My suspicion is that the behavior is related to some browser setting/plugin which blocks the redirect. I would understand this if they had the problem clicking on the link again after the first time. However, the problem only happens with some users and then, not very often.
16 answers
I found the solution. This is happening due to Third party Email scanner is accessing link so salesforce treats as one attempt and link expires.
A feature was released that is intended to help organizations overcome this type of external interference. It is a Profile-based setting (under Password Policies) called "Don't immediately expire links in forgot password emails".
The intent of this (non-Default) setting is to ensure (force) the reset Link to remain valid *until* the password is successfully reset.
In order to take advantage of it, admins must explicitly enable it for affected Profiles.
=====
1. Identify an affected Profile to test.
2. Click Edit.
3. Scroll to "Password Policies".
4. Select "Don't immediately expire links in forgot password emails".
5. Save the change.
=====For those who are experiencing this issue on Outlook, if the URL as presented by Outlook begins with something like https://nam02.safelinks.protection.outlook.com/?url=<escaped_sfdc_url>
then you may be able to do this, which worked for me:
- Copy the full URL (Careful not to accidentally click it!)
- In a browser developer console window, type:
window.open(unescape('<copied_url>'))But DON'T PRESS RETURN yet - Delete everything in the copied URL up to (and including)
url=
- Press Enter
This should open a new window on Salesforce where the link is not expired.
Oh my god, I was frustrated by the same issue- create a new user for our Community, and users would email me back, saying that the link was not working. Why wouldn't this be set for all profiles by default? It seems like it might be a common issue. "Don't immediately expire links in forgot password emails". I marked "Don't immediately expire links in forgot password emails" flag and the link sill send me to the login page, not new password page. So the link remains valid until the password is reset or 3 days ? This may also help with those users who clicked on the link and got distracted. Fwiw, I've been facing the same issue for years with several different clients, and have never found a solution, and gave up trying to get Salesforce's help since it's not really reproducible. as much as I appreciate the validation, I can't offer you much in the way of new information. Maybe see if there is a way to clear a system level SalesForce cache (not a brower cache, something SalesForce side)? Bob, did you find a solution to this? I am getting the same results as you and can't track it down. may be worth a try, but they can get to the login page of the site, same domain name. Then try to follow these steps: Clear the browser cache and verify the browser setting whether this site is a block or not.
