Print this page

Block access to Salesforce with login flows

Knowledge Article Number 000221887
Description You can use login flows to prevent access to salesforce. This article is just a general walkthrough to help with constructing a login flow that stores the logged in user's browser information in a variable and then makes a decision to allow the login attempt based on the logged in user's information. If it is a Android browser it will block the login and if not it will allow the login. For the video to follow along please click this link. If you would like to just download the package into your organization please click this link.

1. How to to create a variable that stores the browser information.

 (a.) Click on resources double click on '(x)Variable' under the 'CREATE NEW' section.
 (b.) Input a value in both the 'Name' field. Ex.LoginFlow_UserAgent
 (c.) Enter a description.
 (d.) Left the data type as 'Text'
 (e.) In the 'Input/Output Type' section select 'Input Only'.
 (f.) Click on the 'OK' button.
User-added image

2. Getting the page to display the user's browser.

  (a.) Select on the 'Palette' tab.
  (b.) In the 'USER INTERFACE' tab click on the 'Screen' component, then drag it out towards the right. 
  (c.) Wait till the configuration menu displays for Screen.
  (d.) Input a Name in the Name field. Ex. "Start Page"
  (e.) Click on the "Add a field" section.
  (f.) Locate the 'OUTPUTS' section in Salesforce.
  (g.) Drag the 'Display Text' towards the right until you get a blue square and '+'icon.
  (h.) Highlight the field and then click on the 'Field Settings' tab.
  (i.) Enter a value for the Unique Name section.'Browser_information'
  (j.) On the 'Select resource' option click on the arrow.
  (k.) Click on the 'VARIABLES' section.
  (l.) Double click on the variable created in Step 1. Ex. LoginFlow_UserAgent
  (m.) Confirm that the variable is underneath the 'Select resource' in the format and add the message of your choice. ex.{!LoginFlow_UserAgent}
User-added image

3. Create a decision to determine what actions can occur when a user logs in from an Android device.

  (a.) Locate the 'LOGIC' selection on the 'Palette' tab.
  (b.) Select the 'Decision' element.
  (c.) Drag the 'Decision' element towards the right. Wait till the configuration menu displays.
  (d.) Input a value in the 'Name'. Ex. "Decision page"
  (e.) On the EDITABLE OUTCOMES click on Add Outcome.
  (f.) Type the word "Block" in the Name section.
  (g.) Click on the arrow towards the right of Select resource.
  (h.) Locate the variable created in the Step 1. Ex.LoginFlow_UserAgent
  (i.) Click on the --Select One-- option select contains.
  (j.) Enter the value "Android" in the Enter value or select resource.
  (k.) Click on the '[Default Outcome]' remove Default Outcome and add Allow.
  (l.) Click on the 'OK' Button.
User-added image

4. Putting all the logic together.

  (a.) Locate the 'USER INTERFACE' section.
  (b.) Click and then drag the Screen element towards the right. Wait for the configuration menu to display.
  (c.) Enter a value in the Name. Ex. "Block Page".
  (d.) Locate the Navigation Options. 
  (e.) Locate the show Finish and Previous.
  (f.) Click the arrow.
  (g.) Select 'Don't show Finish Button'
  (h.) Click on the 'Add a Field' section.
  (i.) Click and drag the 'Display Text' towards the right.
  (j.) Highlight the field and then click on the 'Field Settings' tab.
  (k.) Enter a Unique Name.Ex "Block message".
  (l.) Click on the Text icon.
  (m.) Enter the custom message.Ex."Warning: Salesforce can not be access through an Android browser due to your Security policy in place."
  (n.) Click on the 'Ok' button.
User-added image


5. Final steps.

   (a.) On the first page "Start Page" created in the second step click on the green arrow to make the start page.
   (b.) In the same page  click on the square and drag the line to the "Decision page".
   (c.) From the "Decision page" click on the square and drag the line to the "Block Page". If you would like to by pass the "Start Page " screen and begin in the "Decision Page" it can be configured as the start page.
   (d.) Make sure that 'Block' is selected as the decision outcome linked to the "Block Page".
   (e.) Click the 'OK' button.
   (f.) Save the flow.
   (g.) Apply the flow to the users. 
User-added image

To Block Salesforce1 for Android:

1. Go to Setup| Manage Apps| Connected Apps| Salesforce1/Chatter for Android.
2. Click on the Edit button.
3. In the 'Permitted Users' section select the selection to 'Admin Approved users are  pre-authorized'. Remove 
4. Also if needed  IP restrictions could be put in place to only allow IPs from your company network.
5. Finally, Proceed to Manage Users| Profiles| name of profile. Then remove access from the Profile Connect Apps section.

promote demote