refreshing sandboxes when direct login is blocked

edit : looks like the link in the sandbox refresh success email already has the right url to allow you to login with username and password.

file under stupid workarounds that cant possibly exist in a 50B platform

if you use single sign on in prod, and block login from because security and all, refreshing sandboxes becomes a stupid pita because the new sandbox inherits the ‘block login from’ setting,

therefore after refresh is complete, you click ‘login’ in the sandbox list from prod, and it takes you to the direct url to login (ie

enter your pwd and you get this helpful message

Please check your username and password. If you still can’t log in, contact your Salesforce administrator.

To fix this, you have to manually craft the mydomain url for your sandbox. this is formatted as


in my case, prod my domain = ashoka
sandbox name = oppasn

so the sandbox my domain url =

now you are not logging in from, you are logging in from mydomain url, so you can complete the login.


Now read this

Custom User Controller Extension - to allow users to edit fields on user record

[update : captains log june 18 2020. #summer20 release. its a lot easier to use a flow that runs in system mode to do most anything that requires a without-sharing apex controller] As custom controllers can run in system mode,... Continue →