Skip to content
Three Levers symbol Three Levers ← threelevers.com

Flow creation

Use this guide when creating a Screen Flow that will run inside FlowIframeEmbed on a public Salesforce Site.

1) Create the flow

Section titled “1) Create the flow”
  1. Go to Setup -> Flows.
  2. Click New Flow.
  3. Choose Screen Flow.
  4. Build screens, decisions, and actions for your process.

2) Configure runtime behavior (required)

Section titled “2) Configure runtime behavior (required)”

In flow settings, set:

  • How to Run the Flow: System Context Without Sharing-Access All Data

This is required for most public-site deployments where guest users must complete steps that fail under restricted sharing.

3) Create input variables for URL parameters

Section titled “3) Create input variables for URL parameters”

If parent page passes params via inputVars, add matching flow variables:

  1. In Manager, click New Resource.
  2. Resource Type: Variable.
  3. Data Type: Text.
  4. Check Available for input.
  5. API Name must exactly match incoming parameter name (case-sensitive), for example:
    • recordId
    • source
    • campaignId

If names don’t match exactly, values won’t arrive in the flow.

4) Add defensive validation

Section titled “4) Add defensive validation”

Because iframe query params are user-controlled, validate incoming values before using them:

  • Check required values before DML or queries.
  • Constrain formats (for example record-id length/pattern).
  • Route invalid input to a friendly error screen.

5) Fault handling and user messaging

Section titled “5) Fault handling and user messaging”

Add Fault connectors for actions that can fail (Apex, DML, callouts):

  • Show user-safe fallback message.
  • Avoid exposing internal exception details.
  • Optionally log a support reference id.

6) Activate and reference the correct name

Section titled “6) Activate and reference the correct name”
  1. Save and Activate the flow.
  2. Use flow API Developer Name in iframe URL flow parameter:
https://your-domain.force.com/site-prefix/FlowIframeEmbed?flow=Check_In_Dispatch

Do not use flow label.

7) Test as a guest-user path

Section titled “7) Test as a guest-user path”

Before go-live:

  • Load full Site URL as unauthenticated user.
  • Confirm flow starts, accepts inputs, and reaches FINISHED.
  • Confirm endUrl redirect (if used).
  • Confirm guest permissions for all possible paths.

Quick checklist

Section titled “Quick checklist”
  • Screen Flow created and activated.
  • Runtime set to System Context Without Sharing-Access All Data.
  • Input vars are Text and Available for input.
  • Variable API names match inputVars entries exactly.
  • Fault paths implemented.
  • Guest-user end-to-end test passed.
Section titled “Related docs”