Enable a Salesforce external client app or connected app to issue JSON Web Token
(JWT)-based access tokens instead of opaque tokens. Unlike opaque tokens, JWT-based access
tokens have a transparent format, so you can introspect them without calling a Salesforce
endpoint. This functionality makes them handy for use cases where you’re calling multiple
external systems.
Required Editions
Available in: both Salesforce Classic and Lightning Experience
Connected Apps can be created in: Group, Essentials,
Professional, Enterprise, Performance, Unlimited, and
Developer Editions
Connected Apps can be installed in: All
editions
User Permissions Needed
To read, create, update, or delete connected apps:
Customize Application AND either
Modify All Data OR Manage Connected
Apps
To update all fields except Profiles, Permission Sets, and Service Provider
SAML Attributes:
Customize Application AND either
Modify All Data OR Manage Connected
Apps
To update Profiles, Permission Sets, and Service Provider SAML
Attributes:
Customize Application AND Modify All Data AND Manage Profiles and Permission
Sets
To rotate the consumer key and consumer secret:
Allow consumer key and secret rotation
To install and uninstall connected apps:
Customize Application AND either
Modify All Data OR Manage Connected
Apps
To install and uninstall packaged connected apps:
Download AppExchange Packages AND Customize Application AND either
Modify All
Data OR Manage Connected Apps
Note Connected apps creation is restricted as of Spring ‘26. You can continue to use existing
connected apps during and after Spring ‘26. However, we recommend using external client apps instead. If you must continue
creating connected apps, contact Salesforce Support.
Configure an External Client App to Issue JWT-Based Access Tokens Enable JWT-based access tokens for an existing external client app that you either created as a developer or installed from a managed package as an admin. Use the External Client Apps Manager in Setup. Or configure your external client app via Metadata API.
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
