forcedotcom
sf org list excludes scratch org entry linked via org login web
Summary
A colleague created a scratch org and I've been logging in to it to create some flows and the like using a secondary admin user (with username and password defined and used for login). I now need to retrieve metadata from the org, but I'm having trouble setting up the CLI connection.
When using sf org login web authentication, this is what I see on the CLI:
% sf org login web -a LIScratch7696bi2 -r https://redacted-dev-ed.scratch.my.salesforce.com/
Successfully authorized [email protected] with org ID 00DEm00000XXXXXXXX
However, running sf org list fails to show this connection. That said, if I explicitly look to display the org details, I see:
% sf org display --target-org LIScratch7696bi2 --verbose
Org Description
┌─────────────────┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ KEY │ VALUE │
├─────────────────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Access Token │ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX │
│ Alias │ LIScratch7696bi2 │
│ Api Version │ 65.0 │
│ Client Id │ PlatformCLI │
│ Created By │ [email protected] │
│ Created Date │ 2025-10-14T09:23:23.000+0000 │
│ Dev Hub Id │ [email protected] │
│ Edition │ Developer │
│ Expiration Date │ 2025-11-13 │
│ Id │ 00DEm00000XXXXXXXX │
│ Instance Url │ https://redacted-dev-ed.scratch.my.salesforce.com │
│ Namespace │ XXXXXXXXXX │
│ Org Name │ Dev org │
│ Sfdx Auth Url │ force://PlatformCLI::XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX@redacted-dev-ed.scratch.my.salesforce.com │
│ Signup Username │ [email protected] │
│ Status │ Active │
│ Username │ [email protected] │
└─────────────────┴─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
Steps To Reproduce
- Create a scratch org (with a namespace in my case) on one machine.
- Set up a second System Administrator user.
- Obtain the scratch org URL and replace ".lightning.force.com" with ".my.salesforce.com".
- On another machine, run the
sf org login webcommand to set up a connection to this org using the adjusted URL and the credentials for the second System Administrator user. - Run the
sf org listcommand.
NB: The repository content is irrelevant. All you need is:
- A common dev hub shared between the two users/machines.
- A scratch org created against that on one machine.
- A secondary admin account, the credentials for which are used on a second machine to do the login via the sf CLI.
Expected result
When listing orgs, the new connection appears in that list.
Actual result
The org and alias are not shown.
System Information
This happens when running on Windows 11, powershell, and via the Illuminated Cloud 2 IDE.
{
"architecture": "win32-x64",
"cliVersion": "@salesforce/cli/2.109.7",
"nodeVersion": "node-v20.19.5",
"osVersion": "Windows_NT 10.0.22631",
"rootPath": "C:\\Users\\redacted\\AppData\\Roaming\\npm\\node_modules\\@salesforce\\cli",
"shell": "powershell",
"pluginVersions": [
"@oclif/plugin-autocomplete 3.2.35 (core)",
"@oclif/plugin-commands 4.1.33 (core)",
"@oclif/plugin-help 6.2.33 (core)",
"@oclif/plugin-not-found 3.2.68 (core)",
"@oclif/plugin-plugins 5.4.48 (core)",
"@oclif/plugin-search 1.2.32 (core)",
"@oclif/plugin-update 4.7.8 (core)",
"@oclif/plugin-version 2.2.33 (core)",
"@oclif/plugin-warn-if-update-available 3.1.48 (core)",
"@oclif/plugin-which 3.2.40 (core)",
"@salesforce/cli 2.109.7 (core)",
"agent 1.24.13 (core)",
"apex 3.8.3 (core)",
"api 1.3.3 (core)",
"auth 3.9.17 (core)",
"code-analyzer 5.2.2 (user) published 127 days ago (Tue Jun 24 2025) (latest is 5.6.1)",
"data 4.0.58 (core)",
"deploy-retrieve 3.23.3 (core)",
"info 3.4.88 (core)",
"limits 3.3.67 (core)",
"marketplace 1.3.8 (core)",
"org 5.9.32 (core)",
"packaging 2.20.5 (core)",
"schema 3.3.82 (core)",
"settings 2.4.48 (core)",
"sobject 1.4.73 (core)",
"telemetry 3.6.58 (core)",
"templates 56.3.65 (core)",
"trust 3.7.113 (core)",
"user 3.6.38 (core)",
"sfdmu 4.38.0 (user) published 304 days ago (Sun Dec 29 2024)"
]
}
Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I think this is working as designed, this can be repro'd even in 1 machine by creating a scratch org (you get the admin user), then run sf org create user to generate a standard user.
sf org list will only show the admin user of the scratch org and sf org list users -o <scratch-org> should list both the admin and standard users of the scratch org.
Can you verify if sf org list users works list the user in your machine?
@cristiand391 running that command I see:
% sf org list users -o LIScratch7696bi2
Users in org 00DEm00000XXXXXXXXX
┌─────────┬───────────────┬─────────────────────────────┬──────────────────────┬────────────────────┐
│ Default │ Alias │ Username │ Profile Name │ User Id │
├─────────┼───────────────┼─────────────────────────────┼──────────────────────┼────────────────────┤
│ (A) │ LIScratch7696 │ [email protected] │ System Administrator │ 005Em00000XXXXXXXX │
└─────────┴───────────────┴─────────────────────────────┴──────────────────────┴────────────────────┘
Note that the user created on the org is a System Administrator. Sure, it's not "User User".
For non-scratch-orgs, if I use a web login to authenticate and authorize access, I see the org in the list.
Can you explain why this is viewed as "working as designed"?
ok nvm, I see the issue now and it's related to the user being a sys admin.
debugging through sf org list code I see it successfully reads the auth file of the admin user, then tries to fetch scratch org info assuming you are always using the default admin created in the scratch:
https://github.com/salesforcecli/plugin-org/blob/1e7ca7432e8b44534d6a8f84424f7f81ba989949/src/shared/orgListUtil.ts#L234-L255
that runs this query (URL params decoded for readability):
https://<my-domain-devhub>/services/data/v65.0/query?q=SELECT CreatedDate, Edition, Status, ExpirationDate, Namespace, OrgName, CreatedBy.Username, SignupUsername, LoginUrl FROM ScratchOrgInfo WHERE ScratchOrg IN ('<scratch-org-id>')
that will always fetch the default admin user in the scratch, so after that we do a small check and bc your 2nd admin username doesn't match the query results we skip it.
I'll mark this as a bug, thanks for the detailed repro steps!
![git2gus[bot] avatar](https://avatars.githubusercontent.com/in/19654?v=4 "Published by a pub.dev verified publisher"){kind=small}