Last Updated on February 10, 2022 by Rakesh Gupta

Big Idea or Enduring Question:

How can you automatically send password expiration reminders to users?

Objectives:

This blog post will help us to understand the following

Use Schedule-Triggered Flow to automatically send a reminder email to users
Use Schedule-Triggered Flow to run a job that executes every morning at 8:00 am

Business Use case

Pamela Kline is working as a System administrator at Universal Containers (UC). She has received a requirement from the management to send out a reminder email(Morning at 08:00 am) to users to change their passwords 7 days before they expire.

Automation Champion Approach (I-do):

Changing Salesforce passwords periodically is crucial, as it prevents hackers from gaining access to your org, even if they have stolen user credentials. Configuring password expiration to a set number of days, say 90, is a common practice among IT admins.

In Salesforce a system administrator can set the password, for example – User passwords expire in days we define(like 30, 60, 90, etc). The main problem with this approach is that the user doesn’t get any reminder email before or after their password expiration date.

When it comes to notifying users that their passwords are going to expire soon, more communication is always better. Users do not enjoy the password change process; keeping them informed as to when their password will expire is a great way to improve their experience.

There are a few possible solutions for the above business scenario. We will use Schedule-Triggered Flow to solve the requirement. Before we unwrap, let us understand what Scheduled-Triggered Flow is. Scheduled Flows are not triggered by an Event on the data; they simply run when a scheduled time arrives. Scheduled Flows run as follows:

Once (On a particular date and time)
Daily (On a particular date and time)
Weekly (On a particular date and time)

Remember, when a Flow starts, a Flow interview runs for each record that matches the filter criteria – no looping is required. The matching record is stored in the $Record global variable, so you can reference the variable, or its fields, throughout your flow.

Before discussing the solution, let me show you a diagram of a Process Flow at a high level. Please spend a few minutes to go through the following Flow diagram and understand it.

Let’s begin building this automation process.

Guided Practice (We-do):

There are 4 steps to solve Pamela’s business requirement using Schedule-Triggered Flow. We must:

Setup password policy
Create an email template
Create an email alert
Salesforce Flow Steps:
1. Define flow properties for schedule-triggered flow
2. Add a formula to calculate Elapsed days since the last password changed
3. Add a decision element to check the days since the last password changed
4. Use action to send out email alerts to users

Step 1: Setup Password Policies to Expire User Password

Click Setup.
In the Quick Find box, type Password Policies.
Select 60 days option for the User passwords expire in the drop-down.
Click Save.

Step 2: Create a Password Expiration Reminder Email Template

Click Setup.
In the Quick Find box, type Classic Email Templates.
Clicks on the New button.
Name the HTML Email Template and make sure to select the Available For Use checkbox.
Click Next and create a template like the following screenshot:

Step 3: Create an Email Alert

Click Setup.
In the Quick Find box, type Email Alerts.
Select Email Alerts, clicks on the New Email Alert button.
Name the Email Alert and click the Tab button. The Unique Name will populate.
For Object select User.
For the Email Template chooses Password expiration reminder.
For Recipient Type select Email Field: Email.
Click Save.

Step 4.1: Salesforce Flow – Define Flow Properties

Click Setup.
In the Quick Find box, type Flows.
Select Flows then click on the New Flow.
Select the Schedule-Triggered Flow option and click on Next and configure the flow as follows:
1. How do you want to start building: Freeform
2. Set Schedule
  1. Start Date: Dec 2, 2020
  2. Start Time: 8:00 AM
  3. Frequency: Daily
  4. Click Done.
3. Select Object: User
Select All Conditions Are Met (AND).
Set Condition
1. Row 1
  1. Field: User | IsActive
  2. Operator: Equals
  3. Value: True
Click Done.

Step 4.2: Salesforce Flow – Create a Formula to Calculate Elapsed Days Since the Last Password Changed

Under Toolbox, select Manager, then click New Resource to create a formula to calculate elapsed days since the last password changed.
Input the following information:
1. Resource Type: Formula
2. API Name: forNDaysfromPasswordChanged
3. Data Type: Number
4. Decimal Places: 0
5. Formula: Today()-DATEVALUE({!$Record.LastPasswordChangeDate})
Click Done.

Step 4.3: Salesforce Flow – Using Decision Element to Check the Days Since the Last Password Changed

Now we will use the Decision element to check the formula from step 4.2 to find if it returns the true (means formula is equal to 53). Remember in step 1 we set up a password policy to change user passwords 60 days.

Under Toolbox, select Element.
Drag-and-drop Decision element onto the Flow designer.
Enter a name in the Label field; the API Name will auto-populate.
Under Outcome Details, enter the Label the API Name will auto-populate.
Condition Requirements to Execute Outcome: All Conditions Are Met (AND)
1. Row 1:
  1. Resource: {!forNDaysfromPasswordChanged}
  2. Operator: Equals
  3. Value: 53
Click Done.

Step 4.4: Salesforce Flow – Call an Acton – Email Alert to Send Out reminder to Users

The next step is to call the Password expiration reminder email alert from flow so that when flow fires it triggers the email notification.

Under Toolbox, select Element.
Drag-and-drop Action element onto the Flow designer.
In the Action box, type Password expiration reminders.
Clicks on the Password expiration reminders email alert.
Click Done.

In the end, Pamela’s Flow will look like the following screenshot:

Click Save.
Enter Flow Label the API Name will auto-populate.
Click Show Advanced.
Type: Schedule-Triggered Flow
API Version for Running the Flow: 50
Interview Label: Password Expiration Notification {!$Flow.CurrentDateTime}
Click Save.

Almost there! Once everything looks good, click the Activate button.

Monitor Your Schedule Flow

To monitor Flows that are scheduled, navigate to the following path:

Navigate to Setup (Gear Icon) | Environments | Jobs | Scheduled Jobs.
Now look for your Scheduled Flow displaying information as shown in the following screenshot:
Use the Del link to delete the Scheduled Flow job from the queue.

Proof of Concept

Now onwards, every morning at 8:00 am scheduled job will run and start notifying the user whose password will expire in 7 days.

Note:- It appears Gmail or mail providers block the default Automated Process user used by Scheduled Flow process. When changed to a verified Org Wide Email Address the email arrived without a problem.

Formative Assessment:

I want to hear from you!

What is one thing you learned from this post? How do you envision applying this new knowledge in the real world?

Let me know by Tweeting me at @automationchamp, or find me on LinkedIn.

28 thoughts on “Email Notification on Password Expiration”

Hi. Wondering how you create the Change Password button in the email template?

Rakesh Gupta

October 19, 2022 at 9:50 AMs Reply

Using HTML code

Hi i try this and i is not working. I didn’t use 53. To make a test i put Greater than or equal 1 to make it trigger to all users ( i am in a SB with a few emails) The job is scheduled and the deliverability is in all emails. Any idea on how i can make it works?

Rakesh Gupta

July 14, 2021 at 6:47 PMs Reply

Let me know if you still need my help to resolve above issue.

Working In good. I am not able to Populate username and firstname in email template.

how do i populate username, number of days and first name in email template???

what is {!Target_username.Firstname} in Email Template.

does not work as the immedtiate action automatically removes the time dependant action from queue

I don’t understand this part “To test this for one user record, set the flag to true then set it to false”

Where are you referring this? (under field update) and rule should be active for both time. How does it work ? please explain !

Thanks in advance !

Rakesh Gupta

June 21, 2017 at 11:47 AMs Reply

Hi Nidhi,

First, you have to understand, what you just created.

1. You have created a time-based Workflow Rule. It will not fire automatically.
2. To trigger it, Open a user record “set the flag to true then set it to false.”
3. Now Change the user’s password

Hi Rakesh,

I can see Time-based workflow the one you have mentioned above but there’s nothing under delete section though I do have “modify all data” permission.
What I need to do in order to see that ?

can we test this workflow in sandbox too for all users ?

Rakesh Gupta

June 19, 2017 at 10:36 AMs Reply

Yes, use Apex or Login As feature to change the users’ password. Make sure to set the time-dependent action to 1 or 2 days.

good post, nice solution. Thx

Rakesh Gupta

March 14, 2016 at 2:05 PMs Reply

I’m glad to hear that!!

Thank you for sharing this excellent post.
I am going to bookmark this for future help.

Pingback:Email notification on password expiration - DL-UAT

THANK YOU! That was the part I was missing!

Rakesh Gupta

May 29, 2014 at 10:46 PMs Reply

Glad to know! I will update this post. Thank you:)

Thanks for your reply. The part I don’t quite understand is selecting a user for the email notification. In your example, you selected yourself which would only send the notification to you. How would you configure it so that the email would go to the ‘related user’ / all users?

Rakesh Gupta

May 29, 2014 at 10:10 PMs Reply

You are right, Do one thing Under “Recipient Type” Select “Email Field” and under “Recipients” select “Email Field:Email” this will work for all users. Let me know your though on it.

Rakesh,

Very nice solution, but I have a question. Is there anyway to set this up for all users or do you have to setup the workflow for each individual user? The problem is setting the “To” address in the email notification.

Rakesh Gupta

May 29, 2014 at 9:31 PMs Reply

No same workflow will work for all users, what you have to do set this up for all users update field through data loader. I mentioned this in last paragraph how to set this for all users

If you wanted to trigger the workflow to kick off again when the user resets his/her password, how would you go about implementing that?

Rakesh Gupta

March 25, 2014 at 12:19 AMs Reply

Hi Jen,

In this scenario i assume that user will change their password on last day and this is time based workflow it will always fire on same interval as you set. Now come to your point if user change their password on day 40th and from that day you want to count 30 days again then one option is write schedulable apex class.

Regards,
Rakesh Gupta
1. Jen
  
  March 25, 2014 at 12:21 AMs Reply
  
  Thank you for the quick reply. We’ll look into that.
  1. Rakesh Gupta
    
    March 25, 2014 at 12:24 AMs Reply
    
    Let me know if you face any problem to write apex class
2. Jen
  
  March 25, 2014 at 12:25 AMs Reply
  
  Will do, thank you!

Nice blog post

Rakesh Gupta

February 17, 2014 at 10:58 PMs Reply

Thanks!

Sherry

October 19, 2022 at 9:08 AMs Reply

Hi. Wondering how you create the Change Password button in the email template?
1. Rakesh Gupta
  
  October 19, 2022 at 9:50 AMs Reply
  
  Using HTML code
Miguel Alejandro Leal

April 30, 2021 at 10:47 AMs Reply

Hi i try this and i is not working. I didn’t use 53. To make a test i put Greater than or equal 1 to make it trigger to all users ( i am in a SB with a few emails) The job is scheduled and the deliverability is in all emails. Any idea on how i can make it works?
1. Rakesh Gupta
  
  July 14, 2021 at 6:47 PMs Reply
  
  Let me know if you still need my help to resolve above issue.
Raghavendra

April 28, 2021 at 6:43 AMs Reply

Working In good. I am not able to Populate username and firstname in email template.

how do i populate username, number of days and first name in email template???

what is {!Target_username.Firstname} in Email Template.
pulkitjain87yahoocomPulkit Jain

March 19, 2019 at 12:22 PMs Reply

does not work as the immedtiate action automatically removes the time dependant action from queue
Nidhi Soni

June 21, 2017 at 11:42 AMs Reply

I don’t understand this part “To test this for one user record, set the flag to true then set it to false”

Where are you referring this? (under field update) and rule should be active for both time. How does it work ? please explain !

Thanks in advance !
1. Rakesh Gupta
  
  June 21, 2017 at 11:47 AMs Reply
  
  Hi Nidhi,
  
  First, you have to understand, what you just created.
  
  1. You have created a time-based Workflow Rule. It will not fire automatically.
  2. To trigger it, Open a user record “set the flag to true then set it to false.”
  3. Now Change the user’s password
Nidhi Soni

June 21, 2017 at 8:24 AMs Reply

Hi Rakesh,

I can see Time-based workflow the one you have mentioned above but there’s nothing under delete section though I do have “modify all data” permission.
What I need to do in order to see that ?
Nidhi Soni

June 19, 2017 at 10:18 AMs Reply

can we test this workflow in sandbox too for all users ?
1. Rakesh Gupta
  
  June 19, 2017 at 10:36 AMs Reply
  
  Yes, use Apex or Login As feature to change the users’ password. Make sure to set the time-dependent action to 1 or 2 days.
Vic

March 14, 2016 at 2:03 PMs Reply

good post, nice solution. Thx
1. Rakesh Gupta
  
  March 14, 2016 at 2:05 PMs Reply
  
  I’m glad to hear that!!
Denial Parl

January 6, 2016 at 10:38 AMs Reply

Thank you for sharing this excellent post.
I am going to bookmark this for future help.
Pingback:Email notification on password expiration - DL-UAT
Jeff McKinnis

May 29, 2014 at 10:45 PMs Reply

THANK YOU! That was the part I was missing!
1. Rakesh Gupta
  
  May 29, 2014 at 10:46 PMs Reply
  
  Glad to know! I will update this post. Thank you:)
Jeff McKinnis

May 29, 2014 at 9:45 PMs Reply

Thanks for your reply. The part I don’t quite understand is selecting a user for the email notification. In your example, you selected yourself which would only send the notification to you. How would you configure it so that the email would go to the ‘related user’ / all users?
1. Rakesh Gupta
  
  May 29, 2014 at 10:10 PMs Reply
  
  You are right, Do one thing Under “Recipient Type” Select “Email Field” and under “Recipients” select “Email Field:Email” this will work for all users. Let me know your though on it.
Jeff McKinnis

May 29, 2014 at 9:26 PMs Reply

Rakesh,

Very nice solution, but I have a question. Is there anyway to set this up for all users or do you have to setup the workflow for each individual user? The problem is setting the “To” address in the email notification.
1. Rakesh Gupta
  
  May 29, 2014 at 9:31 PMs Reply
  
  No same workflow will work for all users, what you have to do set this up for all users update field through data loader. I mentioned this in last paragraph how to set this for all users
Jen

March 25, 2014 at 12:14 AMs Reply

If you wanted to trigger the workflow to kick off again when the user resets his/her password, how would you go about implementing that?
1. Rakesh Gupta
  
  March 25, 2014 at 12:19 AMs Reply
  
  Hi Jen,
  
  In this scenario i assume that user will change their password on last day and this is time based workflow it will always fire on same interval as you set. Now come to your point if user change their password on day 40th and from that day you want to count 30 days again then one option is write schedulable apex class.
  
  Regards,
  Rakesh Gupta
  1. Jen
    
    March 25, 2014 at 12:21 AMs Reply
    
    Thank you for the quick reply. We’ll look into that.
    1. Rakesh Gupta
      
      March 25, 2014 at 12:24 AMs Reply
      
      Let me know if you face any problem to write apex class
  2. Jen
    
    March 25, 2014 at 12:25 AMs Reply
    
    Will do, thank you!
Salesforce Geek

February 17, 2014 at 10:57 PMs Reply

Nice blog post
1. Rakesh Gupta
  
  February 17, 2014 at 10:58 PMs Reply
  
  Thanks!