Make It Easy for Your External Users to Log In to Your Community with Passwordless Login

Give your community members, customers, and other external users the convenience of logging in to your community with a verification code instead of a password. For example, have your external users log in with a code Salesforce sends in an email or text message. This feature is called passwordless login.

Where: This feature is available for Lightning communities and Salesforce Tabs + Visualforce accessed through Lightning Experience and Salesforce Classic. Communities are available in Enterprise, Performance, Unlimited, and Developer editions.

Who: This feature is available only for external users with the External Identity or any community license. Contact Salesforce Customer Support to use the SMS verification method (beta).

Why: Users are increasingly using their mobile devices to do their work. Some users, like retail customers and service reps, work solely on their mobile devices. Regardless of whether users are accessing a browser on their mobile device or desktop, remembering a password is inconvenient. Give your users the option to verify their identity another way. Instead of passwords, your external users can verify their identities with an email one-time password, Salesforce Authenticator, time-based one-time password (TOTP), or Universal 2nd Factor (U2F). Users can also verify their identities by text message (SMS), currently in beta.

Note

Note

SMS wasn’t designed to support confidentiality of messages using encryption. In addition, an SMS verification code can be displayed on a locked device. As a result, an attacker could capture SMS content by intercepting text messages in transit or get access to a user’s device. Generally, these attacks are specifically targeted and not as prone as password violations, but they can put your community at risk. When choosing your authentication technology, it’s important to consider the data and business process that you want to protect, especially when deploying a single factor of authentication.

How: Here’s a passwordless login scenario that uses an SMS text instead of a password. First, the custom login page prompts the user to sign in by entering either an email address or phone number.

Passwordless login page

The user, who previously registered to receive verification codes by text, enters the phone number. The verification code is sent to the user’s phone. After entering the verification code, the user is logged in to your community.

Verify identity with mobile device

Salesforce takes care of the verification process. It generates the page that prompts the user to verify identity and the page containing the verification code. You can customize the user verification page by adding your logo (1) and changing the background color (2). Salesforce displays the name of your community in your verification messages (3).
Note

Note

As a security measure, when users add or update mobile numbers in Advanced User Details, they must log in again to verify their identity. As a result, unsaved changes in the app are lost. To disable this security measure, contact Salesforce Support.

Brand your login pages

Note

Note

This feature enables passwordless logins for external users. Meanwhile, our Lightning Login feature enables passwordless logins for internal users.