Unveiling Design Patterns: A Visual Guide with UML Diagrams
(Salesforce) Lightning Login - Dreamforce 2017
1. Lightning Login: The Best Feature
You've Never Heard About
SmithMichael@Salesforce.com, @force2b_Mike
Michael Smith, Senior Member of Technical Staff – Salesforce.org
2. Forward-Looking Statements
Statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if
any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-
looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of
product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of
management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments
and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our
service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of
growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and
any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain,
and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling
non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the
financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form
10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the
Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may
not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently
available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
5. What is Lightning Login?
Lightning Login will allow you to log into Salesforce using only your
Username and your mobile device.
Lightning Login is enabled for all Users by default
Lightning Login has no direct relationship with the Lightning
Experience (LEX).
• Works in Classic!
• The Lightning Experience does not need to be
enabled to use Lightning Login
6. What is Lightning Login?
Lightning Login will work in all editions of Salesforce and any type
of Org - Production, Sandbox, Dev, and even Scratch Orgs.
Works for Internal Users only – not external Community Users
MyDomain does not need to be enabled either
(though everyone should be using this already!)
It can be restricted to specific Users through a
Permission Set or a Profile
7. What are the Requirements to use Lightning Login?
1. An Android or iOS mobile device with the Salesforce
Authenticator app installed
2. Each User must individually enroll in Lightning Login (i.e., link
their mobile device to their Salesforce User account).
9. Why Use Lightning Login?
Lightning Login is super convenient for Users
• Log in with only your Username and your mobile device!
Adds a layer of security by requiring two-factors authentication for
every login
• Factor 1: Something you know or have (Fingerprint or PIN)
• Factor 2: Something you have (Mobile Device with the
Salesforce Authenticator installed)
10. How does it differ from standard Two-Factor Authentication
Standard Two Factor Authentication requires:
• Username and Password
• Second form of authentication – Mobile Device, YubiKey, or other unique
code generator
Lightning Login can be used in Orgs that have 2FA enabled
• When 2FA is enabled Lightning Login will require an
extra fingerprint or PIN entry on the mobile device.
16. Configuring Lightning Login
By default, Lightning Login is already enabled in all
organizations.
Lightning Login can be further secured with some
additional settings:
• The “Allow only for Users with the Lightning Login User
permission” option on the Session Settings page can be
used to control individual access to Lightning Login.
• Lightning Login can be added to the High Assurance
Session Security Level. This is useful in organizations that
require a higher level of security to access Reports,
Dashboards, and/or Connected Apps.
Enable Lightning Login in your organization
18. How a User Enrolls in Lightning Login
Admin’s cannot enroll their Users in Lightning
Login for them!
Users must first install the Salesforce Authenticator
on their mobile device
From within Salesforce, have the User go to Settings
by clicking on their name/icon at the top of the page
and select “Settings”
Each User that wants to use Lightning Login must go through this process
19. How a User Enrolls in Lightning Login
Expand the Personal section on the left and click on
Advanced User Details
Don’t click the Edit button at the top of the page
Each User that wants to use Lightning Login must go through this process
20. How a User Enrolls in Lightning Login
Scroll down on the page and look for an “Enroll” link
next to “Lightning Login”
Have the user click the Enroll link
Each User that wants to use Lightning Login must go through this process
21. How a User Enrolls in Lightning Login
Depending on the Org’s security settings, the User
may be asked to confirm their identity through one of
the following:
• Log in a second time (enter their Username/Password)
• Enter a one-time verification code sent by SMS or email
• Approve an authenticator notification
22. How a User Enrolls in Lightning Login
Finally the User is asked to register the mobile
device to use with Lightning Login by entering a two-
word phrase.
Open the Salesforce Authenticator App from your
mobile device
The Salesforce Authenticator is NOT the
Salesforce app
23. How a User Enrolls in Lightning Login
Open the Salesforce Authenticator app on your
mobile device
Click the +New Account button at the bottom
24. How a User Enrolls in Lightning Login
Enter the two word
phrase displayed on
your mobile device into
the prompt on your
computer and click
[Connect]
25. How a User Enrolls in Lightning Login
On your mobile device, click the
[Connect] button and then the
[Approve] button on the final
screen.
Good morning and welcome to what will be a short presentation on one of my favorite and under-used features – Lightning Login
My name is Michael Smith. I work for Salesforce.org as a developer on the Nonprofit Success Pack. Prior to that I was a consultant for 8 years, and that is where I was first introduced to this feature.
Before I begin, just a quick note that when considering future developments you should always base your purchasing decisions on what is currently available and not discussions on what functionality may or may not be released in the future.
When I did this at Dreamforce, it was the first session on morning after the concert. So, coffee was needed for everyone. Today, it's not too early, unless like me you were up at 4:30AM.
So, you might ask - What is lightning login?
The quick definition is that it allows you to log into Salesforce very fast using only your username and your mobile device.
It’s LIGHTNING FAST login.
First released in Winter ‘17 to not much fan-fare, the feature is automatically enabled for all Orgs and all Users
Even though it starts with the word LIGHTNING, it really has no direct connection to the Lightning Experience.
WORKS IN CLASSIC. Yes it does!!
Works in any org – Production, Sandbox, Dev Org, and even Scratch Orgs
Supports Internal Users only, but not external Community or Chatter Free users.
Doesn’t require that LEX or MyDomain be enabled in your org. Though, honestly if you’re already using MyDomain – I highly recommend it.
For those orgs that want to restrict its usage, as with most Salesforce functionality Lightning Logic can be locked down to work only for specific Users through Profile or Permission Set assignments.
To use Lightning Login, your end users must do two things:
Install the Salesforce Authenticator App from the App Store or Google Play Store
Enroll in Lightning Login from within Salesforce - which effectively links their User account to the Salesforce Authenticator app on their phone
You might ask – why should we use this
It’s a REALLY fast way of logging in. Don’t give in to Users lobbying for less stringent password requirements
It adds a layer of extra security by requiring something extra or at least different to login. The User would need to know their Username – which they all do; and they would need access to their mobile device (and who doesn’t have their phone on them nearly 24x7).
To protect your company and customer data, all Salesforce organizations should of course have strong password complexity requirements and require frequent password changes, but you don’t want to make it impossible for your users to log into Salesforce either. Lightning Login can bridge that gap.
Lightning Login in different than standard 2 Factor Authentication though.
Standand 2FA requires three things
Username
Password
A second form of authentication – For example Mobile Device with SMS or an authenticator app, a Yubikey, or some other form of RSA code generator
The first two constitute something you know, while the last one is something you have. This is the basis of most 2 factor authentication schemes. Personally I use 2FA on all social media and email accounts. What if someone hacks Yahoo and steals their Usernames and Password; oops. That’s already happened. Glad I use 2FA.
Alright, so what does logging in with Lightning Login actually look like for the Users
They’ll start on the basic login page.
That could be one like this asking for a Username and a Password.
Here the User only needs to enter their Username. The password field can be left blank.
Or if they checked the “Remember Me” option, the login page might look like this. Here they just click their Username.
In either of those cases, if Lightning Login has been enabled for that User, they’ll receive a notification on their mobile device.
They simply press on the notification, authenticate into the phone with a thumbprint or a PIN, and then click the [Appove] button. If the org has Two Factor Authentication enabled and required for the User, then they’ll also be asked to re-authenticate their phone by using their thumbprint or PIN a second time.
How do you as an Admin enable/configure Lightning Login?
As I mentioned earlier, Lightning Login is already enabled by default in all Salesforce orgs
You can further lock it down by checking the option for “Allow only for Users with Lightning Login user Permission” on the Session Settings page under Setup.
Finally, how do you or your users enroll in Lightning Login for your org? It’s easy and only takes a couple of minutes ; or maybe a little longer if you need to download the Salesforce Authenticator app
First thing to know: Admins cannot enroll their Users in Lightning Login for them. They must do it themselves.
Step 1: Download and Install the Salesforce Authenticator app from the Google Play or Apple App Store
Step 2: From within Salesforce on a computer, have their User click on their name/icon at the top right of the page and select Settings
Step 3: Click on “Advanced User Details” – DON’T CLICK EDIT
Step 4: Scroll down on the page and click ENROLL next to “Lightning Login”
Depending on the Organizations current security settings, they will be asked to verify their identity.
This might be as simple as entering a verification code sent through email or SMS or it might require them to log in a second time or to use an authenticator token.
Finally, the User will be asked to register their Salesforce Authenticator app. This is EASY, but the User needs to have the app installed.
Don’t forget that this is not the Salesforce1 app (now called the Salesforce Mobile App).
Open the Salesforce Authenticator App on your phone
Click the [New Account] button at the bottom of the screen
A simple two word phrase will be displayed on your mobile device
Now just enter that same phrase onto your computer and click [Connect]
You’ll be asked to approve that connection on your phone by clicking [Connect] and then [Approve]
And that’s it. You’re done. Now you can log in to Salesforce as fast as a bolt of lightning, or something along those lines.