My Domain Login History when using SSO
|Knowledge Article Number||000188021|
|Description||Prior to Winter '14, it was possible to have My Domain configured with SSO while not having the correct My Domain URL be used in a user's login history. If an Identity Provider Login URL is specified under Setup > Single Sign-On Settings, then the My Domain URL wouldn't be used under a user's login history. This was due to the auto-generated Salesforce login URL that would typically take on the form of login.salesforce.com or test.salesforce.com -- depending on the instance. As of Winter '14, a My Domain URL can be logged in a user's login history.|
|Resolution||If you wish to have your users log in with the company's My Domain URL, you must enable the new Winter '14 feature: multiple SAML configurations. Here is a summary of the functionality within the release notes (page 232): https://help.salesforce.com/help/pdfs/en/salesforce_winter14_release_notes.pdf
Under Security > Single Sign-On Settings > Enable Multiple configs, you will be permitted to allow multiple configs. (Note you should carefully observe the configuration changes, as there are differences in the SAML assertion after changing this setting.) You'll also be notified that enabling this will change the generic login.salesforce.com (or test.salesforce.com for non-production orgs) to their My Domain-specific URLs. This will impact the login history URL. Once you correctly configure your organization for these new SAML settings and accept the changes, users logging in directly from the My Domain URL will have the respective URL in their history and not the generic login URL.