Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary

Sign in to organize your orgs

The Org Organizer saves your orgs to your account so they sync across browsers. Credentials are encrypted at rest and only ever decrypted inside the login route.

Sign inCreate account
§

About this tool

If you juggle a Production org, a few sandboxes, and a couple of Dev orgs, signing in to the right one is half the friction of switching contexts. The Org Organizer lets you bookmark every org you use, group them under Production / Sandbox / Dev Org (or any custom category you make), and click a thumbnail to land inside that org already authenticated. OAuth is the recommended path - you authorize a Connected App once per org and we mint a fresh session every click, so the connection respects your MFA settings and is revocable from Salesforce Setup.

How it works

Each org you add lives as a row in your account. For OAuth orgs we store an encrypted refresh token; on click we use it to mint a short-lived access token and redirect you through Salesforce's frontdoor.jsp SSO endpoint into your home page. For username/password orgs we encrypt the password and security token at rest, do a SOAP login on click, and use the same frontdoor endpoint. You can also override the login domain per org if you use a my-domain (acme.my.salesforce.com) instead of the generic login or test endpoints.

When to use it
  • Hop between a Production org and three Partner sandboxes during a UAT cycle without retyping credentials.
  • Keep customer Dev orgs grouped per project so onboarding a new team member is "share these bookmarks".
  • Mix in a personal Trailhead Playground or DevHub alongside your work orgs without switching browser profiles.
  • Pair OAuth-method orgs (MFA-friendly) with a few internal sandboxes that need username/password for SOAP-only integrations.
§

Frequently asked questions

How are my Salesforce credentials stored?
OAuth refresh tokens, passwords, and security tokens are AES-256-GCM encrypted at rest with a key that lives only in Vercel's encrypted env vars. They are decrypted only inside the API route that mints a session for a single click and never logged. The plaintext never touches the browser.
Why is OAuth recommended over username + password?
OAuth respects your org's MFA policies, can be revoked from Setup → Connected Apps OAuth Usage, and never requires us to hold your password. Username/password works via the SOAP login API, which fails when MFA is enforced for API logins and is more sensitive if our database is ever compromised.
Will this work with custom my-domains?
Yes. The Login domain field is a free-text override - leave it as login.salesforce.com / test.salesforce.com or replace it with acme.my.salesforce.com. The OAuth and SOAP flows both honor whatever you set.
I authorized the OAuth app but the org login fails - what now?
The most common cause is that the refresh token was revoked (someone disabled the Connected App in Setup, or you re-authorized somewhere else). Delete the org from the dashboard and re-add it via OAuth to mint a fresh refresh token.