Loading

Salesforce Mobile Apps "Use Native Browser for Authentication" Troubleshooting Guide

Udgivelsesdato: Jan 29, 2026
Beskrivelse

Starting in the 230.000 Salesforce App, some customers using specific authentication configurations have seen a change in login behavior and may notice users landing on mobileauth.salesforce.com URL login page or AFTER 232.020 release, a page showing CONTINUE TO APP.

Customers utilizing 'Defer to native browser' configuration can see this behavior if they have additional security measures in place i.e. MDM, VPN, network/cloud-based security. [located on the bottom of Setup | My Domain page ]

Please see:

https://developer.salesforce.com/docs/atlas.en-us.mobile_sdk.meta/mobile_sdk/oauth_mdm.htm

or Advanced Authentication:

https://developer.salesforce.com/docs/atlas.en-us.mobile_sdk.meta/mobile_sdk/auth_advanced_using.htm

 

This login behavior is likely related to the newly supported Android App Links ( https://developer.android.com/training/app-links ) and iOS Universal Links

( https://developer.apple.com/ios/universal-links/ ) functionality that make deep linking into the Salesforce App more secure.  

Salesforce also suggest allowing the Apple CDN address:
https://app-site-association.cdn-apple.com/ 

Løsning

Troubleshooting Guide

 

What version of Salesforce App did the issue start happening?

The behavior change was part of security updates to the Salesforce App which was released in 230.000 Salesforce App for iOS and Android. Any issues that started before or after this version would likely not be related to this issue. NOTE: ALWAYS ensure that users are using the *.my.salesforce.com domain and NOT *.lightning.force.com

Try a Fresh Install Of The Application

In some rare cases when you first install the Salesforce App the device may fail to register for Android App Links or iOS Universal Links. The first thing to try would be to uninstall the application and try downloading and logging in again.

Android - Check “Open Support Links”

On the Android device, open settings and locate the Salesforce App. From the App Info page, scroll down and click "Set as Default" or "Open by Default".  Note in either "Opening Links" or "Go to supported URLs" in order for App Links to handle Advanced Authentication correctly, the setting

“Open Supported Links”

must be set to > “Open In This App”.

This should be getting set automatically when you upgrade to 230.000. If it is not then it may be that the MDM provider is blocking or changing this setting.

Safari troubleshoot steps (if only some users are affected on iOS)
Clear Safari cache & browser data under 'Settings' | Safari
Unistall and reinstall Salesforce Mobile App (try to be on unrestricted network)
Admin to revoke session of affected users (under Connected App oauth usage for Salesforce for iOS)

Other Security Systems - Network / VPN, MDM (device management)

Check MDM and OAuth config for Old URL

In order to align with OAuth best practices we have changed the callback url that is used to login to the application. If you are having issues with login please have your MDM or OAuth admin check to see if your configuration is directly referencing sfdc:///axm/detect/oauth/done in the configuration. If it is please change it to

https://mobileauth.salesforce.com/oauth/done


Try on a device without MDM

If you are a user with MDM setup on your device, try to login to the application on a device without MDM. Please make sure this is not against your company policy before doing so. If it is an admin at the company should get approval to take these steps. If login works on a device without MDM, then it is likely the MDM provider is doing something that is breaking the login flow.

 

Security Tools That May Block Web Traffic

Please check with your admin if you have any VPNs, reverse proxies, or security tools that may filter web traffic. With the newer, more secure Universal Links and App Links support the device must be able to access the following domains. You can check this by navigating to the following URLs in the browser (Safari or Chrome) on your mobile device.

 

Blocking Web Traffic Based on IP Address

The https://mobileauth.salesforce.com/.well-known/assetlinks.json url is hosted on a server behind CDN (Content Delivery Network). This means depending on your region, the actual IP Address may differ. If your MDM or security tools/protocols have an ALLOW LIST list or BLOCK L IST for certain IP ranges, you will need to make sure the IP address falls in an allowed range. You can find the IP address with the following command:

nslookup mobileauth.salesforce.com

> Server: 10.5.96.44

> Address: 10.5.96.44#53

 

 

Information Desired Before Opening a Case With Support

If you are not able to resolve your issue please include the following information when you open a case with Salesforce Support:

  • Which Platform & App Version was the issue first observed?
  • What is the user/used Id and exact time the failed login occurred? (will help with server logs)
  • My Domain page setting for 'Use the native browser' for user authentication and My Domain?
  • Are you using MDM (device management)?
  • Do you have a reverse proxy or VPN that may filter traffic based on an allow or block list?
  • Are you using any sort of OAuth or Advanced Authentication for logging in? If so who is your OAuth or Third Party Authentication provider?
  • If possible send your event logs after attempting a failed login. You can do this on iOS by long pressing the Salesforce App icon on the home screen.
  • If possible attach a video of your failed login flow (make sure sensitive credentials are not visible)

 

 

Vidensartikelnummer

000390224

 
Indlæser
Salesforce Help | Article