salesforce Okta as the only method to authenticate Skip to main content
https://support.okta.com/help/answers?id=9060z000000jjf1qac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Gustavo RiveraGustavo Rivera 

salesforce Okta as the only method to authenticate

I configured Okta with Salesforce using SAML 2.0 following the configuring steps, setup the custom domain in SalesForce, configured SP-init and everything seems to work fine if my users go to our custom salesforce domain [company]my.salesforce.com 

Users go there
Get the Okta Login page
MFA
Then they're in

However if they go directly to login.salesforce.com and try to login from there with their login credentials, they can still login without the need for Okta. How do I stop the access from there? How do I force them to got to the custom domain and use Okta for signin on?
Best Answer chosen by Gustavo Rivera
Gustavo RiveraGustavo Rivera
Answer helped but it wasn't the actual solution. 

It did help realizing the domain in salesforce wasn't "deployed to users" 

Because of that I didn't have the option on step 7. there available to me.

After deploying the domain... Had the option available, configured it as suggested. And it worked

All Answers

BJ LilloBJ Lillo (Okta, Inc.)
Here is the relevant portion of the instructions from Salesforce to force SSO login only:

Go to Setup | Domain Management (or Company Settings if using Lightning experience) | My Domain.
6. Under Authentication Configuration, Choose the Single Sign On Setting which you created under Single Sign On Settings.
7. In My Domain Settings Login Policy section, check Prevent login from https://login.salesforce.com.

Borrowed from here:
https://help.salesforce.com/articleView?id=000003861&language=en_US&type=1
Dylann FezeuDylann Fezeu (Customer First Programs)

Hello Gustavo,

Thanks for posting your inquiry in Okta Community Portal.

If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

Dylann Fezeu
Okta Help Center Team
Gustavo RiveraGustavo Rivera
Answer helped but it wasn't the actual solution. 

It did help realizing the domain in salesforce wasn't "deployed to users" 

Because of that I didn't have the option on step 7. there available to me.

After deploying the domain... Had the option available, configured it as suggested. And it worked
This was selected as the best answer