Thursday, February 28, 2019

Login Flows - Way to Customize User Authentication Flow

Login flows acts as business process which you want to invoke for user after logging. Login flows are assigned at profile level.

How Login Flow works?

Custom 2 Factor Authentication

Login flows can be used to provide custom 2 factor authentication. Below is flow chart that I have prepared to implement this:

Different steps involved:
  • Once user logged in, will be redirected to login flow.
  • From login flow, call apex call which can either perform callout to external system which can send authentication code to user via SMS or email. You can use twilio app to send sms to users. You can store the auth code from callout response in salesforce(may be in some custom field on user object).
  • If you don't want to use external app, then generate random code in apex and store it in custom field in user object and send email to user with code using apex email message methods.
  • Once user receives the code will enter it in input text on login flow. 
  • If user entered code matches with code stored in user object custom field then allow user to navigate to Salesforce. As a best practice clear the code stored in user object once validation completed so that user can not reuse the same code again.
  • If there is mismatch, you can deny user access.

Important considerations while using login flows
  • Login flow can not be used to replace Salesforce authentication but can used as additional set of authentication.
  • Login flow can be used to display some important messages to users once they login. Refer Login Flows to Display Important Messages to User After Login to learn about this in detail.
  • Login flows are only applicable for UI login not for API login.
  • Login flow can be used with SAML JIT. If user doesn't exist then during JIT, first user will be provisioned and then login flow will kick off. If user fails 2 factor authentication from login flow,then deactivate the user again in salesforce.
  • When user login, user login date like type of device, IP address, session id, user agent etc are available in visual workflow designer. This can be used to provide different user experience to user based on login device.
  • As a best practice, do not enable custom 2 factor authentication for system administrators.

Hope this will help!!


  1. Wow, what an awesome spot to spend hours and hours! It's beautiful and I'm also surprised that you had it all to yourselves! Kindly follow the links too Best HIV Treatment in India
    Top HIV Hospital in India
    HIV AIDS Treatment in Mumbai
    HIV Specialist in Bangalore
    HIV Positive Treatment in India
    Medicine for AIDS in India

  2. Hey!

    DigiPeek is the best SEO & Link Building Service Provider In The World. I have 7+ Years Experience To Build SEO, Backlinks & Improve Website Ranking.

    If you need Profile Backlinks, Forum Backlinks, Dofollow Backlinks, Manual Backlinks, Trusted SEO Backlinks, Increase Domain Rating Then You Will Contact Me.

    I am glad to help You!

    Let's TRY!

  3. Good pictures and great post very informative thanks for sharing with us.
    Wallet box packaging wholesale
    buy Watch Boxes

  4. The explanation is comprehensive and informative. Quikads is the
    best selling sites in Bangladesh

  5. Nice blog really love the content. Visit Towertools, here you will get all kind of tools like Paint Filter Online | Spray Paint

  6. Terrific work! That is the kind of info that should be shared around the internet.
    Shame on the seek engines for no longer positioning this submit higher!
    Come on over and consult with my website . Thank you =)
    content writing company in delhi
    travel content writer in delhi

  7. Thank you for sharing this helpful information.