What is the most important tip for working with Login Flows?

A broken Login Flow blocks user access. Test thoroughly in sandbox; have a documented disable procedure for emergencies.

AdministrationBeginner

Login Flows

Q: In which area of Salesforce would you typically find Login Flows?

Login Flows is an administrative feature found in Salesforce Setup - the central hub where admins configure and manage the org.

Q: What is the primary benefit of Login Flows for Salesforce administrators?

Login Flows is an administration feature that empowers admins to manage the Salesforce environment through declarative, point-and-click configuration.

Q: Why is understanding Login Flows important for Salesforce admins?

Administration features like Login Flows are fundamental to maintaining a healthy, secure, and efficient Salesforce org on an ongoing basis.

Login Flows are the Salesforce mechanism for running a Flow during the user login process, after authentication succeeds but before the user lands on their home page.

Hear it

§ 01

Definition

Login Flows are the Salesforce mechanism for running a Flow during the user login process, after authentication succeeds but before the user lands on their home page. The flow runs in the user's context with access to their User record fields, and it can be used for forced consent acknowledgments, terms-of-service acceptance, MFA enrollment prompts, branded login walls, password reset workflows, and any other interaction the org wants to mandate at login time. Each Login Flow is associated with a specific Login Type (Standard, Community, Mobile, etc.) and a User License, with the flow running for users matching the configuration.

The feature predates many modern alternatives. For consent and acknowledgment, Lightning In-App Guidance and platform features like Identity Verification cover most use cases without needing a Login Flow. For pre-login decisions like MFA, the platform's MFA enforcement now handles the prompts directly. Login Flows remain useful for highly customized login experiences that the standard tools cannot produce: regulatory consent specific to one industry, complex branded landing experiences, or org-specific data collection at first login.

§ 02

How Login Flows work

When the flow runs

The Login Flow fires after Salesforce authenticates the user (SSO or password) but before they see the home page. If the user closes the browser mid-flow, the next login restarts the flow. The flow has access to the User record so it can branch on user attributes; it can also write to the User record to update fields like AcceptedTermsDate.

Per-profile and per-license assignment

Login Flows are assigned per User License and optionally per Profile. A Customer Community user might run a different login flow than an internal user. The assignment is configured under Setup > Identity > Login Flows; without an assignment, no flow runs and login proceeds normally.

Common patterns

The most common Login Flow patterns: terms of service acceptance (display, require checkbox, write timestamp), MFA enrollment (prompt to register a verification method), consent for data sharing (regulatory consent in GDPR or HIPAA contexts), branded welcome screen, and first-login data collection (preferences, profile completion). The flow is the surface for any one-time-per-login interaction.

Building the Flow

Login Flows are built in Flow Builder like any other Flow, with the Flow Type set to Login Flow. Standard Flow elements (Screen, Decision, Get Records, Update Records) all work. The flow has special access to the User record through global variables. End the flow with the Finish Login element to complete the login process.

Modern alternatives

For consent acknowledgments, In-App Guidance and on-record acknowledgments often work better than Login Flows because they fire contextually rather than on every login. For MFA, the platform's MFA enforcement handles enrollment without Flow. For data collection, a first-login Flow or a profile completion campaign in Marketing Cloud may be cleaner. Evaluate whether the Login Flow is the right tool or whether a less invasive mechanism fits.

Performance considerations

The flow runs on every login. Even a simple Login Flow adds noticeable latency to the user experience. Keep the flow short and only run when truly needed; conditional logic at the start (skip if user has already completed) avoids running for repeat logins. Apex callouts inside the flow add more latency; offload heavy work to async processing.

Troubleshooting Login Flows

Login Flow errors block the user from reaching their home page. If the flow has a runtime error, the user sees an error screen and cannot log in. Test thoroughly in a sandbox before deploying to production; a broken Login Flow takes down user access for everyone the flow applies to. Have a documented disable procedure ready.

§ 03

Set up and assign a Login Flow

Setting up a Login Flow involves building the flow, assigning it to user populations, and testing without breaking production access. The steps below cover the safe rollout.

Confirm Login Flow is the right tool
Many use cases have better alternatives (In-App Guidance, platform MFA). Confirm Login Flow is the right tool before building.
Build the flow
Flow Builder > New > Login Flow. Build the screens, decisions, and updates. End with Finish Login element.
Test in sandbox
Activate the flow in sandbox. Log in as a test user; verify the flow runs and completes correctly. Test the skip path for repeat users.
Assign to user population
Setup > Identity > Login Flows. Add an assignment specifying User License (and optionally Profile) and pointing to the flow.
Pilot with a small group
Limit assignment to a small profile first. Confirm real users complete the flow without issues before broader rollout.
Document the disable procedure
Write down how to deactivate the flow if it breaks production. Without this, an incident leaves users locked out.
Expand rollout
After pilot success, expand assignment to the broader population. Monitor support tickets for flow-related issues.

Key options

The flow type that runs at login. Configured in Flow Builder.

User License assignmentremember

Primary scope. Internal users, Community users, Mobile users have different licenses.

Profile assignmentremember

Optional second scope. Limit to specific profiles.

Finish Login elementremember

Special Flow element that completes login. Required at every exit path.

Conditional skip logicremember

Decision early in the flow that bypasses the screens for users who have already completed.

Gotchas

A broken Login Flow blocks user access. Test thoroughly; document disable procedure.
The flow runs on every login. Latency adds up; use skip logic for repeat users.
Mid-flow browser close restarts the flow. Long flows are frustrating; keep them short.
Assignment is per User License. Multi-license orgs need separate assignments.
Modern alternatives often work better. Confirm Login Flow is the right tool before building; In-App Guidance and platform MFA cover most cases.

Trust & references

Official documentation

Straight from the source - Salesforce's reference material on Login Flows.

Custom Login FlowsSalesforce Help

Was this entry helpful?

Help us write better definitions. Quick reactions or detailed edit suggestions.

About the Author

Dipojjal Chakrabarti is a B2C Solution Architect with 29 Salesforce certifications and over 13 years in the Salesforce ecosystem. He runs salesforcedictionary.com to help admins, developers, architects, and cert/interview candidates sharpen their fundamentals. More about Dipojjal.

Test your knowledge

Q1. In which area of Salesforce would you typically find Login Flows?

Q2. What is the primary benefit of Login Flows for Salesforce administrators?

Q3. Why is understanding Login Flows important for Salesforce admins?

Discussion

Loading…

Loading discussion…

Back to Dictionary