Salesforce login procedure was like all other web applications around us where we need to provide username and password. Few years back, Salesforce also introduced two step authentication process by using mobile SMS feature. Salesforce also supports SSO, where we can have custom identity provider and custom authentication can be implemented like RSA token based, Yubikey etc. Previously there were no way to participate in standard login process of Salesforce however from Winter 15, we have one more feature known as login flow.
Using Login flow, we can participate and change login process of Salesforce. To explain more, lets consider below problem definition which we will try to solve using login flow in this post.
Problem definition :
Customer has implemented IDp initiated SSO. Whenever any user is logging into corporate network, start up script automcatically uses IDp initiated login to auto start Salesforce. Management wants to know that how many users are really using system and deacticate all users who has not used it in last 45 days.
How to solve ?
As all users are automatically getting logged into system because of startup script , we cannot use standard report to get users who has not logged into salesforce in last 45 days. In this situation we can create custom solution using Login flow.
Solution is very easy. We will create custom object and insert login detail into this object if user accepts terms and condition everytime when trying to login into system. If startup script opens Salesforce page and user ignores selecting terms and condition then it will not create any record.
What is Login flow ?
Login flow is not very new concept to Salesforce admins or developers. It is nothing but flow which can be set into Login flow for each profile.
Security in Login flow
If user is in login flow screen and try to bypass it by directly navigating to URL then Salesforce throws insufficient privileges error because user has access to only login flow, nothing else.
Detailed steps :
Create Custom Object by name something like “Login Detail” with Name as autonumber type and custom field of type lookup to user as shown in below image.
Create new flow by navigating to “Setup | App Setup | Workflow and Approvals | Flows | New Flow“.
Drag Screen component from left to canvas panel and name it something like “Welcome”.
Then add two fields on screen by clicking on “Add a Field” tab, In this case I have added below fields
- Display Text
- Unique Name – Line1
- Text – Welcome to Login Flow Demo
- Label – Do you want to continue
- Unique Name – Do_you_want_to_continue
We will use above checkbox in next component to decide that user has selected to go ahead or not ?
Now its time to add new component in flow. Drag Decision component from left to canvas and enter values like below screen
As shown in above image, we need to create outcome by name “Yes” and in condition we are checking that screen input field “Do_you_want_to_continue” is equal to true or not. Default outcome we are considering as No.
Now create a formula field by navigating to “Resources” tab and double click on “Formula”. This formula will hold current logged in user as shown in below image.
Its time to add final element in flow. Drag “Record Created” component on canvas and enter values as shown in below image
In above image, we are creating record in custom object created in first step with value in user field from Formula we have created.
Now connect “Yes” decision to recorc create component and No to Welcome screen by dragging mouse from descision to destination component as shown in image. Also, dont forget to mark Welcome screen as “start element”. It can be done by selecting green arrow at upper right corner of component.
Activate above flow and navigate to “Setup | Administration Setup | Security Controls | Login Flows | New”. Select recently created login flow and profile for which it should be enabled.
We are all set now, logout and try to login again. You will be prompted with message if your profile matched with login flow and record will be created in custom object.
This is just one demo of small problem, possibilities with login flow are endless. It is suggested as a best practice not to use Login flow for System administrators, If some issue arises they should be in position to rectify and correct it.
Video tutorial of this blog post can be found on my live streaming channel. Start watching it from 15th minute, there is no sound in initial video.
If you want to learn more about visualflow then visit cool blog of my buddy Rakesh, which has many cool tutorials mainly focused on visualflow.