Manage Other Access Settings for a Connected App
The Connected App Detail page provides an overview of access settings assigned to the connected app, including OAuth policies and session policies. From this page, you can click Edit Policies to manage access to the connected app. You can also manage profiles, permission sets, custom attributes, and custom scopes associated with the connected app.
Required Editions
| Available in: both Salesforce Classic and Lightning Experience |
Connected Apps can be created in: Group, Essentials, Professional, Enterprise, Performance, Unlimited, and Developer Editions Connected Apps can be installed in: All editions |
| User Permissions Needed | |
|---|---|
| To read, create, update, or delete connected apps: | Customize Application AND either Modify All Data OR Manage Connected Apps |
| To update all fields except Profiles, Permission Sets, and Service Provider SAML Attributes: | Customize Application AND either Modify All Data OR Manage Connected Apps |
| To update Profiles, Permission Sets, and Service Provider SAML Attributes: | Customize Application AND Modify All Data AND Manage Profiles and Permission Sets |
| To rotate the consumer key and consumer secret: | Allow consumer key and secret rotation |
| To install and uninstall connected apps: | Customize Application AND either Modify All Data OR Manage Connected Apps |
| To install and uninstall packaged connected apps: | Download AppExchange Packages AND Customize Application AND either Modify All Data OR Manage Connected Apps |
See New connected apps can no longer be created in Spring ‘26 for more details.
- From Setup, enter Connected Apps in the Quick Find box, then select Manage Connected Apps.
- Click a connected app to view on the Connected App Detail page.
- For connected apps that use SAML and if your org is an Identity Provider, click
Download Metadata. The downloaded metadata includes the service
provider SAML login URLs and endpoints that are specific to your Experience Cloud sites, My
Domain subdomain, or custom domain configuration.This button displays only if your org is enabled as an Identity Provider, and only with connected apps that use SAML. You can access this metadata via a URL in Metadata Discovery Endpoint. Your service provider uses this URL to configure single sign-on to connect to Salesforce.
- In the OAuth Policies section, click View OAuth Usage to see which OAuth connected apps users are actively connecting to. These apps have an active access or refresh token.
- If user provisioning is enabled, you can click Launch User Provisioning Wizard to configure user provisioning for the connected app. See User Provisioning for Connected Apps.
- Click Manage Profiles to select profiles to assign to the app from
the Application Profile Assignment page. Assign profiles that you want to be able access the
app (except in Group Edition).
Tip This option won’t appear if the OAuth policy for Permitted Users is set to All users may self-authorize because this option isn’t needed when users can authorize themselves. - Click Manage Permission Sets to select the permission sets to assign
to the app from the Application Permission Set Assignment page. Assign permission sets that you
want to be able to access to app.Tip This option won’t appear if the OAuth policy for Permitted Users is set to All users may self-authorize because this option isn’t needed when users can authorize themselves.
- To assign custom attributes to the connected app, click New.Each custom attribute must have a unique key and must use fields available from the Insert Field menu. For example, assign a key name, such as
countryand insert the field$Organization.Country. When using SAML, attributes are sent as SAML attribute statements. When using OAuth, attributes are available as acustom_attributesobject in the user’s Identity URL. - For OAuth-enabled connected apps, click Manage OAuth Custom Scopes to assign custom scopes to the connected app. See OAuth Custom Scopes.
