Loading
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Update Your SAML SSO IdP Configuration After a Login or Site URL Change

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Update Your SAML SSO IdP Configuration After a Login or Site URL Change

            After you deploy a My Domain change that updates your My Domain login URL or site URL, SAML Single Sign-On (SSO) authentication stops working. To allow your users to use this SSO method again, work with your Identity Provider to update your configuration.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: Group, Essentials, Professional, Enterprise, Performance, Unlimited, and Developer Editions
            Important
            Important Before you deploy a change that updates your login URL or you update your authentication settings, make sure that you can access Salesforce after the change. Double-check that at least one admin can log in without authentication features such as SSO, built-in authenticators, or security keys. For more information, see Preserve Login Access During a My Domain Login URL Change.

            After you deploy the change that updates your My Domain login URL, work with your Identity Provider (IdP) to update your IdP configuration with the new authentication values.

            These steps also apply after your Experience Cloud site URL or Salesforce Site URL changes, but only if you use the system-managed site URL to authenticate. System-managed site URLs end in *.my.site.com for Experience Cloud sites and *.my.salesforce-sites.com for Salesforce Sites. If you authenticate via a custom domain, such as https://www.example.com, that serves your Experience Cloud site or Salesforce Site, then your SSO configuration is unaffected.

            1. In the Quick Find box, enter Single Sign-On, and then select Single Sign-On Settings.
            2. View the details for each entry in the SAML Single Sign-On Settings table.
              The updated values are shown in the Endpoints section.
              The SAML Single Sign-On Settings page with the Endpoints section circled.
            3. Share the values in these fields with your Identity Provider.
              • Assertion Consumer Service (ACS) URL
              • Logout URL
              • OAuth 2.0 Token Endpoint
              • Entity ID
              Note
              Note Some Identity Provider configurations don’t use every field.
            4. After your Identity Provider updates the settings, verify your updated endpoints with the /.well-known/auth-configuration URL path.
              For example, if your login URL is https://mycompany.my.salesforce.com, visit https://mycompany.my.salesforce.com/.well-known/auth-configuration.
            5. If your configuration includes SAML Single Sign-On (SSO) that is initiated by the service provider, update your authentication configuration settings on the My Domain page.
              1. From Setup, in the Quick Find box, enter My Domain, and then select My Domain.
              2. In the Authentication Configuration section, click Edit.
              3. In the Authentication Service field, select the correct record and save your changes.
              Note
              Note If you don’t know whether the service provider initiates SAML SSO, before you deploy your My Domain change, view the authentication configuration settings on the My Domain page.
            6. Verify the authentication method from your login page. If necessary, add authentication providers to your login page again.
              1. For your org's My Domain login page, see Add an Authentication Provider to Your Org’s Login Page in Salesforce Help.
              2. For you Experience Cloud site's login page: Add an Authentication Provider to Your Experience Cloud Site’s Login Page in Salesforce Help.

            See Also

             
            Loading
            Salesforce Help | Article