Salesforce Certified Identity and Access Management Practice

Allowing users to log in with SAML assertions is an important step in implementing secure identity management. The recommended practice of using the My Domain feature helps ensure that login processes are managed correctly and securely. By enabling My Domain, an organization can create a custom domain name that enhances control over user logins and makes certain features, such as SAML, work smoothly. It prevents direct logins to the Salesforce default domain, which protects against potential security vulnerabilities and ensures that all user access goes through the configured login pages where SAML assertions can be validated appropriately.

While other considerations like disabling SAML org preferences or mapping usernames are important in a broader context, the My Domain feature specifically aligns with best practices for securely managing user access through SAML. It focuses on enabling features that enhance security and control over user authentication processes.