If you see this release update, your Salesforce instance is using our original single-configuration SAML framework, which supports single sign-on (SSO) with only one external identity provider. With this release update, we’re removing support for the single-configuration SAML framework and supporting only the multiple-configuration SAML framework. To preserve your existing configuration, follow the steps to apply this update. If you don’t, your SSO configuration stops working when this update is enforced. This update was first made available in Spring ’24. It was scheduled to be enforced for all instances in Summer ’24, but we postponed the enforcement date for production instances to Spring ’25. This update is still enforced for sandboxes in Summer ’24.
Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Unlimited, and Developer editions.
When: This update is enforced for production instances in Spring ’25 and is enforced for sandboxes in Summer ’24. This update was scheduled to be enforced for all instances in Summer ’24 but was postponed to Spring ’25 for production instances only. To get the major release upgrade date for your instance, go to Trust Status, search for your instance, and click the maintenance tab.
Why: We’re no longer supporting the single-configuration SAML SSO framework that you’re currently using. When this update is enforced, you’re required to use a multiple-configuration SAML framework. To keep using your existing SAML SSO configuration, migrate to the multiple-configuration framework. Otherwise, your SAML SSO stops working for you when this update is enforced.
How: These changes apply to your existing SAML SSO configuration.
- SAML responses from your identity provider must include the
audienceattribute. - Your Salesforce Login URL changes.
- If Salesforce can’t parse a SAML response, it isn’t recorded in the login history.
Make sure you understand these changes, update your configuration accordingly, and test all changes in a sandbox before enabling this update. If you don’t, your configuration stops working when this update is enforced.
To review this update, from Setup, in the Quick Find box, enter Release Updates, and then select Release Updates. For Migrate to a Multiple-Configuration SAML Framework, follow the testing and activation steps.