Obvious, right? Go to login page, enter name and password and you are done.
At the same time I would say this is THE area which separate small implementations from the bigger one. What is possible, what we need to do?
Name and password
Single Sign-On (or Social Sign-On)
For this one and most of the following you need to have My Domain (see previous tip). When you setup all the different networks you can use for login you return to My Domain configuration and select which one should be available to users.
If you take the easy approach, Salesforce has already support for Google, Facebook, LinkedIn, Twitter and a few more. Go to the Auth. Providers section in the setup, select the right network and fill-in just the name.
As a second step users need to link their Salesforce account to the social account – just send them the link you will get when you save the provider. Or you can update the registration handler of the provider and it can do it for them, example available here. As a final step you can ask support do enable you a Delegated Authentication setting, which ultimately means that you can force users to use their social login (you just enable the Is Single Sign-On User permission).
And this thing brings a lot of great questions like who will create users, will they be auto created during first login (JIT provisioning) or you will sync their accounts with your internal system (for Active Directory you can use the Identity Connect) and much more.
Just imagine to login without entering password. That’s it, just install the right app on your mobile phone, enter your login name on login page and just confirm it on your mobile phone. Done.
This feature come in Winter ’17 and it works in Classic as well. The setting is pretty easy, see Johan’s article.
Salesforce Authenticator or 2FA
Two factor authentication (2FA) is now-a-days recommended everywhere and if your system doesn’t support it, it looks strange. Salesforce has an application called Salesforce Authenticator, which you can install on your mobile phone, connect with your account and you are done. This feature works with all previous variants, just doesn’t make sense with Lightning Login. The application can remember your secure locations and automatically login you when your phone is there.
Almost the same variant as before, for this one you can use any 2FA application such as Google Authenticator. You can connect it with your accoutn on the same page, you just don’t have the benefit of auto-login from known location.
Only for Community Cloud users, new from Summer ’18. Instead of username and password the user enters what he knows – email address or phone number. Then he will get onetime code which he enters and is logged-in.
Implementation needs a bit of development, but nothing major.
One of the newest addition (Spring ’19), also the „highest“ level of security, when even banks use it.
Just enable it in setup, upload certificates for users and add this way to login page.
Which way do you use?
Did you learn something new? Did you decide to enable something new? Which way do you use? Your users might hate you for 2FA (unless you use the secure location setting as well), there might be no difference when using SSO (as they use remembered password in browser), but your security will thank you.
Think about it and make sure that your instance is secure!