Let External Users Log In with Their Phone Number, Email, or Any Identifier You Choose

In just a few clicks, you can deploy login pages that simplify how external users log in to your community. With the Login Discovery feature, you can let your external users identify themselves using something other than a username, such as a phone number. Instead of a password, they can verify their identity with a code sent to their email or mobile device. And, if your org is enabled with multiple Identity Providers (IdPs), login is a one-step process—users bypass verification altogether.

Where: This feature is available in all communities, accessed through Lightning Experience, Salesforce Classic, and all versions of the Salesforce app. Communities are available in Enterprise, Performance, Unlimited, and Developer editions.

Who: External Identity and Communities admins can log in users with several verification methods, including email, SMS, Salesforce Authenticator, or a U2F security device. To verify identities via text message, you purchase a license for Identity Verification Credits, which allows your org a predetermined number of SMS messages for identity verification. For exact limits, contact your Salesforce account rep.

Note

Note

SMS wasn’t designed to support confidentiality of messages using encryption. In addition, an SMS verification code can be displayed on a locked device. As a result, an attacker could capture SMS content by intercepting text messages in transit or get access to a user’s device. Generally, these attacks are specifically targeted and not as prone as password violations, but they can put your community at risk. When choosing your authentication technology, it’s important to consider the data and business process that you want to protect, especially when deploying a single factor of authentication.

Why: This feature continues the work begun in Salesforce Spring ’18 to support passwordless login. In Spring ’18, we gave developers the ability to create passwordless login pages programmatically. Now admins can point and click to get this functionality—and more—from the UI.

How: Admins use the Login & Registration page of the Administration Workspace to customize how external users log in to their communities. When they select the new Login Discovery Page login page type, by default, Salesforce generates a login page that prompts the user for an email address or phone number.

Login Discovery Setup page

For example, this configuration generates a login page that contains a field to prompt for an email address or phone number. Because Facebook is selected above, the login page has a button for Facebook to let users identify themselves with their Facebook credentials.

Login page generated by Login Discovery type

Salesforce generates a login discovery Apex handler that contains the logic for users to identify themselves by email or text message. You can customize this handler, for example, to use other identifiers, such as a Federation ID or vendor ID. You can also add logic to simplify login when your org is configured with multiple identity providers or single sign-on integrations. Instead of users guessing which SSO to choose, the handler “discovers” the appropriate provider and invokes SSO for them.

The handler is located in Setup under Apex Classes. Its name begins with AutocreatedDiscLoginHandler, such as AutocreatedDiscLoginHandler1532705706806. Salesforce appends digits to the name to ensure that it’s unique to your org.

Note

Note

When you select Login Discovery Page as the login page type, you can’t select Community Builder Page for the self-registration page type. Likewise, if you select Community Builder Page as the login page type, you must select Community Builder Page as the self-registration page type.