Org Registration
Org registration stores Salesforce credentials centrally on sfp-server, enabling team members and CI/CD pipelines to access orgs without managing individual credentials.
Why Register Orgs?
Each developer manages their own credentials
Credentials stored centrally
CI/CD secrets for each org
Single server token for CI/CD
No credential rotation coordination
Centralized credential management
Risk of stale/invalid credentials
Server validates and refreshes tokens
Registration Flow
┌─────────────────────────────────────────────────────────────────┐
│ Org Registration Flow │
├─────────────────────────────────────────────────────────────────┤
│ │
│ 1. Developer authenticates locally │
│ sf org login web --alias myOrg │
│ │
│ 2. Register with server │
│ sfp server org register --targetorg myOrg │
│ │ │
│ ▼ │
│ 3. Server stores encrypted credentials │
│ ┌─────────────────────────────────┐ │
│ │ sfp-server (Supabase) │ │
│ │ ┌─────────────────────────────┐ │ │
│ │ │ sfp_salesforce_auth │ │ │
│ │ │ - username │ │ │
│ │ │ - instance_url │ │ │
│ │ │ - sfdx_auth_url (encrypted) │ │ │
│ │ │ - org_id │ │ │
│ │ │ - is_devhub │ │ │
│ │ └─────────────────────────────┘ │ │
│ └─────────────────────────────────┘ │
│ │
│ 4. Team members can now access the org │
│ sfp server org login --username [email protected] │
│ │
└─────────────────────────────────────────────────────────────────┘Registering Orgs
Basic Registration
First, authenticate locally, then register:
Register as DevHub
Mark an org as your DevHub for scratch org operations:
Register as Default DevHub
Set as the default DevHub (only one org can have this):
Register with Metadata
Add custom metadata for organization:
Listing Registered Orgs
Output:
Accessing Registered Orgs
Login via Server
Team members can authenticate to registered orgs without having the original credentials:
This retrieves credentials from the server and authenticates locally.
Get Default DevHub
Credential Storage Security
Encryption
SFDX Auth URLs are encrypted before storage:
The encryption key is configured during sfp-server setup and never exposed.
Access Control
Only users with owner or application roles can retrieve credentials
Members can see org metadata but not credentials
All access is logged in the audit trail
What's Stored
Username
Yes
No
Instance URL
Yes
No
Org ID
Yes
No
SFDX Auth URL
Yes
Yes
Org Type
Yes
No
Metadata
Yes
No
Sandbox Registration
Standard Sandbox Registration
Register with Parent (for JIT)
Link a sandbox to its parent production org for JIT authentication:
This enables JIT Sandbox Authentication - the sandbox can be authenticated on-demand via the production org.
Updating Registrations
Update Credentials
When org credentials change (e.g., after re-authentication):
Update Metadata
Removing Registrations
Deleting an org registration will break any environments linked to that org. Update or delete affected environments first.
CI/CD Integration
Use Registered Orgs in Pipelines
Troubleshooting
"Org not found"
"Unable to retrieve credentials"
Verify you have owner or application role
Check if the SFDX Auth URL is still valid
Re-register the org if credentials expired
"Invalid SFDX Auth URL"
The stored credentials may be stale:
Related Topics
Server Authentication - Authenticate with sfp-server
Environments - Link registered orgs to environments
JIT Sandbox - On-demand sandbox authentication
SFDX Auth URL - Understanding auth URLs
Last updated