Last Updated on February 10, 2022 by Rakesh Gupta
A few years back I wrote an article Unconventional application of Two-factor Authentication!. It was a huge success – I received several emails from people requesting me to write another article to show something on restricting login flow to once, based on the condition; instead of, running the flow more than once. Before we move ahead, do check out this article to learn about Flow Builder and some hidden tips and tricks.
Login flow gives you the flexibility to build a custom post-authentication process that meets your business requirements. Login Flow, however, doesn’t give you the flexibility to define how many times, or when, you want to display the Flow. And sometimes, this creates a problem for newbie flow learners. Newbies don’t understand how to configure Login Flow to execute only once; or, control the execution based on specific requirement – For instance, configuring how to display a message three times using Login Flow with two days gap between each display:
- Display message once in a day.
- And, there should be two days gap between the display of each message.
Today, in this article, I am going to show you how you can configure to control the Login Flow to execute only once. Let us start with a business use case.
Business Use Case
Martin Jones is working as a System Administrator at Gurukul on Cloud (GoC). GoC is in the process of updating the employment agreement. Management at GoC wants to use Salesforce to make sure that every user reads the employee agreement and agrees to it. Until they agree, don’t allow them to login into Salesforce.
Solution for the above business requirement
To solve this requirement, we will use many ingredients – including, Salesforce Flow, Login Flow, and a Custom field (Employment_Agreement__c) on the User object. Before trying to understand the technical aspect of the solution, let us spend some time to understand the general flow of our solution at a very high level. Please spend few minutes to go through the following flow diagram and understand it.
Once you understand the above flow diagram, developing the solution will be swift. In this example, I am using a flag/field (Employment_Agreement__c) to determine when to show the login Flow.
Let’s take the discussion further and understand how you can develop this solution end-to-end. Perform the following steps to create the solution using the new Salesforce Flow and Login Flow:
- Log-in into your developer org.
- Create a Custom Field (Employment_Agreement__c) on the User object.
- Navigate to Setup (Gear Icon) | Setup | Process Automation | Flows.
- Now click on the New Flow button; it will open Flow Builder for you.
- Now take a moment and create few formulas in the Salesforce Flow, as shown in the following table:
Formula – Name Formula – Data Type Formula Boolean {!$User.rakeshistomMVP__Employment_Agreement__c} ForTFirstName Text {!$User.FirstName} ForTLoggedInUserID Text {!$User.Id} - The formula field will auto-populate (by auto launching the Login Flow) as soon as the user successfully logged-In.
- Now will use the Decision element to check their (Logged-In user) employment agreement. Drag and drop a Decision element onto Flow Builder and configure it – as shown in the following screenshot:
- Next, we will use the Screen element to display the link of the updated employment agreement with the option, Agrees with it. Drag and drop a Screen element onto the Flow Builder and configure it – as shown in the following screenshot:
Yes, it is possible to use HTML tags with base Flow components (which come from Visual Workflow). - Now, will use the Decision element to check if the Logged-In user read and agrees with the new employment agreement. Drag and drop a Decision element onto Flow Builder and configure it – as shown in the following screenshot:
- The next step is to create the path for Agreed and Not Agreed conditions.
- Agreed:- We will use the Update Records element to update the Employment_Agreement__c field to True on the Logged-In user record.
- Drag and drop a Record Updates element onto Flow Builder and configure it – as shown in the following screenshot:
- If you want to redirect your users to a specific page or Tab after this then, use this Login Flow System Variable – LoginFlow_FinishLocation. Just create a Text type variable and set the URL (Or use the Assignment element to do so). In the following screenshot, we are redirecting our user to the Calendar tab in Lightning Experience:
- Drag and drop a Record Updates element onto Flow Builder and configure it – as shown in the following screenshot:
- Not Agreed:– We will display the message and then, as soon as a user clicks on the Finish button, we will forcefully logout him/her out.
- we will use the Screen element to display the message. Drag and drop a Screen element onto Flow Builder and configure it – as shown in the following screenshot:
- To forcefully logout a user, we have to use this Login Flow System Variable – LoginFlow_ForceLogout. Just create a Boolean type variable – as shown in the following screenshot:
- we will use the Assignment element to set the LoginFlow_ForceLogout to True. Drag and drop an Assignment element onto Flow Builder and configure it – as shown in the following screenshot:
- we will use the Screen element to display the message. Drag and drop a Screen element onto Flow Builder and configure it – as shown in the following screenshot:
- In the end, Martin’s Flow will look like the following screenshot:
- Once you’re done, Save the flow and name it Restrict Login Flows to once, with Type: Screen Flow. Do not forget to activate the Flow by clicking on the Activate button.
- In the end, we have to create a Login Flow for the profile Standard User (remember you have to create separate Login Flow for each profile). To create a new Login Flow, navigate to Setup (Gear Icon) | Setup | SETTINGS | Identity | Login Flows and click on the New button. Now fill the form as shown in the following screenshot:
- Once you are done, click on the Save button.
It’s time to test the Login Flow!
Now, if a User with profile Standard User tries to login without agreeing with the new employment agreement, the system will forcefully log him/her out. If they accept the new employment agreement, then the system will never show them login flow anymore.
–> If you like this article, or would like to share some ideas for enhancements then, please do so. I will very much appreciate it. Thanks in advance.
Proofreader: - Munira Majmundar
Thank you for your post, Rakesh, very helpful!
Would it be too much asking to document the following? doing many announcements and keeping track of them. Something like creating an object related to the user record and for every announcement the user sees and acknowledges in the login flow process it will create a record in that object to store the name of the announcement, date, user etc. This would enable us to report on it per user, announcement etc.
Bonus: displaying images on the announcements.
Thanks!
Julian
Hi Rakesh,
Once page load with agreement screen it automatically re-directed to logout page without selecting checkbox options.
Any Idea on this ?
@Rakesh Thanks For the Article. Just want to check with you whether its possible when user is login second time after signing the agreement, the system is showing a screen(Your flow is finish) before going to home screen. Can we avoid that, like if the user is signed the agreement it shouldn’t show such screen?
Ideally, they will not notice anything. But it will depend on how you configured your FLow.
@Rakesh Thanks. I was able to replicate the steps and it works like a charm. However the target=”_blank” attribute is not working.When one clicks on the href link, it opens same Salesforce page. Is your href behaving correctly?
It works for me in Safari.
Hi rakesh,
It is not redirect the user to specified URL.
Can you please help on this
First, Make sure that you are properly updating the Finish URL