Loading
Feature Degradation | Agentforce Voice Read More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Update Service Provider Endpoints After a Login or Site URL Change

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Update Service Provider Endpoints After a Login or Site URL Change

            When Salesforce acts as an Identity Provider, users can log in to the external service provider or relying party with credentials from your Salesforce org. For example, your users log in to a custom app with their Salesforce credentials or their Experience Cloud site credentials. When your My Domain or site login URL changes, authentication methods that rely on that URL stop working. To restore this authentication method for your users, share the updated endpoints with the third-party service providers.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: Group, Essentials, Professional, Enterprise, Performance, Unlimited, and Developer Editions
            Important
            Important Before you deploy a change that updates your login URL or you update your authentication settings, make sure that you can access Salesforce after the change. Double-check that at least one admin can log in without authentication features such as SSO, built-in authenticators, or security keys. For more information, see Preserve Login Access During a My Domain Login URL Change.

            After you deploy the change that updates your My Domain login URL, work with your Identity Provider (IdP) to update your IdP configuration with the new authentication values.

            These steps also apply after your Experience Cloud site URL or Salesforce Site URL changes, but only if you use the system-managed site URL to authenticate. System-managed site URLs end in *.my.site.com for Experience Cloud sites and *.my.salesforce-sites.com for Salesforce Sites. If you authenticate via a custom domain such as https://www.example.com that serves your Experience Cloud site or Salesforce Site, then your SSO configuration is unaffected.

            1. After you deploy the My Domain change that updates your login or site URL, validate your configuration with the /.well-known/auth-configuration endpoint path.
              For example, if your My Domain login URL is https://mycompany.my.salesforce.com, visit https://mycompany.my.salesforce.com/.well-known/auth-configuration. And if your site URL is https://mycompany.my.site.com, visit https://mycompany.my.site.com/.well-known/auth-configuration.
              Tip
              Tip Some service providers and relying parties can use this URL to import the required settings.
            2. For each service provider that relies on Salesforce as an Identity Provider, determine whether the connected app uses SAML, OpenID Connect, or OAuth.
            3. If the connected app is integrated with SAML, work with the relying party to update these fields.
              • Issuer URL
              • Well-known metadata endpoints
            4. If the connected app is integrated with OpenID Connect or OAuth, work with the service provider or relying party to update these fields.
              • OAuth endpoints
              • Audience for JWT Bearer flow
            5. After the service provider or relying party updates the required fields, verify the authentication method by accessing the app with the corresponding Salesforce credentials.

            See Also

             
            Loading
            Salesforce Help | Article