This article discusses a solution for preventing direct login from Salesforce.com and enforcing user authentication through Okta.
This requirement may arise in situations where an organization wants to enhance the security of Salesforce by ensuring users can only access the platform through Single Sign-On (SSO) from Okta.
- Okta Integration Network (OIN)
- Salesforce app
- Single Sign-On (SSO)
Salesforce, by default, allows users to directly log in with their Salesforce credentials. This could potentially bypass the SSO implementation with Okta, where users are expected to authenticate via Okta before accessing Salesforce.
To address this issue and ensure all logins occur through Okta, the direct login feature in Salesforce must be disabled. This setting is found in the Salesforce instance under Single Sign-On Settings.
Follow the steps outlined in Salesforce's Require Users to Log In with Single Sign-On (SSO).
After making this change, all users should be prevented from logging in directly via Salesforce and will instead be required to authenticate through Okta. If the functionality does not work as expected after deselecting the Disable login with Salesforce credentials option, contact Salesforce Support for further troubleshooting assistance.
