Salesforce CLI Command Reference

Salesforce CLI Command Reference
sfdx
sf
config Commands
deploy Commands
env Commands
generate Commands
info Commands
login Commands
login
login functions
login functions jwt
login org
login org jwt
logout Commands
retrieve Commands
run Commands
whoami Commands
Help for sf Commands
CLI Deprecation Policy
Discover Salesforce Plug-Ins
PDF

login Commands

Commands to log in to an environment.

login

Log interactively into an environment, such as a Salesforce org.

Description for login

Logging into an environment authorizes the CLI to run other commands that connect to that environment, such as deploying or retrieving metadata to and from an org.

The command first prompts you to choose an environment from a list of available ones. It then opens a browser to the appropriate login URL, such as https://login.salesforce.com for an org. Then, depending on the environment you choose, the command prompts for other actions, such as giving the environment an alias or setting it as your default.

This command is fully interactive and has no flags other than displaying the command-line help. Each environment has its own specific login command, such as "sf login org", which usually provide more flags than this interactive one. For more information about the interactive prompts from this command, see the help for the environment-specific command, such as "sf login org --help".

Examples for login

Log in interactively:

Usage

sf login

login functions

Log in to Salesforce Functions.

Description for login functions

This step is required to develop or deploy Salesforce Functions.

Examples for login functions

Log in to Salesforce Functions:

Usage

sf login functions

login functions jwt

Login using JWT instead of default web-based flow. This will authenticate you with both sf and Salesforce Functions.

Description for login functions jwt

Use this command when executing from a script.

Examples for login functions jwt

Log in using JWT:

Log in and specify the org alias and URL, set as default org and default Dev Hub, and format output as JSON:

Usage

sf login functions jwt
-u USERNAME
-f KEYFILE
-i CLIENTID
[-l INSTANCE-URL]
[--json]
[-a ALIAS]
[-d]
[-v]

Flags

-u | --username USERNAME
Required

Authentication username.

Type: option
-f | --keyfile KEYFILE
Required

Path to JWT keyfile.

Type: option
-i | --clientid CLIENTID
Required

OAuth client ID.

Type: option
-l | --instance-url INSTANCE-URL
Optional

The login URL of the instance the org lives on.

Type: option
--json
Optional

Format output as JSON.

Type: boolean
-a | --alias ALIAS
Optional

Alias for the org.

Type: option
-d | --set-default
Optional

Set the org as the default that all org-related commands run against.

Type: boolean
-v | --set-default-dev-hub
Optional

Set the org as the default Dev Hub for scratch org creation.

Type: boolean

login org

Log in to a Salesforce org using the web server flow.

Description for login org

Opens a Salesforce instance URL in a web browser so you can enter your credentials and log in to your org. After you log in, you can close the browser window.

Logging into an org authorizes the CLI to run other commands that connect to that org, such as deploying or retrieving a project. You can log into many types of orgs, such as sandboxes, Dev Hubs, Env Hubs, production orgs, and scratch orgs.

We recommend that you set an alias when you log into an org. Aliases make it easy to later reference this org when running commands that require it. If you don’t set an alias, you use the username that you specified when you logged in to the org. If you run multiple commands that reference the same org, consider setting the org as your default. Use --set-default for your default scratch org or sandbox, or --set-default-dev-hub for your default Dev Hub.

By default, this command uses the global out-of-the-box connected app in your org. If you need more security or control, such as setting the refresh token timeout or specifying IP ranges, create your own connected app using a digital certificate. Make note of the consumer key (also called cliend id) that’s generated for you. Then specify the consumer key with the --clientid flag.

Examples for login org

Run the command with no flags to open the default Salesforce login page (https://login.salesforce.com):

Log in to your Dev Hub, set it as your default Dev Hub, and set an alias that you reference later when you create a scratch org:

Log in to a sandbox and set it as your default org:

Use --browser to specify a specific browser, such as Google Chrome:

Use your own connected app by specifying its consumer key (also called client ID):

Usage

sf login org
[--json]
[-a ALIAS]
[-b BROWSER]
[-i CLIENTID]
[-l INSTANCE-URL]
[-d]
[-v]

Flags

--json
Optional

Format output as json.

Type: boolean
-a | --alias ALIAS
Optional

Alias for the org.

Type: option
-b | --browser BROWSER
Optional

Browser in which to open the org.

You can log in to an org with one of the following browsers: Firefox, Safari, Google Chrome, or Windows Edge. If you don’t specify --browser, the command uses your default browser. The exact names of the browser applications differ depending on the operating system you're on; check your documentation for details.

Type: option
-i | --clientid CLIENTID
Optional

OAuth client id (also called consumer key) of your custom connected app.

Type: option
-l | --instance-url INSTANCE-URL
Optional

URL of the instance that the org lives on. (defaults to https://login.salesforce.com)

If you specify --instance-url, the value overrides the sfdcLoginUrl value in your sfdx-project.json file.

To specify a My Domain URL, use the format https://yourcompanyname.my.salesforce.com.

To specify a sandbox, set --instance-url to https://MyDomainName--SandboxName.sandbox.my.salesforce.com.

Type: option
Default value: https://login.salesforce.com
-d | --set-default
Optional

Set the org as the default that all org-related commands run against.

Type: boolean
-v | --set-default-dev-hub
Optional

Set the org as the default Dev Hub for scratch org creation.

Type: boolean

login org jwt

Log in to a Salesforce org using a JSON web token (JWT).

Description for login org jwt

Use this command in automated environments where you can’t interactively log in with a browser, such as in CI/CD scripts.

Logging into an org authorizes the CLI to run other commands that connect to that org, such as deploying or retrieving a project. You can log into many types of orgs, such as sandboxes, Dev Hubs, Env Hubs, production orgs, and scratch orgs.

Complete these steps before you run this command:

1. Create a digital certificate (also called digital signature) and the private key to sign the certificate. You can use your own key and certificate issued by a certification authority. Or use OpenSSL to create a key and a self-signed digital certificate.

2. Store the private key in a file on your computer. When you run this command, you set the --keyfile flag to this file.

3. Create a custom connected app in your org using the digital certificate. Make note of the consumer key (also called client id) that’s generated for you. Be sure the username of the user logging in is approved to use the connected app. When you run this command, you set the --clientid flag to the consumer key.

See https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_jwt_flow.htm for more information.

We recommend that you set an alias when you log into an org. Aliases make it easy to later reference this org when running commands that require it. If you don’t set an alias, you use the username that you specified when you logged in to the org. If you run multiple commands that reference the same org, consider setting the org as your default. Use --set-default for your default scratch org or sandbox, or --set-default-dev-hub for your default Dev Hub.

Examples for login org jwt

Log into an org with username jdoe@example.org and on the default instance URL (https://login.salesforce.org). The private key is stored in the file /Users/jdoe/JWT/server.key and the command uses the connected app with consumer key (client id) 04580y4051234051.

Set the org as the default and give it an alias:

Set the org as the default Dev Hub and give it an alias:

Log in to a sandbox using URL https://MyDomainName--SandboxName.sandbox.my.salesforce.com:

Usage

sf login org jwt
[--json]
[-a ALIAS]
[-i CLIENTID]
[-l INSTANCE-URL]
[-f KEYFILE]
[-d]
[-v]
[-u USERNAME]

Flags

--json
Optional

Format output as json.

Type: boolean
-a | --alias ALIAS
Optional

Alias for the org.

Type: option
-i | --clientid CLIENTID
Optional

OAuth client id (also called consumer key) of your custom connected app.

Type: option
-l | --instance-url INSTANCE-URL
Optional

URL of the instance that the org lives on.

If you specify an --instance-url value, this value overrides the sfdcLoginUrl value in your sfdx-project.json file.

To specify a My Domain URL, use the format https://yourcompanyname.my.salesforce.com.

To specify a sandbox, set --instance-url to https://MyDomainName--SandboxName.sandbox.my.salesforce.com.

Type: option
Default value: https://login.salesforce.com
-f | --keyfile KEYFILE
Optional

Path to a file containing the private key.

Type: option
-d | --set-default
Optional

Set the org as the default that all org-related commands run against.

Type: boolean
-v | --set-default-dev-hub
Optional

Set the org as the default Dev Hub for scratch org creation.

Type: boolean
-u | --username USERNAME
Optional

Username of the user logging in.

Type: option