Nov. 7, 2022 · 8 minutes
A sign-in flow directs users to sign in before they access your Salesforce organization or Experience Cloud site. You can use a login flow to control the business processes your users follow when they log in to Salesforce. After Salesforce authenticates a user, the sign-in flow guides the user through a process that requires strong authentication or collects user information, for example. If users complete the sign-in flow successfully, they are directed to their Salesforce organization or site. If it fails, the stream can log users out immediately.
Use Flow Builder or Visualforce to create flows. Flow Builder is a point-and-click tool that lets you design a simple flow that users run while they log in. With Visualforce, you have full control over the look and behavior of the login page.
After you create a flow, assign it as a login flow and link it to specific profiles in your organization. You can create multiple login flows and associate each with a different user profile. Users who are assigned to one profile, such as salespeople, go through a specific logon process when they log on. Users associated with a different profile, such as customer service representatives, go through a different sign-in process.
When you associate a login feed with a profile, it is applied each time a user with that profile logs in to an organization or website. The flow is also applied when a user logs in to the Salesforce mobile app or even Salesforce client apps that use OAuth. You can apply sign-in flows to Salesforce organizations and Experience Cloud sites.
Login flows support all Salesforce authentication methods: standard username and password, delegated authentication, SAML single sign-on (SSO), and SSO via a third-party authentication provider. For example, users who sign in with a LinkedIn account can go through a special sign-in process for LinkedIn users.
Wondering what you can use input streams for? Here are some examples of how to use them.
Before you create a login process, it is important to understand how to perform the login process.
Listed below are some key points we've organized for you on creating and managing login flows.
As a Salesforce administrator, you can set up your organization to allow Salesforce support users, partner support users, or subscribers to log in as other users in a Salesforce organization. For example, a support user can log in to a Salesforce organization as the user experiencing the issue to help troubleshoot the issue. You can also configure your organization to require users to grant logon access to support users or subscribers who attempt to log on as that user.
For security, these measures apply when Salesforce Support users, Partner Support users, and subscribers log in as other users.
Example: Your organization has enabled multi-factor authentication for UI sessions on differential login, and a user has the user privilege multi-factor authentication for UI sessions. When a support user or subscriber logs in as a user, the user must provide the code or confirmation of a verification method that they have registered for their account. Authentication methods include authentication apps, security keys, or temporary authentication codes. Support users and subscribers with High Assurance sessions always bypass MFA verification when signing in.
If multi-factor authentication for UI sessions is not enabled for the organization during other logins, a support user or subscriber can log in as a user before the user completes MFA authentication. This scenario applies even if the Multi-factor authentication for UI logins permission is enabled for the user.
A support user or participant logs in without multi-factor authentication and attempts to access a resource that requires a high-security session, such as reports. The organization's high-security policy determines whether the support user or subscriber can access reports. For more information, see here. Change session security settings.
For example, if the organization's high security policy is set to Block, the support user or subscriber cannot access the reports. If the policy is set to Increase session to high security, the support user or subscriber must provide a second factor for authentication.
Supported browsers for Salesforce vary depending on whether you are using Salesforce Classic or Lightning Experience.
Salesforce does not support non-browser applications that embed WebView or similar controls to generate content for Salesforce Classic or Lightning Experience. Examples of approaches that embed these types of controls include Salesforce Mobile SDK, Microsoft's WebBrowser Control, Electron's Chromium integrated browser, iOS's UIWebView and WKWebView, and Android's WebView. You cannot access Lightning Experience through a mobile browser. We recommend using the Salesforce Mobile App instead if you are on a mobile device. You can access Lightning Experience through iPad Safari. For more information. Lightning Experience themes on iPad Safari. Lightning Experience does not support incognito or other private browsing modes.
Salesforce supports these browsers. Make sure your browsers are up to date. Other browsers or older versions of supported browsers are not guaranteed to support all features.
Use Apple Safari on iPadOS (iOS 13.x) or later. Portrait orientation and reorientation are not supported in Lightning Experience on iPad Safari. Use landscape orientation and maximize your Safari browser to full width. Unlock the iPad rotation lock to prevent the orientation from changing.
We only support the Salesforce Mobile app for Android-based tablets.
Salesforce treats touch-enabled laptops, including Microsoft Surface and Surface Pro devices, as laptops, not tablets. Access to the Salesforce Mobile App is not available on these devices. Users are always redirected to the full website experience enabled for them: Lightning Experience or Salesforce Classic. Only standard keyboard and mouse input is supported on such devices.
Using Salesforce Classic in a mobile browser is not supported. We recommend using the Salesforce Mobile app instead if you are working on a mobile device.
Supported browsers for CRM Analytics include those supported for Lightning Experience.