Loading

Login tips and considerations for Salesforce Government Cloud

Udgivelsesdato: Jan 14, 2026
Beskrivelse
Because of additional security features in the Salesforce Government Cloud, users in that environment may not login via the standard domains login.salesforce.com or test.salesforce.com.

This restriction applies to users logging in to the Salesforce user interface with a web browser or Salesforce1, and also via API connections such as Data Loader or third-party integrations.

Instead, users must login via their organization's My Domain or, where supported by their My Domain configuration, the instance-specific URL.

 
 
Login URL TypeSupported in Government Cloud?
General Salesforce login URL
login.salesforce.com
test.salesforce.com
 		Not Supported
Instance-specific URL
e.g. na1.salesforce.com or
cs1.salesforce.com
 		Sometimes Supported* 
MyDomain URL
e.g. MyDomain.my.salesforce.com
 		Always Supported
*Support for the instance-specific URL depends upon how your System Administrator choose to Restrict Where and When Users Can Log In to Salesforce when they set up My Domain.  See Set the My Domain Login Policy.
 
 
NOTE: Because login.salesforce.com and test.salesforce.com are not supported for logging in to Government Cloud, password reset requests submitted through either of these sites do not work for Government Cloud users.

To request a password reset for a Government Cloud user login, please use the password reset function from one of the supported types of Gov Cloud login URLs listed above, or log a case with Salesforce Support.

 
Løsning
1. Login via the organization-specific My Domain URL.

If your Salesforce organization in the Government Cloud is configured with a My Domain, then your login URL looks like this:

https://[MyDomain].my.salesforce.com/

Example: if your organization's system administrator had selected "government" as the My Domain, then your login URL would be:

https://government.my.salesforce.com/


2. Login via the instance-specific URL.

If your system administrator has configured your My Domain settings to permit it, users may also be able to login using the instance-specific URL, which is formatted like this for a production instance:

https://naXX.salesforce.com

...where XX is the number of your salesforce instance, such as NA55 or NA1.

For sandboxes, the login URL is formatted like:

https://csXX.salesforce.com

Likewise, XX is a placeholder for the actual number of your sandbox instance, such as CS35 or CS90.

For scenarios like the OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration , you would need to use the correct My Domain or instance URL for the token endpoint instead of following the default login url provided. However, for the audience value in this OAuth flow, it is not used for the actual login action, so it can remain set as "https://login.salesforce.com".
 

For authorizing an org using OAuth 2.0 with Salesforce DX, you would need to use the correct My Domain or instance URL for the --instanceurl parameter. However, the audience value separately still must be login.salesforce.com (for production) or test.salesforce.com (for sandbox).

To resolve this, before running the "sfdx force:auth:jwt:grant" command, run one of the following commands to manually set the audience depending on if you are connecting to Production or Sandbox:

export SFDX_AUDIENCE_URL=https://login.salesforce.com/

export SFDX_AUDIENCE_URL=https://test.salesforce.com/

For more information, see Authorize an Org Using the JWT-Based Flow

 






 
Vidensartikelnummer

000386092

 
Indlæser
Salesforce Help | Article