Definition
Login Flows is a Setup feature that allows administrators to associate Flows with the login process, executing custom business logic after a user authenticates but before they access Salesforce. Login Flows can collect additional information, enforce custom security checks, or route users to specific pages based on their profile or IP address.
Real-World Example
The admin at Granite Financial creates a Login Flow that checks whether a user's security training certification has expired. If expired, the Flow redirects them to a training completion screen before allowing access to the org. Users with current certifications proceed to the home page normally. This ensures 100% compliance with the company's annual security training requirement.
Why Login Flows Matters
Login Flows allow administrators to inject custom business logic into the authentication process by associating a Flow with the login experience. After a user successfully authenticates with their credentials, the Login Flow executes before granting access to the org. This enables powerful use cases like enforcing security training completion, collecting updated contact information, routing users based on their profile or IP address, displaying terms of service agreements, or implementing custom multi-factor authentication steps. Login Flows run in system context, giving them access to check and update records regardless of the user's permissions.
As compliance requirements grow more complex, Login Flows become invaluable for enforcing organizational policies that go beyond standard authentication. Without them, administrators must rely on users voluntarily completing required actions or build cumbersome monitoring systems to track compliance after login. Login Flows ensure 100% compliance by making policy checks a mandatory gateway. However, administrators must design Login Flows carefully to minimize friction for compliant users while providing clear guidance for those who need to take action. Poorly designed Login Flows that block users without clear instructions generate support tickets and frustration.
How Organizations Use Login Flows
- Granite Financial — Granite creates a Login Flow that checks whether a user's annual security training certification has expired. Expired users are redirected to a training completion screen before accessing the org, while certified users proceed to the home page normally. This achieves 100% compliance with their annual security training requirement without manual tracking.
- Patriot Defense Systems — Patriot implements a Login Flow that checks the user's IP address against a list of approved network ranges. Users logging in from unapproved locations are presented with an additional verification step requiring a one-time code sent to their registered phone. This adds a location-aware security layer on top of standard authentication.
- Catalyst Healthcare — Catalyst's Login Flow detects first-time logins each quarter and displays a screen requiring users to confirm their department and emergency contact information are current. Only after confirmation or update can they proceed. This keeps employee data fresh without requiring HR to send quarterly survey emails that get ignored.