Salesforce Password Reset Link Redirects to Login Page

The following steps resolve scenarios where a Salesforce password reset link redirects to the login page due to browser cache issues, link expiration by security software, or password policy configuration. 

1. Perform clearing of cache and cookies within the browser being used.

• 'Clear cache & cookies' on the Google Account Support Site
• 'How to clear the Firefox cache' on the Mozilla Support Site
• 'View and delete browser history in Microsoft Edge' on the Microsoft Support Site
• 'Delete and manage cookies' for Internet Explorer on the Microsoft Support Site

2. Have the user copy the link from the Password Reset email and paste it manually into the browser to see if this initiates the password reset screen. 
3. Verify with your IT team if there is any security software in place that might cause links to expire. If so, you may need to work with your IT team to bypass/disable this feature. 
4. Check password policies on the profile and make sure that the 'Don't immediately expire links in forgot password emails' policy setting is enabled.
5. A newly available work around, as of Summer '25, is Password Reset Links Stay Valid After Multiple Clicks. The setting can be configured by taking this path:
   
   Setup > Identity > Identity Verification > 'Display a confirmation page during password reset'
   
   With this feature, the link remains valid for 24 hours even when clicked or scanned. This is achieved by adding an extra step to the password reset process where a user must confirm that they want to reset their password before moving on to the next step. This prevents the link from being invalidated by email security tools or accidental clicks.

Single Sign On (SSO) Note:

This may also trigger SSO login flow. This is likely due to the persistent cookies, ssostartpage and saml_request_id, that are set on the customer’s domain after performing a successful SP-initiated SSO login.  This is causing the password verification/reset link to be misidentified as a login request.