Loading

Password Reset Stuck in a Loop for Experience Cloud Site User

Publiseringsdato: May 4, 2026
Beskrivelse

Experience Cloud site users may experience a password reset loop in which, after clicking the password reset link received via email, they are redirected back to the password reset request page instead of the change password page.
This issue is typically caused by third-party email security software — such as Barracuda, Trend Micro, GreatHorn, or MimeCast — that automatically scans URLs in incoming emails to verify they are not malicious. When this scan occurs, the software follows the one-time password reset link, consuming the token before the actual user can click it. As a result, when the user clicks the link, the token has already been used and the reset cannot proceed.

Løsning

The root cause of this issue is third-party email security software consuming the one-time password reset token before the user clicks the link. The resolution is to enable the Don't immediately expire links in forgot password emails permission on the affected user's profile. This allows the reset link to remain valid even after it has been accessed by security scanning software.
Work with your Salesforce Admin to enable this setting using the appropriate steps below.
Enhanced Profile User Interface

  1. Go to Setup
  2. Enter Profiles in the Quick Find box and click Profiles
  3. Click on the affected experience profile
  4. Click Password Policies
  5. Click Edit
  6. Select Don't immediately expire links in forgot password emails
  7. Click Save

Disabled Enhanced Profile User Interface

  1. Go to Setup
  2. Enter Profiles in the Quick Find box and click Profiles
  3. Edit the desired experience profile
  4. Scroll down to the Password Policies section
  5. Select Don't immediately expire links in forgot password emails
  6. Click Save
Knowledge-artikkelnummer

000381402

 
Laster
Salesforce Help | Article