Last Updated on February 10, 2022 by Rakesh Gupta
Big Idea or Enduring Question:
- How can you automatically send password expiration reminders to users?
Objectives:
This blog post will help us to understand the following
- Use Schedule-Triggered Flow to automatically send a reminder email to users
- Use Schedule-Triggered Flow to run a job that executes every morning at 8:00 am
Business Use case
Pamela Kline is working as a System administrator at Universal Containers (UC). She has received a requirement from the management to send out a reminder email(Morning at 08:00 am) to users to change their passwords 7 days before they expire.
Automation Champion Approach (I-do):
Changing Salesforce passwords periodically is crucial, as it prevents hackers from gaining access to your org, even if they have stolen user credentials. Configuring password expiration to a set number of days, say 90, is a common practice among IT admins.
In Salesforce a system administrator can set the password, for example – User passwords expire in days we define(like 30, 60, 90, etc). The main problem with this approach is that the user doesn’t get any reminder email before or after their password expiration date.
When it comes to notifying users that their passwords are going to expire soon, more communication is always better. Users do not enjoy the password change process; keeping them informed as to when their password will expire is a great way to improve their experience.
There are a few possible solutions for the above business scenario. We will use Schedule-Triggered Flow to solve the requirement. Before we unwrap, let us understand what Scheduled-Triggered Flow is. Scheduled Flows are not triggered by an Event on the data; they simply run when a scheduled time arrives. Scheduled Flows run as follows:
- Once (On a particular date and time)
- Daily (On a particular date and time)
- Weekly (On a particular date and time)
Remember, when a Flow starts, a Flow interview runs for each record that matches the filter criteria – no looping is required. The matching record is stored in the $Record global variable, so you can reference the variable, or its fields, throughout your flow.
Before discussing the solution, let me show you a diagram of a Process Flow at a high level. Please spend a few minutes to go through the following Flow diagram and understand it.
Let’s begin building this automation process.
Guided Practice (We-do):
There are 4 steps to solve Pamela’s business requirement using Schedule-Triggered Flow. We must:
- Setup password policy
- Create an email template
- Create an email alert
- Salesforce Flow Steps:
- Define flow properties for schedule-triggered flow
- Add a formula to calculate Elapsed days since the last password changed
- Add a decision element to check the days since the last password changed
- Use action to send out email alerts to users
Step 1: Setup Password Policies to Expire User Password
- Click Setup.
- In the Quick Find box, type Password Policies.
- Select 60 days option for the User passwords expire in the drop-down.
- Click Save.
Step 2: Create a Password Expiration Reminder Email Template
- Click Setup.
- In the Quick Find box, type Classic Email Templates.
- Clicks on the New button.
- Name the HTML Email Template and make sure to select the Available For Use checkbox.
- Click Next and create a template like the following screenshot:
Step 3: Create an Email Alert
- Click Setup.
- In the Quick Find box, type Email Alerts.
- Select Email Alerts, clicks on the New Email Alert button.
- Name the Email Alert and click the Tab button. The Unique Name will populate.
- For Object select User.
- For the Email Template chooses Password expiration reminder.
- For Recipient Type select Email Field: Email.
- Click Save.
Step 4.1: Salesforce Flow – Define Flow Properties
- Click Setup.
- In the Quick Find box, type Flows.
- Select Flows then click on the New Flow.
- Select the Schedule-Triggered Flow option and click on Next and configure the flow as follows:
- How do you want to start building: Freeform
- Set Schedule
- Start Date: Dec 2, 2020
- Start Time: 8:00 AM
- Frequency: Daily
- Click Done.
- Select Object: User
- Select All Conditions Are Met (AND).
- Set Condition
- Row 1
- Field: User | IsActive
- Operator: Equals
- Value: True
- Row 1
- Click Done.
Step 4.2: Salesforce Flow – Create a Formula to Calculate Elapsed Days Since the Last Password Changed
- Under Toolbox, select Manager, then click New Resource to create a formula to calculate elapsed days since the last password changed.
- Input the following information:
- Resource Type: Formula
- API Name: forNDaysfromPasswordChanged
- Data Type: Number
- Decimal Places: 0
- Formula: Today()-DATEVALUE({!$Record.LastPasswordChangeDate})
- Click Done.
Step 4.3: Salesforce Flow – Using Decision Element to Check the Days Since the Last Password Changed
Now we will use the Decision element to check the formula from step 4.2 to find if it returns the true (means formula is equal to 53). Remember in step 1 we set up a password policy to change user passwords 60 days.
- Under Toolbox, select Element.
- Drag-and-drop Decision element onto the Flow designer.
- Enter a name in the Label field; the API Name will auto-populate.
- Under Outcome Details, enter the Label the API Name will auto-populate.
- Condition Requirements to Execute Outcome: All Conditions Are Met (AND)
- Row 1:
- Resource: {!forNDaysfromPasswordChanged}
- Operator: Equals
- Value: 53
- Row 1:
- Click Done.
Step 4.4: Salesforce Flow – Call an Acton – Email Alert to Send Out reminder to Users
The next step is to call the Password expiration reminder email alert from flow so that when flow fires it triggers the email notification.
- Under Toolbox, select Element.
- Drag-and-drop Action element onto the Flow designer.
- In the Action box, type Password expiration reminders.
- Clicks on the Password expiration reminders email alert.
- Click Done.
In the end, Pamela’s Flow will look like the following screenshot:
- Click Save.
- Enter Flow Label the API Name will auto-populate.
- Click Show Advanced.
- Type: Schedule-Triggered Flow
- API Version for Running the Flow: 50
- Interview Label: Password Expiration Notification {!$Flow.CurrentDateTime}
- Click Save.
Almost there! Once everything looks good, click the Activate button.
Monitor Your Schedule Flow
To monitor Flows that are scheduled, navigate to the following path:
- Navigate to Setup (Gear Icon) | Environments | Jobs | Scheduled Jobs.
- Now look for your Scheduled Flow displaying information as shown in the following screenshot:
- Use the Del link to delete the Scheduled Flow job from the queue.
Proof of Concept
Now onwards, every morning at 8:00 am scheduled job will run and start notifying the user whose password will expire in 7 days.
Note:- It appears Gmail or mail providers block the default Automated Process user used by Scheduled Flow process. When changed to a verified Org Wide Email Address the email arrived without a problem.
Formative Assessment:
I want to hear from you!
What is one thing you learned from this post? How do you envision applying this new knowledge in the real world?
Let me know by Tweeting me at @automationchamp, or find me on LinkedIn.
Rakesh Gupta, thanks for your time to share knowlodge.
Can you exlpain how to generate de html button to reset password?
Thanks
Here you go:
Hi. Wondering how you create the Change Password button in the email template?
Using HTML code
Hi i try this and i is not working. I didn’t use 53. To make a test i put Greater than or equal 1 to make it trigger to all users ( i am in a SB with a few emails) The job is scheduled and the deliverability is in all emails. Any idea on how i can make it works?
Let me know if you still need my help to resolve above issue.
Working In good. I am not able to Populate username and firstname in email template.
how do i populate username, number of days and first name in email template???
what is {!Target_username.Firstname} in Email Template.
does not work as the immedtiate action automatically removes the time dependant action from queue
I don’t understand this part “To test this for one user record, set the flag to true then set it to false”
Where are you referring this? (under field update) and rule should be active for both time. How does it work ? please explain !
Thanks in advance !
Hi Nidhi,
First, you have to understand, what you just created.
1. You have created a time-based Workflow Rule. It will not fire automatically.
2. To trigger it, Open a user record “set the flag to true then set it to false.”
3. Now Change the user’s password
Hi Rakesh,
I can see Time-based workflow the one you have mentioned above but there’s nothing under delete section though I do have “modify all data” permission.
What I need to do in order to see that ?
can we test this workflow in sandbox too for all users ?
Yes, use Apex or Login As feature to change the users’ password. Make sure to set the time-dependent action to 1 or 2 days.
good post, nice solution. Thx
I’m glad to hear that!!
Thank you for sharing this excellent post.
I am going to bookmark this for future help.
THANK YOU! That was the part I was missing!
Glad to know! I will update this post. Thank you:)
Thanks for your reply. The part I don’t quite understand is selecting a user for the email notification. In your example, you selected yourself which would only send the notification to you. How would you configure it so that the email would go to the ‘related user’ / all users?
You are right, Do one thing Under “Recipient Type” Select “Email Field” and under “Recipients” select “Email Field:Email” this will work for all users. Let me know your though on it.
Rakesh,
Very nice solution, but I have a question. Is there anyway to set this up for all users or do you have to setup the workflow for each individual user? The problem is setting the “To” address in the email notification.
No same workflow will work for all users, what you have to do set this up for all users update field through data loader. I mentioned this in last paragraph how to set this for all users
If you wanted to trigger the workflow to kick off again when the user resets his/her password, how would you go about implementing that?
Hi Jen,
In this scenario i assume that user will change their password on last day and this is time based workflow it will always fire on same interval as you set. Now come to your point if user change their password on day 40th and from that day you want to count 30 days again then one option is write schedulable apex class.
Regards,
Rakesh Gupta
Thank you for the quick reply. We’ll look into that.
Let me know if you face any problem to write apex class
Will do, thank you!
Nice blog post
Thanks!