Security and Sharing: Apple ID Login, Text Message Identity Verification, and Lightning
Community and portal users can now log in using their Apple ID. You
can now have community and portal members verify their identity using text message. Turn
Lightning Locker on or off for your community using a toggle.
Verify Your Community Domain for External Services
Some external services require you to prove control over your community domain name. If so, the service must verify that you actually own the domain. For example, the Sign In with Apple service requires domain verification to allow users to log in with their Apple ID. You can now verify your community domain from the Domains Setup page.
Verify Identity by Text Message Instead of Email
To impose a stricter identity verification policy, you can have community users verify their identity by text message if they already verified their phone number. If users haven’t verified their phone number, Salesforce verifies their identity by email.
Switch Lightning Locker On and Off in the UI
Turn Lightning Locker on and off for all components in a community, regardless of API version, with a simple switch in Experience Builder. The switch is available in Lightning Communities that use the Script Security level Allow Inline Scripts and Script Access to Whitelisted Third-party Hosts.
Limit API Access to Installed Connected Apps
You can limit community and portal (external) users’ access to Salesforce APIs with a new API Access Control setting. With this setting, external users can only access APIs if they use a connected app that is installed in your org.