Skip to content

Flow Name: Update User Email and Username

Last Updated: 2025-07-28 Source Code: Update_User_Email_and_Username.flow-meta.xml

API Name: Update_User_Email_and_Username Status: Active Type: Custom Trigger: Platform Event (Update_User_Username__e)

Business Purpose

Synchronizes User email and username when Account email changes via platform event, and triggers password reset for customer portal users to maintain security when credentials are updated.

Process Flow

  1. Triggered by Update_User_Username__e platform event containing:
  2. AccountID__c (Account whose User needs updating)
  3. UpdatedEmail__c (New email address)

  4. isCustomerUser__c (Whether user is customer portal user)

  5. Retrieves User record by AccountId

  6. Validates User was found
  7. Updates User fields:
  8. Email = UpdatedEmail__c
  9. Username = UpdatedEmail__c
  10. Saves User record
  11. If isCustomerUser__c = true:
  12. Calls SendResetPasswordEmailFlowHandler apex class
  13. Sends password reset email to updated email address
📊 Click to view Process Flow Diagram 
flowchart TD
    Start([Start: Update_User_Username__e<br/>Platform Event]) --> GetUser[Get User Record:<br/>By AccountID__c]

    GetUser --> CheckUser{User Found?}
    CheckUser -->|No| End([End])
    CheckUser -->|Yes| Assign[Assign New Values:<br/>• Email = UpdatedEmail__c<br/>• Username = UpdatedEmail__c]

    Assign --> Update[Update User Record]

    Update --> CheckCustomer{isCustomerUser<br/>= true?}
    CheckCustomer -->|Yes| ResetPassword[Call Apex:<br/>SendResetPasswordEmailFlowHandler<br/>Send password reset email]
    CheckCustomer -->|No| End

    ResetPassword --> End

    style Start fill:#e1f5ff
    style GetUser fill:#f0e1ff
    style CheckUser fill:#fff4e1
    style CheckCustomer fill:#fff4e1
    style Assign fill:#e1ffe1
    style Update fill:#ffe1e1
    style ResetPassword fill:#ffe1e1
    style End fill:#e1f5ff

Key Business Rules

  • Email and Username are set to the same value from platform event
  • Only customer portal users receive automatic password reset
  • Runs with TriggeringUser context for permissions
  • Platform event pattern allows async processing and decoupling
  • No validation that email format is valid or unique

Dependencies

  • Objects: User (standard)
  • Platform Event: Update_User_Username__e
  • Event Fields: AccountID__c, UpdatedEmail__c, isCustomerUser__c
  • Apex Classes: SendResetPasswordEmailFlowHandler
  • Related Flows: Update_User_Name_fields_when_the_Account_Name_fields_are_updated (publishes this event)

Changes

No Pull Request references found in metadata.

⚠️ Pre-Go-Live Concerns

CRITICAL - Fix Before Go-Live

  • Username Uniqueness: Doesn't validate username is unique - could cause failure if UpdatedEmail__c matches existing username
  • Email Validation: No format validation on email address before assignment
  • Missing Error Handling: No fault paths - failures will be silent
  • Security Risk: Changing username without additional verification could enable account takeover

HIGH - Address Soon After Go-Live

  • Password Reset Failure: If SendResetPasswordEmailFlowHandler fails, user has new email but no way to log in
  • No Notification: Internal users (isCustomerUser = false) aren't notified of email/username change
  • Audit Trail: No logging of who triggered the change or when

MEDIUM - Future Enhancement

  • Email Verification: Consider requiring email verification before completing username change
  • Confirmation Required: Add confirmation step before changing username
  • Error Notifications: Alert admins when User update fails
  • Username History: Track previous usernames for security auditing

LOW - Monitor

  • Platform Event Delivery: Monitor for event delivery failures
  • Password Reset Emails: Verify password reset emails are delivered successfully
  • Username Conflicts: Watch for errors related to duplicate usernames

Maintenance Notes

Complexity: Medium - Platform event handling with apex callout Review Schedule: Review when authentication or user management processes change Security Sensitive: Changes authentication credentials - require security review for modifications Runs As: TriggeringUser - ensure proper permissions for User updates Async Pattern: Platform event provides decoupling but makes error handling more complex Paired Flow: Works with Update_User_Name_fields_when_the_Account_Name_fields_are_updated Critical Security: Username changes affect login - test thoroughly in sandbox