Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Log in via Salesforce Vanity Domain

With a Salesforce custom or vanity domain, you can also use the CSP-initiated login.

Configure a Vanity Domain

To set up a vanity domain:

  1. In Salesforce, find your My Domain name by going to Setup > Domain Management > My Domain.
  2. Set the My Domain settings to Not Redirected.
  3. For Authentication Configuration, choose a custom URL to show on the custom login page. Also enable Login Page and Okta SSO so you can use CSP initiated logins.
  4. In Okta, provide the host name of the My Domain in the Salesforce authentication settings:
  5. In Skyhigh CASB, choose Service Management. Click Add Properties under Salesforce.
  6. Add the following three properties there to make sure we capture the login events correctly and proxy the right domain names:
Property Name Example Usage
svc.override.lcc.host rks-corp29-dev-ed.my.salesforce.com Set this to your "My Domain" name so Skyhigh CASB can get login events correctly.
custom.domain.cust1 rks-corp29-dev-ed.my.salesforce.com Set this to your "My Domain" name so the proxy uses DNS rewriting correctly.
custom.domain.cust2 rks-corp29-dev-ed--c.eu5.content.force.com Set this correctly using the first part of the "My Domain" and the SFDC instance name (NA15, EU5, or NA12).

IMPORTANT: When you use a custom domain, change the Entity ID in the SAML settings in SFDC to https://rks-corp29-dev-ed.my.salesforce.com.

 

Test a Vanity Domain

You can test and use the CSP initiated login only if you have a vanity SFDC. 

To test a vanity login:

  1. Navigate to your custom URL, for example, https://rks-corp29-dev-ed.my.salesforce.com/. This should show the custom login page as configured in the My Domain Authentication Settings.
  2. Make sure the option in this screen matches the expected login behavior:
    • Choose to log in directly in SFDC
    • Okta SSO
  • Was this article helpful?