# Salesforce troubleshooting ## Salesforce connection issues #### Instance connection vs. login **Important clarification:** Connecting a Salesforce instance is separate from logging into SRE.ai with Salesforce. * **Salesforce Login:** Uses your Salesforce credentials to authenticate you into the SRE.ai application (like "Sign in with Google") * **Instance Connection:** Links your Salesforce org (production or sandbox) to SRE.ai so the platform can perform deployments and other operations You can log into SRE.ai with Google or Microsoft Teams and still connect your Salesforce instances for deployments. The login method doesn't affect which Salesforce orgs you can connect. #### Who needs to connect instances? **Question:** When a new developer joins, do they need to connect their own sandbox? **Answer:** No. Once an admin connects a Salesforce instance (production or sandbox), all team members can use that connection. Only one person needs to establish the connection. After that, everyone on the team can work with that environment. The connection uses JWT authentication behind the scenes, so individual users authenticate with their own Salesforce credentials when performing actions, but the instance connection itself persists for the whole team. #### Connection persists after user deactivation **Question:** If the admin who connected an instance is deactivated in Salesforce, will the connection break? **Answer:** No. The instance connection remains established even if the original connecting user is deactivated. Individual users will authenticate with their own credentials when performing operations in that environment. #### Security warning when connecting Salesforce instance **Symptom:** When connecting a Salesforce org (production or sandbox), you see a Security Warning dialog that says: > "If you allow this app, it can access your data and act on your behalf. If someone contacted you via phone or email and instructed you to use this app, do not proceed." **Explanation:** This is expected behavior. Salesforce displays this warning for all third-party connected apps as a security measure, particularly after security updates in Spring '26. This is not an error. **Solution:** 1. Verify you initiated this connection from within SRE.ai 2. Review the permissions SRE.ai is requesting: * Access the Identity URL service * Manage user data via APIs * Perform requests at any time 3. Click **Allow** to authorize the connection 4. You'll be redirected back to SRE.ai with your instance connected **Note:** This warning appears when connecting Salesforce instances for deployments, not when using Salesforce as a login method. Both production and sandbox connections will show this warning. #### Connecting Sandbox shows the production login screen **Symptom:** When clicking "Connect Sandbox," you're directed to `login.salesforce.com` (the production login URL) instead of `test.salesforce.com` (the sandbox login URL). **Solution:** 1. On the Salesforce login screen, click **"Use Custom Domain"** 2. Enter your sandbox domain (e.g., `your-sandbox-name.sandbox.my.salesforce.com`) 3. Log in with your sandbox credentials 4. Complete the authorization The URL should resolve to your sandbox instance once you specify the custom domain. ## Salesforce login issues #### Salesforce login works after revoking old OAuth installations **Symptom:** You've tried multiple times to log in with Salesforce but keep getting errors or redirect loops, even after verifying permissions. **Possible Cause:** Old or stale OAuth installations in your Salesforce user profile may have incorrect permissions cached. **Solution:** 1. In SRE.ai, click your user profile in the top right 2. Scroll down to find existing OAuth installations 3. Revoke all installations related to SRE.ai (or similar apps like "Asari.ai" if present) 4. Try logging in again, you should be prompted to authorize the app fresh 5. Complete the authorization with current permissions This clears any cached permission issues and establishes a clean connection. #### Unverified email blocking login **Symptom:** Salesforce login fails even though you can see the authorization screen and click "Allow." **Possible Cause:** If your organization uses SSO, your email may not be verified in Salesforce, which can block third-party app authorization. **Solution:** 1. Check if your email is verified in Salesforce: * Go to Salesforce Setup → Users → find your user record * Look for the email verification status 2. If using SSO, your organization may not require email verification. Check with your Salesforce administrator 3. If email verification is required, complete the verification process in Salesforce 4. Retry logging into SRE.ai #### OAuth error during login **Symptom:** When attempting to log in with Salesforce, you see an error screen displaying: > OAuth Error > > We can't authorize you because of an OAuth error. For more information, contact your Salesforce administrator. > > OAUTH\_APPROVAL\_ERROR\_GENERIC: An unexpected error has occurred during authentication. Please try again. **Possible Causes:** * Your Salesforce user profile doesn't have the required API permissions * Your organization hasn't authorized SRE.ai as a connected app * Your organization has security policies that restrict third-party application access **Solutions:** 1. **Verify your Salesforce user profile has API access enabled:** * In Salesforce, go to Setup → Users → find your user profile * Check that **"API Enabled"** and **"Approve Uninstalled Connected Apps"** are turned on in your profile permissions * If you don't have permission to check these, ask your Salesforce administrator 2. **Check if SRE.ai is authorized as a connected app:** * In Salesforce Setup, go to Apps → Connected Apps → Manage Connected Apps * Look for SRE.ai in the list * If it's not there, your organization may need to authorize the app before users can log in with Salesforce credentials 3. **Ask your Salesforce administrator to enable external app authorization:** * Some organizations have security policies that require admin pre-approval for connected apps * Your admin may need to enable a permission that allows users to authorize external applications 4. **Use an alternative login method:** If Salesforce login continues to fail, you can log in using Microsoft Teams or Google instead. Your account will be linked automatically, and you can connect your Salesforce instances separately after logging in. 5. **Contact SRE.ai support:** If the issue persists after verifying permissions, reach out to our team. Provide the approximate time of the error so we can check our logs. {% hint style="danger" %} **Logging into SRE.ai with your Salesforce credentials is separate from connecting your Salesforce instances for deployments.** Even if you log in with Google or Microsoft Teams, you can still connect your Salesforce orgs through the Instances setup. {% endhint %} #### Password expired error **Symptom:** When attempting to log in with Salesforce, you receive a message that your password has expired. **Solution:** 1. Reset your password directly in Salesforce 2. Once your Salesforce password is updated, return to SRE.ai and try logging in again {% hint style="info" %} SRE.ai uses your live Salesforce credentials for authentication. If your Salesforce password expires or changes, you'll need to use the updated credentials to log in to SRE.ai. {% endhint %} #### Login redirect loop **Symptom:** After entering your Salesforce credentials and authorizing the connection, you're redirected back to the SRE.ai home page without being logged in. Attempting to log in again produces the same result. **Possible Causes:** * A session establishment issue between SRE.ai and Salesforce * Browser cookie or cache conflicts **Solutions:** 1. **Clear your browser cache and cookies** for both `sre.ai` and `salesforce.com` Then, try logging in again. 2. **Try a different browser or an incognito/private window:** This rules out conflicts with browser extensions or cached session issues. 3. **Use an alternative login method:** Sign in through Microsoft Teams or Google. Once logged in, you can establish your Salesforce connection separately through the Instances setup. Your accounts will link automatically. 4. **Contact SRE.ai support** if the issue persists across browsers and login methods. Include details on when the issue started and any error messages you've seen. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sre.ai/troubleshooting/salesforce-troubleshooting.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.