<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UgcSAFOkta Classic EngineSingle Sign-OnAnswered2024-04-30T09:18:25.000Z2018-04-20T22:00:42.000Z2018-08-12T04:15:00.000Z

zods3 (zods3) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
salesforce Okta as the only method to authenticate
I configured Okta with Salesforce using SAML 2.0 following the configuring steps, setup the custom domain in SalesForce, configured SP-init and everything seems to work fine if my users go to our custom salesforce domain [company]my.salesforce.com 

 

Users go there

Get the Okta Login page

MFA

Then they're in

 

However if they go directly to login.salesforce.com and try to login from there with their login credentials, they can still login without the need for Okta. How do I stop the access from there? How do I force them to got to the custom domain and use Okta for signin on?
  • 3 answers
  • 3.27K views

  • zods3 (zods3)

    Answer helped but it wasn't the actual solution. 

     

    It did help realizing the domain in salesforce wasn't "deployed to users" 

     

    Because of that I didn't have the option on step 7. there available to me.

     

    After deploying the domain... Had the option available, configured it as suggested. And it worked
    Expand Post
    Selected as Best

  • bj.lillo1.5120064354347244E12 (Okta, Inc.)

    Here is the relevant portion of the instructions from Salesforce to force SSO login only:

     

    Go to Setup | Domain Management (or Company Settings if using Lightning experience) | My Domain.

    6. Under Authentication Configuration, Choose the Single Sign On Setting which you created under Single Sign On Settings.

    7. In My Domain Settings Login Policy section, check Prevent login from https://login.salesforce.com.

     

    Borrowed from here:

    https://help.salesforce.com/articleView?id=000003861&language=en_US&type=1
    Expand Post

  • j5v7c (j5v7c)

    Hello Gustavo,

     

    Thanks for posting your inquiry in Okta Community Portal.

     

    If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

     

    Thank you,

     

    Dylann Fezeu

    Okta Help Center Team
    Expand Post

  • zods3 (zods3)

    Answer helped but it wasn't the actual solution. 

     

    It did help realizing the domain in salesforce wasn't "deployed to users" 

     

    Because of that I didn't have the option on step 7. there available to me.

     

    After deploying the domain... Had the option available, configured it as suggested. And it worked
    Expand Post
    Selected as Best
This question is closed.
Loading
salesforce Okta as the only method to authenticate