My Domain is a custom subdomain for your Salesforce org — acme.my.salesforce.com instead of the generic na123.salesforce.com. As of recent releases, My Domain is required for every production org — Salesforce no longer lets you turn it off.
Why it matters:
- SSO and Identity — SAML and OAuth flows require a stable URL to redirect to. My Domain provides that.
- Security — the
.lightning.force.comURL pattern (which My Domain enables) is a key part of how Salesforce isolates Lightning component sessions and applies CSP policies. - Branding — login pages can be branded with the company logo, colours, custom domain.
- Permission features — features like Login Hours, IP Restrictions, and certain MFA flows require the My Domain URL.
- Deployment — sandbox URLs, Connected App callbacks, and integrations all reference My Domain consistently.
Setting it up: Setup -> My Domain -> register a name -> deploy to users -> optionally redirect old URLs. Once deployed, you can also set policies like "prevent login from non-My-Domain URLs" which closes off legacy access patterns.
Admins inheriting older orgs sometimes find My Domain not yet deployed or in a half-rolled-out state — surfacing that and finishing the migration is often a quick win.