I like magic. I don’t believe in it, but I like it! There’s something thrilling about watching a magic trick that just gets me all excited. That’s how I felt after enabling Lightning Login for my developer org. Logging into my org with a fingerprint is pretty cool, and magic or not, users will think it’s pretty slick!
Securing your Salesforce org should be a high priority for any Salesforce Administrator. The type of information housed in Salesforce, for some industries, is highly regulated and requires certain session securities. Any IT organization knows that the data is only as secure as you leads secure user. And, while password policies, IP login restrictions and other tools are important, users will always be careless and choose the path of least resistance.
One of the least secure access points is a user’s password. In 2017, the top 5 most used passwords were:
Yes, these are real passwords that people are using and what’s even more shocking is that 3 of the top 5 are variations of the same number sequence! Ouch!
Complex passwords are essential but create an additional barrier of entry for users. That’s where the Lightning Login feature comes into play. This system access tool has been around for a while now, but I’ve never seen it implemented in an organization, and I hadn’t used it myself until recently. Lightning Login allows users to login to Salesforce using their phone’s fingerprint scanner – and it’s AWESOME!
Here’s how to set it up.
Enable Lightning Login for Users
To begin, you’ll need to enable Lightning Login for your org. In my case, the feature was already enabled for my developer org. To validate this setting, navigate to Setup | Security | Session Settings. Or, you can type Session into the Quick Find box.
In the Session Settings panel, ensure that Lightning Login is enabled. If desired, check the second box to determine who has access to Lightning Login. Selecting the second checkbox will require a permission set to be created and assigned. The permission to assign is a system permission called Lightning Login User.
Once validated, you can also determine if Lightning Login should be a High Assurance security level for your org by updating Lightning Login in the Session Security Levels section.
User Self Enrollment & Setup
Lightning Login requires setup on the Admin side, but requires users to enroll in the functionality. Once the functionality has been made available, the user follows a few simple steps to activate Lightning Login. Here are the steps the user will need to take.
Now that your users have enrolled and are setup to use Lightning Login, the experience will be seamless for future logins! However, there are a few important items for the user to do in order to fully complete the setup.
Once the user accepts the login via the Authenticator app, they are automatically granted access to Salesforce. SO. COOL!
Here is what the login flow looks like in motion thanks to this wonderful gif image! Unfortunately you can’t see the taps or clicks, but you can see the process in real time!
There are a few considerations to be aware of with Lightning Login. Here are few of the key considerations.
- If a user is logging in from an unrecognized browser or device, they will need to provide their username and password along with the typical verification code.
- Users leveraging Appel’s Safari browser need to make some browser settings. Specifically, change the Cookies and Website Data option in the browser from Allow from websites I visit to Always allow.
- Lightning Login satisfies the second verification method if 2-factor authentication is setup for your organization.
You can find all of the information for setting up Lightning Login, instructing users on how to set it up and use it, and how to disconnect Lightning Login here on Help & Training.
Have you setup Lightning Login for your organization? What kind of feedback have you heard from users? Leave a comment!
Don't be an average Admin.
Become an Admin Hero!
Transform yourself and join the Heroes Journey! Subscribe to Admin Hero and you'll get every post and some very occasional subscriber only content delivered right to your inbox.
What are you waiting for?