template later.
            6. For Run As, click Lookup and select a system user to execute the handler. We recommend that you don’t select a user account that’s associated with a person.
            7. If necessary, configure other settings for the forgot password flow. See Configure Experience Cloud Settings for the Headless Forgot Password Flow.
            8. Save your settings.

            To continue setting up the forgot password flow, see Headless Forgot Password Flow.

             
            Loading
            Salesforce Help | Article