Block access to Salesforce with login flows
|Knowledge Article Number||000221887|
|Description||You can use login flows to prevent access to salesforce. This article is just a general walkthrough to help with constructing a login flow that stores the logged in user's browser information in a variable and then makes a decision to allow the login attempt based on the logged in user's information. If it is a Android browser it will block the login and if not it will allow the login. For the video to follow along please click this link. If you would like to just download the package into your organization please click this link.
1. How to to create a variable that stores the browser information.(a.) Click on resources double click on '(x)Variable' under the 'CREATE NEW' section.
(b.) Input a value in both the 'Name' field. Ex.LoginFlow_UserAgent
(c.) Enter a description.
(d.) Left the data type as 'Text'
(e.) In the 'Input/Output Type' section select 'Input Only'.
(f.) Click on the 'OK' button.
(a.) Select on the 'Palette' tab.
(a.) Locate the 'LOGIC' selection on the 'Palette' tab.
3. Create a decision to determine what actions can occur when a user logs in from an Android device.
(b.) Select the 'Decision' element.
(c.) Drag the 'Decision' element towards the right. Wait till the configuration menu displays.
(d.) Input a value in the 'Name'. Ex. "Decision page"
(e.) On the EDITABLE OUTCOMES click on Add Outcome.
(f.) Type the word "Block" in the Name section.
(g.) Click on the arrow towards the right of Select resource.
(h.) Locate the variable created in the Step 1. Ex.LoginFlow_UserAgent
(i.) Click on the --Select One-- option select contains.
(j.) Enter the value "Android" in the Enter value or select resource.
(k.) Click on the '[Default Outcome]' remove Default Outcome and add Allow.
(l.) Click on the 'OK' Button.
(a.) Locate the 'USER INTERFACE' section.
4. Putting all the logic together.
(b.) Click and then drag the Screen element towards the right. Wait for the configuration menu to display.
(c.) Enter a value in the Name. Ex. "Block Page".
(d.) Locate the Navigation Options.
(e.) Locate the show Finish and Previous.
(f.) Click the arrow.
(g.) Select 'Don't show Finish Button'
(h.) Click on the 'Add a Field' section.
(i.) Click and drag the 'Display Text' towards the right.
(j.) Highlight the field and then click on the 'Field Settings' tab.
(k.) Enter a Unique Name.Ex "Block message".
(l.) Click on the Text icon.
(m.) Enter the custom message.Ex."Warning: Salesforce can not be access through an Android browser due to your Security policy in place."
(n.) Click on the 'Ok' button.
5. Final steps.(a.) On the first page "Start Page" created in the second step click on the green arrow to make the start page.
(b.) In the same page click on the square and drag the line to the "Decision page".
(c.) From the "Decision page" click on the square and drag the line to the "Block Page". If you would like to by pass the "Start Page " screen and begin in the "Decision Page" it can be configured as the start page.
(d.) Make sure that 'Block' is selected as the decision outcome linked to the "Block Page".
(e.) Click the 'OK' button.
(f.) Save the flow.
(g.) Apply the flow to the users.
1. Go to Setup| Manage Apps| Connected Apps| Salesforce1/Chatter for Android.
To Block Salesforce1 for Android:
2. Click on the Edit button.
3. In the 'Permitted Users' section select the selection to 'Admin Approved users are pre-authorized'. Remove
4. Also if needed IP restrictions could be put in place to only allow IPs from your company network.
5. Finally, Proceed to Manage Users| Profiles| name of profile. Then remove access from the Profile Connect Apps section.