Log in via Salesforce Vanity Domain
With a Salesforce custom or vanity domain, you can also use the CSP-initiated login.
Configure a Vanity Domain
To set up a vanity domain:
- In Salesforce, find your My Domain name by going to Setup > Domain Management > My Domain.
- Set the My Domain settings to Not Redirected.
- For Authentication Configuration, choose a custom URL to show on the custom login page. Also enable Login Page and Okta SSO so you can use CSP initiated logins.
- In Okta, provide the host name of the My Domain in the Salesforce authentication settings:
- In Skyhigh CASB, choose Service Management. Click Add Properties under Salesforce.
- Add the following three properties there to make sure we capture the login events correctly and proxy the right domain names:
Property Name | Example | Usage |
svc.override.lcc.host | rks-corp29-dev-ed.my.salesforce.com | Set this to your "My Domain" name so Skyhigh CASB can get login events correctly. |
custom.domain.cust1 | rks-corp29-dev-ed.my.salesforce.com | Set this to your "My Domain" name so the proxy uses DNS rewriting correctly. |
custom.domain.cust2 | rks-corp29-dev-ed--c.eu5.content.force.com | Set this correctly using the first part of the "My Domain" and the SFDC instance name (NA15, EU5, or NA12). |
IMPORTANT: When you use a custom domain, change the Entity ID in the SAML settings in SFDC to https://rks-corp29-dev-ed.my.salesforce.com.
Test a Vanity Domain
You can test and use the CSP initiated login only if you have a vanity SFDC.
To test a vanity login:
- Navigate to your custom URL, for example, https://rks-corp29-dev-ed.my.salesforce.com/. This should show the custom login page as configured in the My Domain Authentication Settings.
- Make sure the option in this screen matches the expected login behavior:
- Choose to log in directly in SFDC
- Okta SSO