I like magic. I don’t believe in it, but I like it! There’s something thrilling about watching a magic trick that just gets me all excited. That’s how I felt after enabling Lightning Login for my developer org. Logging into my org with a fingerprint is pretty cool, and magic or not, users will think it’s pretty slick!

Securing your Salesforce org should be a high priority for any Salesforce Administrator. The type of information housed in Salesforce, for some industries, is highly regulated and requires certain session securities. Any IT organization knows that the data is only as secure as you leads secure user. And, while password policies, IP login restrictions and other tools are important, users will always be careless and choose the path of least resistance.

One of the least secure access points is a user’s password. In 2017, the top 5 most used passwords were:

  • 123456
  • Password
  • 12345678
  • qwerty
  • 12345

Yes, these are real passwords that people are using and what’s even more shocking is that 3 of the top 5 are variations of the same number sequence! Ouch!

Complex passwords are essential but create an additional barrier of entry for users. That’s where the Lightning Login feature comes into play. This system access tool has been around for a while now, but I’ve never seen it implemented in an organization, and I hadn’t used it myself until recently. Lightning Login allows users to login to Salesforce using their phone’s fingerprint scanner – and it’s AWESOME!

Here’s how to set it up.

Enable Lightning Login for Users

To begin, you’ll need to enable Lightning Login for your org. In my case, the feature was already enabled for my developer org. To validate this setting, navigate to Setup | Security | Session Settings. Or, you can type Session into the Quick Find box.

In the Session Settings panel, ensure that Lightning Login is enabled. If desired, check the second box to determine who has access to Lightning Login. Selecting the second checkbox will require a permission set to be created and assigned. The permission to assign is a system permission called Lightning Login User.

Once validated, you can also determine if Lightning Login should be a High Assurance security level for your org by updating Lightning Login in the Session Security Levels section.

User Self Enrollment & Setup

Lightning Login requires setup on the Admin side, but requires users to enroll in the functionality. Once the functionality has been made available, the user follows a few simple steps to activate Lightning Login. Here are the steps the user will need to take.

Download the Salesforce Authenticator App

Click Enroll on the Advanced User Details Page Lightning Login

Approve the Use of Lightning Login

Confirm Your Identity Lightning Login

Connect the Salesforce Authenticator App to your Salesforce Account Lightning Login

Confirm Connection on Your Mobile Device Lightning Login

Confirm Enrollment in Lightning Login

Confirmation on Desktop & Verification on Mobile Lightning Login

After Opening the Message, Tap Approve to Login to Salesforce Lightning Login

Authenticate Lightning Login

Now that your users have enrolled and are setup to use Lightning Login, the experience will be seamless for future logins! However, there are a few important items for the user to do in order to fully complete the setup.

Select Remember Me on the Login Page Lightning Login

Select the Username with the Lightning Bolt on Sign In Lightning Login

Confirm Identity via the Salesforce Authenticator App Lightning Login

Once the user accepts the login via the Authenticator app, they are automatically granted access to Salesforce. SO. COOL!

Here is what the login flow looks like in motion thanks to this wonderful gif image! Unfortunately you can’t see the taps or clicks, but you can see the process in real time!


There are a few considerations to be aware of with Lightning Login. Here are few of the key considerations.

  • If a user is logging in from an unrecognized browser or device, they will need to provide their username and password along with the typical verification code.
  • Users leveraging Appel’s Safari browser need to make some browser settings. Specifically, change the Cookies and Website Data option in the browser from Allow from websites I visit to Always allow.
  • Lightning Login satisfies the second verification method if 2-factor authentication is setup for your organization.

You can find all of the information for setting up Lightning Login, instructing users on how to set it up and use it, and how to disconnect Lightning Login here on Help & Training.

Have you setup Lightning Login for your organization? What kind of feedback have you heard from users? Leave a comment!

6 thoughts on “ Eliminating Salesforce Passwords with Lightning Login ”

  1. Thanks for the article. I think one of the gems is that once you set this up, it makes accessing Trailhead, communities etc much easier and seamless.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.