Salesforce login procedure was like all other web applications around us where we need to provide username and password. Few years back, Salesforce also introduced two step authentication process by using mobile SMS feature. Salesforce also supports SSO, where we can have custom identity provider and custom authentication can be implemented like RSA token based, Yubikey etc. Previously there were no way to participate in standard login process of Salesforce however from Winter 15, we have one more feature known as login flow.
Using Login flow, we can participate and change login process of Salesforce. To explain more, lets consider below problem definition which we will try to solve using login flow in this post.
Problem definition :
Customer has implemented IDp initiated SSO. Whenever any user is logging into corporate network, start up script automcatically uses IDp initiated login to auto start Salesforce. Management wants to know that how many users are really using system and deacticate all users who has not used it in last 45 days.
How to solve ?
As all users are automatically getting logged into system because of startup script , we cannot use standard report to get users who has not logged into salesforce in last 45 days. In this situation we can create custom solution using Login flow.
Solution is very easy. We will create custom object and insert login detail into this object if user accepts terms and condition everytime when trying to login into system. If startup script opens Salesforce page and user ignores selecting terms and condition then it will not create any record.
What is Login flow ?
Login flow is not very new concept to Salesforce admins or developers. It is nothing but flow which can be set into Login flow for each profile.
Security in Login flow
If user is in login flow screen and try to bypass it by directly navigating to URL then Salesforce throws insufficient privileges error because user has access to only login flow, nothing else.
Detailed steps :
Create Custom Object by name something like “Login Detail” with Name as autonumber type and custom field of type lookup to user as shown in below image.