Create an Identity-First Login Page with My Domain Login Discovery

Configure My Domain with Login Discovery to simplify the login process for users. This login process is sometimes called interview-based or identity-first login. Instead of requiring users to login with a username and password, My Domain Login Discovery page prompts them to enter a unique identifier such as an email address or phone number. Then users are prompted to authenticate based on the identifier they supply. If they’re configured for SSO, they don’t even have to choose. My Domain Login Discovery sends them directly to the identity provider (IdP) login page to authenticate.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.

Why: Login Discovery simplifies various authentication scenarios, including multiple login options and multiple IdPs. Often, customers get a login page where they can enter their credentials or click an SSO button. Some customers might not notice the SSO button or know what it’s for. Here’s an example of a login page with multiple login options.

Login page with multiple login options

Here’s an example of a My Domain Login Discovery page. It has one option for users to enter an identifier. Login Discovery then either displays a Salesforce password page, or redirects them to an identity provider login page.

My Domain Login Discovery Page

How: To implement Login Discovery for My Domain, create a handler in Apex and then reference the handler from the My Domain Setup page. The Apex class implements the MyDomainLoginDiscoveryHandler interface. Then, from Setup, enter My Domain, and select My Domain. Under Authentication Configuration, click Edit. For the login page type, select Discovery. For your login prompt, enter text or a custom label. Then choose the Apex handler you created.