Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Redirect Users to Secure URLs

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Redirect Users to Secure URLs

            When you set up single sign-on (SSO) with an authentication provider, use protected URL redirect parameters to redirect users to *.force.com pages and prevent malicious redirects.

            Required Editions

            Available in: Lightning Experience and Salesforce Classic
            Available in: Enterprise, Performance, Unlimited, and Developer Editions

            Add protected URL redirect parameters to your SSO client configuration URLs. For example, you set up a Google authentication provider and configure SSO for your Salesforce org. You want to redirect users to a page in your org that confirms successful login, so you add the startURL parameter to your SSO client configuration URL. A user logs in to your org and is redirected to Google to provide credentials. Then they’re redirected to the login confirmation page in your org.

            The URL redirect parameters are not case-sensitive. For example, both retURL and returl redirect users after they click the Back button.

            Protected URL Redirect Parameters
            Parameter Usage
            startURL Redirect users after authenticating
            retURL Redirect users when they click the Back button
            saveURL Redirect users when they click the Save button
            cancelURL Redirect users when they click the Cancel button

            For the startURL parameter, you must use a relative URL. If you use an absolute URL, you get an error. If you don’t add startURL, Salesforce sends the user to /home/home.jsp for a standard application or portal, or to the default sites page for a site.

            For the Single Sign-On Initialization URL, startURLsends users to the location you specified after they log in. The Continue to Salesforce link on the confirmation page leads to the Existing User Linking URL.

            Example
            Example

            Here are two examples of protected URL redirect parameters added to the Single Sign-On Initialization URL, where:

            • orgID is your Authentication Provider ID.
            • URLsuffix is the value you specified when you defined the authentication provider.

            Here’s the startURL parameter added to the SSO Initialization URL: 

            https://login.salesforce.com/services/auth/sso/orgID/URLsuffix?startURL=%2F005x00000000001

            Here’s the cancelURL parameter added to the SSO Initialization URL: 

            https://login.salesforce.com/services/auth/sso/orgID/URLsuffix?cancelURL=%2Fapex%2FCancelApproval
             
            Loading
            Salesforce Help | Article