You are here:
Custom Login Flows
A login flow directs users through a login process before they access your Salesforce org or Experience Cloud site. You can use a login flow to control the business processes that your users follow when they log in to Salesforce. After Salesforce authenticates a user, the login flow directs the user through a process, such as enforcing strong authentication or collecting user information. When users complete the login flow successfully, they’re redirected to their Salesforce org or site. If unsuccessful, the flow can log out users immediately.
To create a flow, use either Flow Builder or Visualforce. Flow Builder is a point-and-click tool that you can use to design a simple flow that users execute when logging in. Use Visualforce to have complete control over how the login page looks and behaves.
After creating a flow, designate the flow as a login flow and associate it with specific profiles in your org. You can create multiple login flows and associate each one with a different user profile. Users assigned to one profile, like sales reps, experience a particular login process as they log in. Users assigned to a different profile like service reps, experience a different login process.
When you associate a login flow with a profile, it’s applied each time a user with that profile logs in to an org or site. The flow is also applied when a user logs in to the Salesforce mobile app and even Salesforce client apps that use OAuth. You can apply login flows to Salesforce orgs and Experience Cloud sites.
Login flows support all Salesforce authentication methods: standard username and password, delegated authentication, SAML single sign-on (SSO), and SSO through a third-party authentication provider. For example, users logging in with a LinkedIn account can go through a login flow specific for LinkedIn users.
Login Flow Use Cases
Wondering what you can use login flows for? Here are some example use cases.
- Enhance or customize the login experience by adding a logo or login message.
- Collect and update user data, such as an email address, phone number, or mailing address.
- Interact with users, and ask them to perform an action. For instance, you can ask them to complete a survey or accept terms of service.
- Connect to a Salesforce Customer Identity service or geo-fencing service, and collect or verify user information.
- Enforce strong authentication, like implementing a multi-factor authentication (MFA) method using hardware, biometric, or another authentication technique.
- Run a confirmation process. For example, have a user define a secret question, and validate the answer during login.
- Create more granular policies like setting up a policy that sends a notification every time a user logs in during non-standard working hours.
Login Flow Execution
Before creating a login flow, it’s important to understand login flow execution.
- To invoke a login flow, the user must first be authenticated. Login flows don’t replace the existing Salesforce authentication process. They integrate new steps or ask the user for information.
-
Important To avoid performance and security issues, follow these guidelines.- Don’t redirect the user out of your org. Redirecting out of your org creates an open redirect vulnerability that can be exploited by attackers. It also breaks standard Salesforce identity services that use a start URL, including password reset.
- Only include steps that are related to the login process that users complete. Don't include non-login business processes, such as updating records that aren't associated with the user. Including non-login processes in a login flow can have unintended side effects, blocking some services. Create separate flows for non-login processes.
- During login-flow execution, users have restricted access. Users in a login flow can access only the flow—they can’t bypass it to get to the application. They can log in to the org only when they successfully authenticate and complete the flow.
- When accessing the Outlook integration via single sign-on (SSO), custom login flows aren’t invoked. The custom login flow will only be reinvoked when the user manually logs out of the account.
Create and Manage Login Flows
For help with creating and managing login flows, review these articles.
- Create a Login Flow with Flow Builder
Use the point-and-click Flow Builder to create a login flow declaratively. With this tool, you create a screen flow—a collection of screens and connectors that step users through a business process when they log in. - Create a Custom Login Flow with Visualforce
Use Visualforce and an Apex controller to create a custom login flow programmatically. With Visualforce, you have complete control over how your login page looks, behaves, and directs users after they complete the flow. You can design your login page from scratch and control every pixel of the page. - Set Up a Login Flow and Connect to Profiles
After you create a flow using Flow Builder or Visualforce, designate it as a login flow and associate it with a user profile. When a user with an associated profile logs in, they go through the login flow. - Login Flow Examples
You can use a login flow to customize the login experience and integrate business processes with Salesforce authentication. Common uses cases include collecting and updating user data at login, configuring multi-factor authentication, or integrating third-party strong authentication methods. - Limit the Number of Concurrent Sessions with Login Flows
You can use a login flow to restrict the number of simultaneous Salesforce sessions per user.
