Loading

Security Keys and Authenticators After Changing Organization URL

Julkaisupäivä: Nov 28, 2025
Kuvaus

When your Salesforce organization URL changes, certain multi-factor authentication methods are invalidated and must be re-registered. Changing Salesforce Core URLs, such as My Domain updates, invalidates Security Keys and Built-in Authenticators for Multi-Factor Authentication (MFA).

For example, if your organization renames its My Domain from 'company.my.salesforce.com' to 'newcompany.my.salesforce.com', any registered Security Keys or Built-in Authenticators tied to the old URL will no longer work. Users who rely solely on these methods will be unable to log in until their keys are re-registered. 

An Organization URL change can occur in the following scenarios:

  • Change of [my domain] name
  • Change of [my domain] suffix
  • Sandbox only: Extended Domain Activation
  • Enabling partitioning of my domain in Developer Edition Organizations, Scratch Organizations, Patch Organizations, Free Organizations, or Trailhead Playground
Ratkaisu

Because Salesforce Core URL changes invalidate Security Keys and Built-in Authenticators, users must take the following steps before and after the change, to maintain MFA access and avoid being locked out. :

  • Register Additional Verification Methods Before the change, users should register alternative verification methods, such as Salesforce Authenticator or third-party authenticator apps.
  • Disconnect and Re-register Users (or a System Administrator on their behalf) should disconnect their Security Keys and Built-in Authenticators before changing the organization's URL, and then re-register them after the change is complete.
  • Troubleshooting Lockouts If a user cannot log in after the URL change, a System Administrator must disconnect the user's Security Key or Built-in Authenticator. The user can then log in using another method or re-register their device.
Knowledge-artikkelin numero

000395185

 
Ladataan
Salesforce Help | Article