Loading

"Verify Account" Link in New User Welcome Email is Redirected to Login Page

Veröffentlichungsdatum: Jul 21, 2023
Beschreibung
If new Salesforce users have email accounts hosted on Microsoft Office365 with Safe Links protection enabled, then the "Verify Account" URLs will be rewritten similar to below.

https://ind01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flogin.salesforce.com%<xxxx...>

Since this Verify Account URL is only a onetime accessible link and Microsoft already accessed this to rewrite as per the Safe Links policy, the link will be expired immediately before reaching the user's mailbox and when the user tries to set the password they will not be redirected to the "Change your password" page, instead it will be redirected to standard login page (sometimes with an invalid username and password error).

The only resolution available for this issue is to add the Salesforce domain within the Safe links policy to the Allow List.
Lösung

Important Prerequisites to check before following the instructions: 
1. To make sure the new Salesforce user impacted by this issue, copy the "Verify Account" URL from the user's mailbox and verify it is written as mentioned above.
2. The below instructions need to be performed by a Microsoft Office365 Admin and we recommend thorough analysis before implementation and reach out Microsoft Support if necessary.

Resolution:

  1. Launch https://security.microsoft.com/safelinksv2 with Office365 admin credentials.
  2. Follow the steps in the Microsoft document to edit the appropriate Safe links policy under Policies & rules in the Defender Admin Center.
  3. Add either of the below Salesforce domain urls in the Protection settings, under "Do not rewrite the following URLs" section:
    1. https://login.salesforce.com/*
    2. https://*.salesforce.com/* 
  4. Save the changes.
  5. Now create a new user in Salesforce and verify whether the "Verify Account" URL reached user's mailbox without rewrite by Safe links policy and able to set the password.


Note:
1. If the same issue occurs while creating new Communities user, create an allow list communities domain URLs.
2. These instructions will apply for New User creation emails only but not Password Reset emails for existing users.

Refer below Microsoft documentation for more details on Safe Links policy:
Set up Safe Links policies in Microsoft Defender for Office 365

Nummer des Knowledge-Artikels

000390160

 
Laden
Salesforce Help | Article