Salesforce will enforce Enhanced Domains in all orgs beginning Winter ‘24. Enhanced Domains include your company-specific My Domain name that is included in your URL for all of your Salesforce and Experience Cloud sites along with Visualforce pages and content files. This document outlines what Enhanced Domains are, the steps to enable it, and the potential impacts to your org.
Enhanced Domains
Enhanced Domains are the current version of My Domain that meets the latest browser requirements. This feature changes domain suffixes to meet the latest security standards.
Benefits of Enhanced Domains:
- Branding: All URLs include company-specific My Domain
- Stability: Org’s URLs remain stabilized when your org is moved to another Salesforce instance
- Compliance: Enhanced Domains comply with the latest browser requirements – they avoid third-party cookies
Timeline
Enhanced Domains will be released and enforced based on the timeline below.
- Deployed in Sandbox and Non-Production orgs in Winter ‘23
- Winter ‘23 Dates
- Sandboxes: August 2022
- Production: October 2022
- Non-Production orgs include:
- Sandboxes
- Demo Orgs
- Developer Edition Orgs
- Free Orgs
- Patch Orgs
- Trailhead Playgrounds
- Trial Orgs
- Winter ‘23 Dates
- Deployed in all Orgs in Spring ‘23 and Summer ‘23
- Spring ‘23 Dates
- Sandboxes: January 2023
- Production: February 2023
- Summer ‘23 Dates
- Sandboxes: May 2023
- Production: June 2023
- You can opt out of the automatic deployment of Enhanced Domains in Spring ‘23 through an org-level setting
- Spring ‘23 Dates
- You can disable Enhanced Domains until Winter ‘24
- Enforces Enhanced Domains in all orgs in Winter ‘24
- Winter ‘24 Dates
- Sandboxes: September 2023
- Production: October 2023
- Prepare for the End of Redirections for Non-Enhanced Domains
- Winter ‘24 Dates
- Redirections stop for Enhanced Domains in Winter ‘25
- Winter ‘25 Dates
- Sandboxes: September 2024
- Production: October 2024
- Before your org gets this release, enable redirection logging and update all references to your previous non-enhanced domains
- After your org gets this release, your previous non-enhanced domains are no longer redirected
- Winter ‘25 Dates
Get your Org Status and Upcoming Maintenance Dates with My Domain
Considerations for Enhanced Domains
Plan Your Domain Change
Understand the My Domain Change Process
- Review the high-level process to successfully deploy a change to your My Domain.
- Example of My Domain Change Checklists:
Review Recommended Practices for a My Domain Change
- Configuring a custom domain to serve your sites, and review your My Domain settings
- Preserve Access:
- When your My Domain login URL or site URL changes, authentication methods such as single sign-on (SSO) and multi-factor authentication (MFA) can stop working. Before you deploy a change to your My Domain, preserve login access for your admins and users.
- Preserve Access:
IMPORTANT If you don’t follow this guidance before you deploy a change to your My Domain login URL, you can be locked out of your Salesforce org
- Confirm that your My Domain Name reflects your brand
- Provision Early
- To deploy your changes on your schedule, save your desired My Domain change at least one (1) day before your scheduled deployment
- Provisioning can take up to 24 hours
Prepare for and Schedule a My Domain Change
- Gather the key information:
- Required Updates
- Testing
- Test in a sandbox
- Prepare to update production
- Deploy and test in production
- Participants
- Review deployment process for a My Domain change
Notify Users and Customers About a My Domain Change
- A My Domain change can impact users who log in to your Salesforce org, and it can impact external users, such as visitors to your Experience Cloud sites. Review recommendations about communicating to these groups before and after you deploy the change.
- End Users:
- Users who log in to your Salesforce org. For example, sales reps, account executives, support representatives, and admins. When possible, include some of these users in your testing.
- Customers:
- External users who access your Salesforce org data through external-facing sites and functionality. For example, users who visit your Experience Cloud site to shop for your products, to search for job postings at your company, or to search an externally exposed inventory. Customers can be authenticated or unauthenticated. In other words, some guests log in to your site, and some access the site without logging in.
- Partners:
- External users or companies that interface with your Salesforce org’s data. Their interaction can occur through APIs, interfaces, or apps. For example, you can choose to allow a partner to view your Contact data so that they can scrub the address data for accuracy. Or you can allow an external system to provide sales leads.
- End Users:
URL Changes
When you deploy enhanced domains, all URLs across your org contain your company-specific My Domain name, including Experience Cloud sites and Salesforce sites. Also, your URLs don’t change when your org is moved to another Salesforce instance. Here are some example URL formats for a production org with enhanced domains.
| Type | Enhanced Domain URL Format |
| Login | MyDomainName.my.salesforce.com |
| Experience Cloud Sites | MyDomainName.my.site.com |
| Salesforce Sites | MyDomainName.my.salesforce-sites.com |
| Visualforce Pages | MyDomainName–PackageName.vf.force.com |
| Sandbox Login | MyDomainName–SandboxName.sandbox.my.salesforce.com |
| Experience Cloud Sites in a Sandbox Org | MyDomainName–SandboxName.sandbox.my.site.com |
Third-Party Cookie Errors
Enhanced domains comply with the latest browser requirements. Specifically, they avoid third-party cookies, otherwise known as cross-site resources.
Use Lightning Experience to help avoid the errors. Inform your users that they may receive a warning that requires them to open pages in another tab or window.
Potential Impact
If enhanced domains aren’t deployed in your Salesforce org before Salesforce deploys the feature for you, here are some issues that can arise.
- Users can experience errors when attempting to access Salesforce, including but not limited to:
- Experience Cloud Sites
- Salesforce Sites
- Visualforce pages
- Some embedded content stored in Salesforce no longer appears
- Third-party applications can lose access to your data
- Single sign-on integrations with sandboxes can fail
- Single sign-on integrations with orgs using the *.cloudforce.com and *.database.com domain suffixes can fail
To avoid these issues, it is recommended that you test Enhanced Domains in a Sandbox and enable Enhanced Domains in Production before the release update is enforced.
Resources
| Name | Resource Type | Publisher |
| Determine Whether Enhanced Domains Are Enabled | Article | Salesforce Help |
| Domain Name System Security | Module | Trailhead |
| Enable Enhanced Domains | Article | Salesforce Help |
| Enable Enhanced Domains in New and Refreshed Sandboxes | Article | Salesforce Help |
| Enhanced Domains | Article | Salesforce Help |
| Enhanced Domains | Video | Salesforce Support |
| Enhanced Domains Timeline | Article | Salesforce Help |
| Manage Your Domains | Article | Salesforce Help |
| Org Status & Upcoming Maintenance Dates | Article | Salesforce Help |
| Prepare for the End of Redirections for Non-Enhanced Domains | Article | Salesforce Help |
| User Authentication | Module | Trailhead |
| Why Enhanced Domains | Article | Salesforce Help |
If you have questions on Enhanced Domains, please contact us to discuss your specific needs.
