Salesforce Certified Identity and Access Management Practice

The correct answer is that an organization must have a custom hostname using 'My Domain' before enabling Single Sign-On (SSO) across multiple orgs. Setting up 'My Domain' is a foundational step for any Salesforce organization that plans to implement SSO. It provides a secure and unique URL for the organization and establishes a necessary layer of identity verification and security for user authentication in the SSO setup. Furthermore, 'My Domain' allows for customization of the login experience and can facilitate secure access across different Salesforce orgs. Moreover, other aspects related to SSO, such as integrating with an Identity Provider or establishing Federated IDs for users, typically depend on having 'My Domain' configured first. Thus, while those elements are important for user authentication and access management, they follow the critical step of creating a unique domain for the organization that enables various security features, including SSO.