function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

My Domain, SP-Initiated SAML and the Administrator

I got a question from a guy from a customer  today about My Domain, SP-Initiated SAML and the Admin login

- When setting up 'My Domain' and Federated, you can set up SP-initiated AND set it so that all logins must be from the My Domain page (no going to
- Now consider this scenario, they set up SP-initiated and also check the flag to lock logins to be only from the My Domains page.  Their IDP goes down.  The Admin tries to login.  It seems he is stuck.  He goes to the My Domain page, which forwards him to the IdP which is down.  He can't go to because of the lock setting.
Question: What do they do?
I believe the only answer is that they cannot lock people to using the My Domains page without risking locking the Admin out in the case of an IDP-down situatino. They have to leave open the possibility of going to to allow the Sys Admin to login in an emergency situation.

If an admin needs to login directly (IDP is down etc) to the org, then they can add "?login" to the My Domain URL and use the salesforce username and password.

wants .com domains at just $4 contact me at   (