Start tracking your progress
Trailhead Home
Trailhead Home

Explore Mobile-First Identity

Learning Objectives

After completing this module, you’ll be able to:
  • Define mobile-first identity.
  • Explain the difference between login discovery and passwordless login.
  • Understand the difference between identification and verification.
  • List passwordless login verification methods.
  • Know that a Salesforce add-on license is required for SMS verification.

A Mobile-First World

In today’s world, entire markets and demographics—think China and millennials—not only prefer mobile interactions, they use mobile devices exclusively. Young people live in mobile apps and don't often use desktop browsers. They tend to identify themselves through their social apps like Facebook or WhatsApp rather than using email addresses.

The latest stats (2018 State of the Connected Customer) show that at least 82% of customers prefer to engage with brands through mobile devices. This is no longer an emerging or noisy user group, this is the majority of your potential customer base.

82% customers prefer mobile

Mobile-First Identity

If your app isn’t designed for mobile interaction, you're missing a huge opportunity. And mobile interaction starts with your login experience.

Think about your own login experience. How many times have you tried to sign up for an app from your phone and the process was just too long to complete? Do you groan when asked to create a username to shop? Do you just abandon the app when you're asked for your mother's maiden name yet again?

How about when you want to get to a site quickly, but your password doesn't work? Admit it. When you have to reset your password, that's the end of your interaction. You're not alone. According to recent research: (https://swoopnow.com/passwordless-login), 75% of users quit after a password reset. 30% of online customers abandon their shopping carts if required to register with a password.

Imagine how many of your customers face the same frustrations. Imagine how much business you're leaving on the table.

Enter Salesforce mobile-first identity where:

  • You don't have to require customers to enter a password to interact with your community.
  • Your customers can get to you anytime, anywhere, and from any device or desktop.

Mobile-Ready Login Experience in Action

So what does a mobile-first login experience look like?

Video about mobile-first identity
To see it in action, watch this video, A Mobile-First World Requires Mobile-First Login (5:42).

Salesforce’s Mobile-First Identity Login Experience

Salesforce Mobile-First Identity simplifies the login experience for your customers. When we say login experience, we're referring to all aspects of identity verification and authentication: from sign-up, to log in, to handling identity verification, to resetting passwords, to logging out.

While this login experience is available for desktop and mobile devices, it's designed first with mobile in mind. Login access on mobile devices is effortless.

Take email verification. Your users can enter their password and immediately get an email message with a verification code that they enter to access the app. It's not a link to a desktop app that requires another login attempt. This extra step might not sound like much, but it's enough to rule out a hefty percentage of potential business. SMS verification is even faster. When users enter their phone number at the login page, they immediately get a verification code without leaving the app.

This feature allows you to protect your apps with authorized access with little effort from you. How little effort? With a few clicks, Salesforce handles your sign-up and login process. It performs the behind-the-scenes work to authenticate users for the initial and future logins.

All this is accomplished instantaneously. The login experience so simple for your customers that it can easily be done on the run, leading to fewer shopping carts abandoned, and fewer frustrated customers seeking support.

Available on All External User Licenses

Mobile-first Identity comes with all Salesforce external user licenses. This module shows you how to turn it on. If you haven’t already taken advantage of what Salesforce offers for customer engagement, you can purchase one of these external user licenses:
  • External Identity
  • Customer Community
  • Customer Community Plus
  • Partner Community
  • Lightning External Apps
  • Lightning External Apps Plus
When we talk about external users in this module, we're referring to users with any of these licenses.

Add-On License for SMS

Mobile-first identity comes with email verification for free. You can also offer mobile verification via text message for an extra cost.

SMS messaging requires a Salesforce add-on license for Identity Verification Credits. Purchasing the credits gives your org a predetermined number of SMS messages for mobile identity verification. To evaluate the SMS option, contact your Salesforce account representative.

In Production orgs, you can see if your org has purchased SMS credits on the Company Information Setup page under Usage-based Entitlements.

Identity Verification Message Credits appear under Usage-Based Entitlements on Company Information page in Setup

Before you set up mobile-first identity, let’s get familiar with some underlying concepts.

Passwordless Login

What does this mobile-identity feature give you? First, it gives you passwordless login. Customers don't need to remember another password to access your app, and you don't have to maintain passwords for your customers. Here's the process for verifying users identity via passwordless login.

  1. Salesforce prompts users for their email address or phone number on your community’s login page.
  2. Users enter their email address or phone number on the login page.
  3. Salesforce sends users a unique verification code to the specified Inbox or phone number.
  4. Users enter the verification code on the Salesforce Verify page.
  5. Salesforce validates that the code is correct, and that the email or phone number exists and belongs to your org.
  6. Users are logged in.

Passwordless Login Versus Login Discovery

As we've already said, you can set up a mobile-first sign-up and login experience in a few clicks. It's available in Community Workspaces where you manage your community. You choose the Login Discovery Page type from your community's Workspaces Login & Registration page. Salesforce performs the necessary backend work to verify users' identity with their email address or phone number.

Why is the page type called Login Discovery? Login Discovery doesn’t know how to verify the user until it determines—discovers—how the user is identified. Think of Login Discovery as a two-step process.

First step: Determine the identity of the user, which can be by username, email address, phone number, or a custom identifier that you define.

Login Discovery First Step: Get the identifier that the user supplied at the login prompt

Second step: Challenge users to verify their identity. Users then prove that they are who they say they are.

Login Discovery Second Step: Ask users to verify their identity

They can be asked to verify their identity by a passwordless method such as:

  • A verification code sent via email or SMS
  • Their social network credentials
  • Salesforce Authenticator
  • A one-time temporary passcode (TOTP)
  • A physical device like a yubikey

Passwordless login methods

Or users can be required to enter their password. In other words, Login Discovery supports both password and passwordless login.

How you challenge users is completely independent of the identifier. For example, users can be asked to identify themselves with a phone number, but to verify their identity, they might be:

  • Required to enter a verification code received in a text or email message
  • Required to enter their password
  • Redirected to Facebook (or another social network) for social sign-on

Configurable Self-Registration

Mobile-first users like a quick sign-up process. To attract more people to your site, keep sign-up brief.

With Salesforce Mobile-First Identity, you can choose how much—or how little—user information to collect when users sign up. Ask for the basics initially, and get more information in future logins.

Customizations with a Few Lines of Code

Salesforce Mobile-First Identity gives you a simple, clicks-not-code way to set up your mobile-first login experience. But with a few lines a code, you can customize it to address more of your login needs, like allowing users to log in with through their social network account. By default, users can log in with their email address or phone number. You can customize login to use another unique identifier, like an account number or license plate.

We show you how easy it is to customize the Apex code in a later unit. But first, let's see how easy it is to set up a mobile-first login experience.

retargeting