Setting up a Login Flow involves building the flow, assigning it to user populations, and testing without breaking production access. The steps below cover the safe rollout.
- Confirm Login Flow is the right tool
Many use cases have better alternatives (In-App Guidance, platform MFA). Confirm Login Flow is the right tool before building.
- Build the flow
Flow Builder > New > Login Flow. Build the screens, decisions, and updates. End with Finish Login element.
- Test in sandbox
Activate the flow in sandbox. Log in as a test user; verify the flow runs and completes correctly. Test the skip path for repeat users.
- Assign to user population
Setup > Identity > Login Flows. Add an assignment specifying User License (and optionally Profile) and pointing to the flow.
- Pilot with a small group
Limit assignment to a small profile first. Confirm real users complete the flow without issues before broader rollout.
- Document the disable procedure
Write down how to deactivate the flow if it breaks production. Without this, an incident leaves users locked out.
- Expand rollout
After pilot success, expand assignment to the broader population. Monitor support tickets for flow-related issues.
The flow type that runs at login. Configured in Flow Builder.
Primary scope. Internal users, Community users, Mobile users have different licenses.
Optional second scope. Limit to specific profiles.
Special Flow element that completes login. Required at every exit path.
Decision early in the flow that bypasses the screens for users who have already completed.
- A broken Login Flow blocks user access. Test thoroughly; document disable procedure.
- The flow runs on every login. Latency adds up; use skip logic for repeat users.
- Mid-flow browser close restarts the flow. Long flows are frustrating; keep them short.
- Assignment is per User License. Multi-license orgs need separate assignments.
- Modern alternatives often work better. Confirm Login Flow is the right tool before building; In-App Guidance and platform MFA cover most cases.