Skip to main content
Join the Agentforce Hackathon on Nov. 18-19 to compete for a $20,000 Grand Prize. Sign up now. Terms apply.

Customize Your Login Process with My Domain

Learning Objectives

After completing this module, you’ll be able to:

  • Explain the benefits of My Domain.
  • Detail how My Domain lets you control how users access your Salesforce org.
  • Customize your login page.

Customize Your Salesforce Org URL with My Domain

Ever find yourself wanting to tweak the Salesforce login experience for your users? For example, add your company name to the login URL? Show your logo on the login page? Let your users log in with their Google credentials? My Domain lets you do all this and more.

What Is My Domain?

Let’s review this video to learn more about Salesforce My Domain.

My Domain is like your empire within the Salesforce universe. It’s a Salesforce Identity feature that lets you personalize your Salesforce org with a subdomain (empire) within the Salesforce domain (universe).

How’s that? With My Domain, your users get a nifty, personalized way to access Salesforce. Instead of a meaningless URL that contains your Salesforce instance, such as https://na30.salesforce.com, your login URL looks like https://somethingReallycool.my.salesforce.com where:

  • somethingReallycool equals your My Domain name: your personal subdomain within the Salesforce domain. Typically, it's your company name or whatever drives your brand.
  • my.salesforce.com is the Salesforce domain suffix—domain, for short. With a couple of rare exceptions, My Domain login URLs all belong to this same domain.
Note

Even though technically you’re creating a subdomain, it’s sometimes referred to as creating a My Domain. Also you might see a My Domain referred to as a “custom” domain but “custom” has a specific meaning for Salesforce. Custom domain URLs end with your domain name such as mycompany.com instead of salesforce.com. This subject is for another day.

Having a My Domain isn’t just about convenience and branding an org’s login experience. It's about having more control over your login process and simplifying authentication. In fact, Salesforce requires you to have a My Domain in place to:

  • Work in multiple Salesforce orgs in the same browser.
  • Set up single sign-on (SSO) with third-party identity vendors.
  • Set up authentication providers, such as Google and Facebook, so that your users can log in to your Salesforce org with their social account credentials.
  • Customize your org's login page with your brand.

Because having a My Domain is so important, all orgs get one by default. For production orgs, if a My Domain wasn't specified during creation, your default My Domain is based on your internal Salesforce org ID. If you don't like your org's My Domain name, you can change it. Head over to My Domain in Salesforce Help for the details. 

Set My Domain Policies

The Policies section of the My Domain Setup page gives you more control over how your My Domain is used. 

Let’s imagine this scenario. You’re a Salesforce admin at Jedeye Technologies. You already have a deployed My Domain name: jedeyetech. With this My Domain, your org has a branded login URL, https://jedeyetech.my.salesforce.com, and its Lightning pages all use https://jedeyetech.lightning.force.com/. 

Your chief marketing officer is thrilled that your brand is included in your URLs. She doesn’t want your users to see your org's Salesforce instance in the address bar of their browsers. You want to give your users a short time to update their bookmarks. 

  • From Setup, enter My Domain in the Quick Find box, then select My Domain.
  • Under Routing and Policies, click Edit.

My Domain policies.

  • Login Policy—For another layer of security, you can require that logins to your Salesforce org use your My Domain login URL. There are separate options for user logins and SOAP API logins. 
    • To require that users log in with your My Domain, in production, select Prevent login from https://login.salesforce.com. Or, in a sandbox, select Prevent login from https://test.salesforce.com. When you enable this setting, users also can’t use your instanced URL, such as https://na77.salesforce.com, to log in.
      Leave this option unchecked. We still want users to be able to log in from https://login.salesforce.com.
    • To require that SOAP API logins use your My Domain login URL, in production, select Prevent SOAP API login from https://login.salesforce.com. Or, in a sandbox, select Prevent login from https://test.salesforce.com. When you enable this setting, SOAP API logins also can’t use your instanced URL, such as https://na77.salesforce.com, to log in.
      Also leave this option unchecked.
    • To return to the main My Domain Settings page, click Cancel.

Under Redirections, click Edit.

Redirections page.

  • Redirect Policy—Control what happens when users try to use your org’s instanced URLs instead of your org’s My Domain URLs. For example, when a user visits a bookmark for https://na139.lightning.force.com/lightning/page/home instead of your org’s equivalent My Domain URL, https://jedeyetech.lightning.force.com/lightning/page/home.
    You can choose between three redirect policies. Before we change anything, let’s review the options.
    • Redirect to the same page within the domain—Let users continue to access your org from your instanced Salesforce URLs as well as your branded My Domain URLs. This option might be convenient, but it won’t require your users to access your branded org.
    • Redirect with a warning to the same page within the domain—Remind users to use your My Domain URLs before redirecting them to your org. This can help change user behavior so users transition to the branded URLs. For the Jedeyetech scenario purposes, this sounds like the one we want.
    • Don’t redirect (recommended)—Require users to use your My Domain login URL when accessing your org. There is an expectation with this setting that your users have transitioned to using the new My Domain URLs. If they haven’t, they get an error when they try to use your org's instanced Salesforce URLs.
  • Eventually, you want to force everyone to use Jedeye Tech’s branded My Domain URLs. But for now, you want to give your users some time to update their bookmarks. So select the redirect policy, Redirect with a warning to the same page within the domain.
  • Click Save.

Now when users attempt to access your org using an instanced URL, they receive a message encouraging them to update their bookmarks.

Redirect message encouraging the user to update bookmarks.

This option is good for a few days to help users transition to your org’s My Domain URLs. After that, you can update your My Domain again to use the recommended redirect policy: Don’t redirect.

Note

When you rename your My Domain, Salesforce redirects your previous My Domain URLs to your current My Domain. For example, if you rename your My Domain name from jedeyeInc to jedeyeTech, requests sent to https://jedeyeInc.lightning.force.com are automatically redirected to https://jedeyeTech.lightning.force.com. The My Domain redirect policy has no effect on that redirection. If you don’t want requests to your previous My Domain to be redirected, see Disable or Remove Your Previous My Domain in Salesforce Help.

Customize Your Login Page

You’ve set your My Domain login policies. Now you’re ready to make your login page your own. Brand your login page to help your users recognize your site without having to look at the URL in the browser bar.

You can brand your login page to add a company logo, change the background, and replace the right side with your own picture or message. This area is useful for making announcements that you want users to see as they log in.

Custom login page.

  1. If you’re not looking at the My Domain page, from Setup, enter My Domain in the Quick Find box, then select My Domain.

Under Authentication Configuration, click Edit.

My Domain authentication configuration options.

  1. Don’t change Login Page Type. This option comes into play when you want to change how users log in. For now, you’re staying with the standard username and password.
  2. For Logo File, upload an image of your company logo. The logo appears at the top left of the login page. Images can be .jpg, .gif, or .png files up to 100 KB. The maximum image size is 250-by-125 pixels wide.
  3. For Background Color, change the background color of your login page—either enter a hexadecimal color code or click the color picker Select a color from color picker.
  4. To update the content of the right side of the login page, specify a Right Frame URL. The content is designed to resize to fill about half of the page. In your production org, you enter the URL of a file that’s hosted at a URL using SSL encryption and has the https:// prefix. For now, you can enter the URL for a stock photo from Lorem Picsum.
  5. Leave the authentication methods alone. Don’t select the options to use the native browser for user authentication on iOS or Android. These options support authentication methods such as delegated authentication to certificate-based authentication for users of Salesforce and Mobile SDK applications on mobile devices. To learn more, see the Mobile SDK Development Guide. These options have no effect on the branding of our org’s login page, though, so we won’t change them.
  6. Click Save.
  7. Log out and try to log in again. You’re greeted with your new login page.

Sample login page.

You’re Done!

Congratulations, admin! You’ve set your My Domain redirect policy, and you’ve tailored your login page to reflect your company’s branding. Your chief marketing officer is pleased that your Salesforce org reflects your brand.

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback