A sign-in flow directs users to sign in before they access your Salesforce organization or Experience Cloud site. You can use a login flow to control the business processes your users follow when they log in to Salesforce. After Salesforce authenticates a user, the sign-in flow guides the user through a process that requires strong authentication or collects user information, for example. If users complete the sign-in flow successfully, they are directed to their Salesforce organization or site. If it fails, the stream can log users out immediately.

Use Flow Builder or Visualforce to create flows. Flow Builder is a point-and-click tool that lets you design a simple flow that users run while they log in. With Visualforce, you have full control over the look and behavior of the login page.

After you create a flow, assign it as a login flow and link it to specific profiles in your organization. You can create multiple login flows and associate each with a different user profile. Users who are assigned to one profile, such as salespeople, go through a specific logon process when they log on. Users associated with a different profile, such as customer service representatives, go through a different sign-in process.

When you associate a login feed with a profile, it is applied each time a user with that profile logs in to an organization or website. The flow is also applied when a user logs in to the Salesforce mobile app or even Salesforce client apps that use OAuth. You can apply sign-in flows to Salesforce organizations and Experience Cloud sites.

Login flows support all Salesforce authentication methods: standard username and password, delegated authentication, SAML single sign-on (SSO), and SSO via a third-party authentication provider. For example, users who sign in with a LinkedIn account can go through a special sign-in process for LinkedIn users.

Input Stream Usage Examples

Wondering what you can use input streams for? Here are some examples of how to use them.

• Enhance or customize the login experience by adding a logo or login message.
  Collect and update user information such as email address, phone number, or mailing address.
  Interact with users and prompt them to take a specific action. For example, you can ask them to fill out a survey or agree to their terms of service.
  Connect to a Salesforce customer service ID or geofencing service and collect or verify user information.
  Enforce strong authentication, such as using multi-factor authentication (MFA) with hardware, biometrics, or another authentication technique.
  Conduct an approval process. For example, have a user define a secret question and verify the answer at login.
  Create more detailed policies, such as a policy that sends a notification every time a user logs in outside of normal business hours.

Input Stream Execution

Before you create a login process, it is important to understand how to perform the login process.

• To invoke a login flow, the user must first be authenticated. Sign-in flows do not replace the existing Salesforce authentication process. They integrate new steps or request information from the user.
  While the logon flow is running, users have restricted access. Users in a sign-in flow can only access the flow; they cannot skip the stream to get to the app. Only when they successfully authenticate and complete the flow can they log in to the organization.

Create and Manage Input Streams

Listed below are some key points we've organized for you on creating and managing login flows.

• Create Login Flow with Flow Builder: Use the Flow Builder to declaratively create a login flow. With this tool, you create a screen flow of screens and connectors that guide users step-by-step through a business process when they log in.
  Create custom login flow with Visualforce: Use Visualforce and an Apex controller to programmatically create a custom login flow. With Visualforce, you have full control over how your sign-in page looks, how it behaves, and how users are redirected when the flow is complete. You can design your homepage from scratch and control every pixel of the page.
  Set up a sign-in flow and link it to profiles: After you create a flow using Flow Builder or Visualforce, assign it as a login flow and link it to user profiles. When users log in with an associated profile, they are directed to the login flow.
  Examples of login flows: You can use a login flow to customize the login experience and integrate business processes with Salesforce authentication. Common use cases include collecting and updating user credentials at login, configuring multi-factor authentication, or integrating strong third-party authentication methods.
  Limit concurrent sessions with login flows: You can use a login flow to limit the number of concurrent Salesforce sessions per user.

Login Access

As a Salesforce administrator, you can set up your organization to allow Salesforce support users, partner support users, or subscribers to log in as other users in a Salesforce organization. For example, a support user can log in to a Salesforce organization as the user experiencing the issue to help troubleshoot the issue. You can also configure your organization to require users to grant logon access to support users or subscribers who attempt to log on as that user.

Considerations

For security, these measures apply when Salesforce Support users, Partner Support users, and subscribers log in as other users.

• When logging in as another user, a support user or subscriber cannot authorize OAuth data access for the user. For example, if a support user or subscriber signs in as another user, they cannot authorize OAuth access to their user account from third-party apps. This restriction also applies to single sign-on.
  A Support User or Subscriber logged in as another user cannot perform actions that send emails from Salesforce unless that user's account email is verified.
  A Support User or Subscriber cannot change to a different username while logged in as a User. For example, if a support user or subscriber logs in as a different user and selects a different username from the profile menu in Lightning Experience, they will be logged out.
  When these conditions are met, a support user or subscriber who logs in as another user must meet the requirements for multi-factor authentication (MFA).
  • MFA is enforced through an end-user permission, a session-level policy, or the Require Multi-Factor Authentication (MFA) setting for all direct user interface sessions in your Salesforce organization.
    Enable multi-factor authentication for UI sessions across multiple logins for the organization.

Example: Your organization has enabled multi-factor authentication for UI sessions on differential login, and a user has the user privilege multi-factor authentication for UI sessions. When a support user or subscriber logs in as a user, the user must provide the code or confirmation of a verification method that they have registered for their account. Authentication methods include authentication apps, security keys, or temporary authentication codes. Support users and subscribers with High Assurance sessions always bypass MFA verification when signing in.

If multi-factor authentication for UI sessions is not enabled for the organization during other logins, a support user or subscriber can log in as a user before the user completes MFA authentication. This scenario applies even if the Multi-factor authentication for UI logins permission is enabled for the user.

A support user or participant logs in without multi-factor authentication and attempts to access a resource that requires a high-security session, such as reports. The organization's high-security policy determines whether the support user or subscriber can access reports. For more information, see here. Change session security settings.

For example, if the organization's high security policy is set to Block, the support user or subscriber cannot access the reports. If the policy is set to Increase session to high security, the support user or subscriber must provide a second factor for authentication.

Through which channels is Salesforce accessible?

Supported browsers for Salesforce vary depending on whether you are using Salesforce Classic or Lightning Experience.

1. Supported Browsers and Devices for Lightning Experience
2. Supported Browsers and Devices for Salesforce Classic
3. Supported Browsers for CRM Analytics

1. Supported Browsers and Devices for Lightning Experience

Salesforce does not support non-browser applications that embed WebView or similar controls to generate content for Salesforce Classic or Lightning Experience. Examples of approaches that embed these types of controls include Salesforce Mobile SDK, Microsoft's WebBrowser Control, Electron's Chromium integrated browser, iOS's UIWebView and WKWebView, and Android's WebView. You cannot access Lightning Experience through a mobile browser. We recommend using the Salesforce Mobile App instead if you are on a mobile device. You can access Lightning Experience through iPad Safari. For more information. Lightning Experience themes on iPad Safari. Lightning Experience does not support incognito or other private browsing modes.

Desktop and Laptop Scanners

Salesforce supports these browsers. Make sure your browsers are up to date. Other browsers or older versions of supported browsers are not guaranteed to support all features.

Tablet Scanners

Use Apple Safari on iPadOS (iOS 13.x) or later. Portrait orientation and reorientation are not supported in Lightning Experience on iPad Safari. Use landscape orientation and maximize your Safari browser to full width. Unlock the iPad rotation lock to prevent the orientation from changing.

We only support the Salesforce Mobile app for Android-based tablets.

Salesforce treats touch-enabled laptops, including Microsoft Surface and Surface Pro devices, as laptops, not tablets. Access to the Salesforce Mobile App is not available on these devices. Users are always redirected to the full website experience enabled for them: Lightning Experience or Salesforce Classic. Only standard keyboard and mouse input is supported on such devices.

2. Supported Browsers and Devices for Salesforce Classic

Using Salesforce Classic in a mobile browser is not supported. We recommend using the Salesforce Mobile app instead if you are working on a mobile device.

3. Supported Browsers for CRM Analytics

Supported browsers for CRM Analytics include those supported for Lightning Experience.

References

- Salesforce Supported Browsers and Devices