The set of domains used by Salesforce is changing in Winter ’23 for sandbox and non-prod orgs (starting in August 2022), and in Spring ’23 for all other orgs (starting in February 2023). This change can affect your code, configurations, API integrations, SSO, documentation, and bookmarks. In this blog, we’ll discuss identifying, evaluating, and resolving compatibility issues related to this change.

Why are hostnames changing?

As a result of regulatory and consumer pressure, the major web browsers are blocking third-party cookies. Cookies are small files that web browsers store on your computer, and each cookie is associated with the domain that created it. When a browser makes a request from a domain, it appends all cookies that it has stored for that domain. This process allows servers to recognize you when you move between pages. For example, after you log into a website, the browser stores an authentication cookie locally, and that cookie tells the other pages who you are.

A third-party cookie is a cookie that is set by a website other than the one you’re currently on. Salesforce is dependent on third-party cookies due to the structure of our hostnames. For example, when you sign into your org, you land on my.salesforce.com or lightning.force.com, but the page actually loads content from documentforce.com. When third-party cookies are blocked, that content will fail to load.

To get around this limitation, Salesforce restructured some of the hostnames that we serve, so that cookies can be shared between them.

What hostnames are changing?

The new set of Salesforce hostnames is referred to as enhanced domains.

For the full list of domain formats that are changing with enhanced domains, see the Salesforce Help article: My Domain URL Format Changes When You Enable Enhanced Domains.

When are these changes coming?

Enhanced domains are available in all orgs. All qualifying orgs created in Summer ’22 or later get enhanced domains by default. Enhanced domains are required for sandboxes and non-production orgs in Winter ’23 unless you enable an org-level setting that postpones their enforcement until Spring ’23. They’re required for production orgs and all other remaining orgs in Spring ’23.

Potential impact once enhanced domains is deployed

If enhanced domains aren’t deployed in your Salesforce org before the Spring ’23 release, Salesforce will enable them for you. If you don’t test and enable enhanced domains before the enforcement date, the following issues may arise:

• Users can experience errors when attempting to access Salesforce, including but not limited to Experience Cloud sites, Salesforce Sites, and Visualforce pages
• Some embedded content stored in Salesforce may no longer appear
• Third-party applications can lose access to your data
• Single sign-on integrations with sandboxes can fail
• Single sign-on integrations with orgs using the *.cloudforce.com and *.database.com domain suffixes can fail

To avoid these issues, we recommend that you test enhanced domains in a sandbox and enable enhanced domains in production before the release update is enforced.

How do we test enhanced domains?

Orgs can be onboarded to using enhanced domains from the My Domain setup page.

After you enable enhanced domains, you’ll want to update your org and test My Domain changes. We recommend that you enable enhanced domains in a sandbox and test your workflows and integrations. Focus on testing the compatibility hotspots mentioned above. Each org is different and can have complex integrations that are difficult to predict. For this reason, we recommend early adoption of enhanced domains, so you’ll have time to rollback the change and address any issues that you may discover. You can disable enhanced domains until the enforcement date.

Conclusion

To comply with the Chrome browser’s third-party cookies security change, Salesforce will enforce enhanced domains for all organizations in Spring ’23. To ensure a smooth transition to your new Salesforce domains, we recommend that you test enhanced domains in a sandbox. Update your configuration, code, and third-party integrations to use the new hostnames and test. Then, enable enhanced domains in production before this change is enforced.

In the reference section, we’ve included links to the materials to help you successfully enable enhanced domains. For questions, knowledge sharing, and updates, join the My Domain and Enhanced Domains group in the Trailblazer Community.

References

• Salesforce Help: Enhanced Domains
• Salesforce Help: Update Your Org and Test My Domain Changes
• Knowledge Article: Plan for Salesforce Domain Changes: My Domain and Enhanced Domains
• March 2022 Webinar, “Prepare for Enhanced Domains” recording and deck
• Summer ’22 Release Note: Enable Enhanced Domains (Release Update)

About the author

David Phillips works as the engineering lead for the My Domains team at Salesforce. He focuses on domain scalability, sustainability, and expanding functionality to support upcoming features.