Skip to main content

Customer Portal — Sign-in fails

You opened your aprity Customer Portal at https://{your-slug}.app.aprity.ai/, clicked Sign in with Salesforce, completed the Salesforce login -- and instead of landing on the portal you saw a 401 error, or were bounced back to the sign-in page.

Common causes

1. Missing permission set

The portal requires one of two permission sets on your Salesforce user :

  • aprity User -- read access to documentation, can submit feedback.
  • aprity Admin -- everything plus admin views.

Without one of these assigned, signing in with Salesforce succeeds (your credentials are valid) but the portal returns a 401 because the user has no role inside aprity.

Fix : ask your Salesforce admin to assign aprity User (or aprity Admin) to your user. Both permission sets ship with the aprity managed package.

2. Wrong Salesforce org

The portal is bound to a specific Salesforce org. If your aprity tenant has the Acme Production org registered and you sign in with Acme Sandbox, the portal returns a 401 because the Salesforce identity does not match a registered installation.

Fix : confirm with your aprity admin which Salesforce org is registered for your tenant, and sign in with a user from that org.

3. Portal slug typo

Each tenant has a slug-specific portal URL : https://{slug}.app.aprity.ai/. If you typed a slug that does not exist (typo, copy-paste error), or the slug was changed/reassigned after you bookmarked it, the page loads with a generic 404 or the OAuth flow lands on a different tenant.

Fix : confirm your current portal URL with your aprity contact (it was provided at portal activation, and may have changed if the slug was updated). Bookmark the exact URL.

4. Cookies / third-party storage blocked

The portal uses session cookies (__Host- prefixed) to remember your login. If your browser blocks third-party cookies aggressively (Safari Intelligent Tracking Prevention, certain enterprise security extensions), the cookie may be dropped immediately after the OAuth callback.

Fix :

  • Try in a different browser (Chrome or Edge tend to be the most permissive).
  • Disable third-party cookie blocking for app.aprity.ai.
  • Disable any Privacy Badger-style extension that strips cookies.
  • Try in a private / incognito window with extensions disabled.

5. Stale OAuth state

Sometimes a stuck OAuth tab can leave a stale state in your browser. Symptoms : the sign-in tab closes and immediately reopens, or you bounce back to the sign-in page without an error.

Fix :

  • Close all browser tabs pointing to app.aprity.ai and login.salesforce.com.
  • Clear the cookies for app.aprity.ai.
  • Open a fresh tab and try again.

6. External Client App misconfigured

If your portal is brand new (first user ever signing in), the most likely cause is an incomplete admin setup. The portal signs in via OAuth Authorization Code with PKCE on the same External Client App used for JWT Bearer, so any of these will block sign-in :

  • PKCE is not enabled on the External Client App. The portal's OAuth flow requires Require Proof Key for Code Exchange (PKCE) to be turned on. This is the most common first-time failure.
  • The portal callback URL (https://api.aprity.ai/v1/portal/auth/sf/callback) is missing from the External Client App's allowed callback URLs.
  • The External Client App was never created, or is missing the OAuth scopes the portal needs (openid, profile, email).
  • The user's profile is not in the External Client App's Selected Profiles.

Fix : ask your Salesforce admin to follow the aprity portal install guide (the same External Client App as the JWT Bearer setup, with PKCE enabled and three extra OAuth scopes).

Fix sequence

  1. Check the permission set is assigned to your user.
  2. Confirm the portal URL has the correct slug.
  3. Try in a different browser (or incognito with extensions off).
  4. Clear cookies for app.aprity.ai and retry.
  5. Ask your Salesforce admin to verify the External Client App configuration.
  6. Contact support if none of the above works.

When opening a support ticket, include :

  • Your aprity tenant id (visible in the Subscription tab of the managed app).
  • Your Salesforce org id.
  • Your Salesforce username (the one you're signing in with).
  • The exact portal URL you're hitting.
  • A screenshot of the error page (if any).

Verify after the fix

After fixing, open the portal URL in a fresh tab, sign in, and confirm you land on the home page listing your latest scan. If you previously had a deep-link bookmark (?scanId=…&pageId=…), it should restore correctly after sign-in -- see Customer Portal — Shared link returns 404 if it doesn't.

For anything else, contact support@aprity.ai.