Build a screen flow, designate it as a login flow, and connect it to a profile so it runs at login. Test in a sandbox before you touch any production profile, and never attach an untested flow to your own admin profile.
- Build and activate the screen flow
In Flow Builder, create a screen flow with the screens and logic you want at login. Read LoginFlow_UserId to identify the user, and use Get Records or Update Records to read and write the User record. Set LoginFlow_FinishLocation or LoginFlow_ForceLogout if you need to control the outcome. Save and activate the flow.
- Open Login Flows in Setup
From Setup, type Login in the Quick Find box and select Login Flows. This page lists existing login flow connections and lets you create new ones.
- Create the login flow connection
Click New. Enter a Name for the definition, choose the type (Flow for a Flow Builder flow, or Visualforce Page), and select your activated flow from the dropdown.
- Connect it to a license and profile
Select the User License that matches your target profile, then select the Profile. The flow now runs for every login by users on that profile across web, mobile, and OAuth apps. Save the record.
- Test before going wide
Test with a non-admin test user on the target profile in a sandbox. Confirm the flow runs, completes, and lands the user correctly before connecting it to broader profiles or production.
Flow for a Flow Builder screen flow, or Visualforce Page for a custom page with an Apex controller. Most orgs use Flow.
The license tied to your target profile. You pick the license first, which filters the available profiles.
The profile whose users run the flow. One login flow can be connected per profile at a time.
Optional output variable that sets where the user lands after the flow. It cannot point to a URL outside the org.
Optional output variable that logs the user out immediately when set to true, used to deny access on a failed check.
- A broken flow blocks login for everyone on that profile. Do not attach an untested flow to your administrator profile.
- The flow does not run for API logins or sessions passed through frontdoor.jsp, and admins using Log in as another user bypass it.
- In Lightning runtime, users may reach some Salesforce functionality before finishing the flow, so it is not always a hard wall.
- The flow runs on every login for the profile. Branch early to skip work for repeat users and avoid adding login latency.